keks-overlay.git

re-do apache
Parent 89bb85f
Hanno Böck

Hanno Böck commited on 2014-05-04 11:45:42
Zeige 23 geänderte Dateien mit 252 Einfügungen und 4291 Löschungen.

www-servers/apache/Manifest
Zeige Datei @ 697c807
... ... 
@@ -1,34 +1,11 @@
1 
+AUX 00_systemd.conf 88 SHA256 487e7451ce2d834d8af09a1db09bfe235fbc87b17b13a88bf849f0739b023ce3 SHA512 c510b77450f45d8ca5b8f00ebae5de9e3dc0ecb45f9857e391ac923dadb6b5193b13e9bc372790de20bb8829f2bee5bfc0e85ad03b3a72818c5dd6a0d7f45353 WHIRLPOOL 35ff7234f1ac513a522481ed08d2281dc331835cccd1049dbbadd9f2dff7fce1700a3ae9fd8f2f490f09d82edd960f4a0b4f00a91db2bafb7c647e3b54733cef
1 2 
 AUX 2.2.22-envvars-std.in 1071 SHA256 1721b424f2335640e49d71e671a4be15424d29fe90f55fe4f52bd241a998d3ee SHA512 c18fd461f02ab79fc456a1ad99bf91c8891ecdabd90f41437ebf87e20b3d28d2006a10d6726164c2f0333e7aee350bd125838abaff3a188d8ab2f5f34d3e5466 WHIRLPOOL 59cbee68fc8012df01229b8d5e38045eb974bab3f08ebf5b01097dabb5275bb83e28cd09a058ce71949ca4a2439811cff457d4c7df88d7b3fc5318c6b7ef0075
2 
-AUX apache-2.2.14-staticdhparameters.diff 11745 SHA256 1fecd496f7df6438cf44b331a0b15d6ceaa0522fcb20d7246772f10f7c3c41df SHA512 5c7fa11b29efd430ddc7144ed8d656c82d9609c9da720cd5d217626505b2257c074bea1ef0f4f2c50b123be58d82fbefac3240b71c3b8c3b9b087c30b090bcf9 WHIRLPOOL ced66883bd7fc4ec868a5d6091cdc765424541c183e53283749d73d4f4b53d0c9221950df816625de9bd115f610931e91b1fac819530294fcb12a0a39b7f6f2c
3 
-AUX apache-2.2.23-tls-compression-option.diff 4211 SHA256 6ccc0003f486734e660292ac2640d99af830443c09a2d5c9d6aaf371b636d9bd SHA512 915044023b10afca9a67ca90fa4d1175d4d3ef7274308df74c78b0972fd7ec54e3fdb3f4b03ecbfc543b64153b232a140cc8e095b2f74abfcfa0cb86e21fb612 WHIRLPOOL 028be436ac78adcb631b109a23ab7f4b5c2349a95202f8ed33a111b9b2048675892b160ac737875ebe7a73937f8868d665d016a61bdbaec301eacbbad0d1cc05
4 
-AUX apache-2.4.3-dhparam.diff 12684 SHA256 5185da7eecf04f26cc496a25fabe420db065e59dd088eca51b8c08f0238d12ad SHA512 c49e4c6e607cf5bf11e59c929791d806b15ff30d11e8473e633f2ef406e5d926a2ced1910672e5263f8ea45de6f30eb37048065c1d9fbd11fb7c52603e93bd4b WHIRLPOOL 41e2ac7c8c0734e3132639db7222e488b8ffd18a6c2f2e76b401fdc0b71fc528f3d80eb3d95710084b9fa88e29ce916df215c79b47d80c3ae25188f4cea79e9c
5 
-AUX apache-2.4.6-modssl-dhparams.diff 48302 SHA256 529b747ab1858966011ed4ffab14bb8c1f015c98ecbdf72cd3a53c70a6a8f220 SHA512 9f8b0710c9b5134213415dc6dceaaad17536072250d403794b074fb690ad1168b9b408996a192017f988728b656d1cff2e18a66c5a9792580870970a6026a3f2 WHIRLPOOL 2252302acb1366c064a7f304282d480b7920989f2b0022ce8487a1da28b86164759f28fa57bd4d9ff0abf65550290e8feea4de4125bcd75cac35b7269d43a868
6 3 
 AUX apache-fix-sni.diff 621 SHA256 272ea68c8af38fb48a805124e5e467448cfc9e1c4a00b8ceef7d84677c8eb1b7 SHA512 865f1148fd5f38dbbea1960275ac29764cfd36369d5df81e7c1029c4363fafdda8dacce760d6424664649df20f4e3bbc15afaa1de693e79605ce2472f721d38e WHIRLPOOL ef1dfd348871d0dd13071fddc74f348ab4ea5114b78fb8db22ccefb781f2f3ca600c18752c284ccb0c7f77783a7e2332865f35a38d4766636c772628874e459e
7 
-AUX apache-noip.diff 417 SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc SHA512 fa684688e707f5fb511b228b8fa9b0f996dbf615f2f9b6478ab478e801f14c65a7381137cdbda648d68f7818891085c744da3a8249843e73bdf5ef247a90d3fe WHIRLPOOL d2636a34b0d48139adef125e76ef477d84bf7cd9785f094fe57c1d81b45e7392622d232bee5f53896d8b48eb9b3241cd48cbb585ea70d97a872c5cd3f6bfe420
8 
-AUX apache-npn 9799 SHA256 6e41b59680832b074246dd24a41aec56f9bb35ab4f34674cd20e32f1289c21ab SHA512 60d9c6f750562f087b607edf7939195f31b7e0101b9c8d1c883e3b01da192d354fc291d45832757ab50c029f99ac4ad06fa9b7ce4e5928367d1f89278fa79fa3 WHIRLPOOL 162dba8354efeccbb100a86cb61e47c0a96be11a057cfffccc194abd31721b99f4ef3e5fc9b4a7e82a7495d1369af1be3f7b3d4339ec33af24858a0049474331
9 
-AUX httpd-2.2.16-ecc.diff 8236 SHA256 e7fe97852875de06372d8413248fa20419946e2ab7de5198c93bffa6b5a68461 SHA512 8b54c30f9edc76bd8969ee894038f267d722d1ab8c7332a84fe21704bde0451e1a27503252fa87bd0f749dac3281eb266cda36aa7faec1a36ee6e67a8f9ae6c7 WHIRLPOOL 2d8ad3cd12b27937dcafef31df8c9fa048fb4e1ed06109e745fbe12dc869ceaa21fa2e62aa9bcb729d7fb426c1ee0a82171b5038cac56f8b8ebbc3cd3569daa9
10 
-DIST gentoo-apache-2.2.22-20120213.tar.bz2 64507 SHA256 737730dabf1e1ccfe9d409067dc3c4d37d16f7fa1e792f5bf39268d904ce1c31 SHA512 f364bdbee967b3bc797d2053b9eb347af963f99275441093930d0057465e1a12567106f5c5ac21a45a4bbd4b353ce67553038d6146f469a7bf980a9148471170 WHIRLPOOL f5a3ab44fc14ddf67ccf0785006b1d9f5c49b915114f9d7e97858fba447a5ee872c741e73c17e121b61cc0aa678b42dc154616cd64054461c552d3a8c29f4f17
11 
-DIST gentoo-apache-2.2.23-20121012.tar.bz2 64135 SHA256 711a88f26c58b10b082f7ff411366cd768f9450101da050438a2f77abeab7333 SHA512 92a49f954b82d4427862f41977625a60641731cc25ab3efdd666be8db839038e7b1c2ef2f878d5efed243eaa63237e88ee4993cd25cca1dfbb0f56a6b2093d57 WHIRLPOOL 221d9c0cf999430afc11a8e48ae67019c7f31daca827a5db7615aca24859788743e5da00e4c99b7b7b375e58fafd6c148339e5671be939dbc30735031e12c49f
12 
-DIST gentoo-apache-2.4.3-20121012.tar.bz2 24541 SHA256 aeed23c716f05d7430a6d905fb75c192418c9ba90feb96fcc474138c4addfd69 SHA512 fe37c91328bf090aacd4012030845b2e4461a116b9b60d95108c4a4749729bef5ac526d4bd3570406f3d7afe41b0f634c2e9a167ee416a56f5f82f46eb27cc26 WHIRLPOOL 421efb4a7940b52cbc2e054c5ef2f79ff19c13a3140941ec659da3ff61a70491485c1c375db29b1fa6c4dc45761df1f0fc63bd3d867c8937d33f5b6c948bade0
13 
-DIST gentoo-apache-2.4.4-20130227.tar.bz2 24579 SHA256 cf27447dc87b4c145e50a6850245e3ed8d350bc3500bb249035322b23d03ccd2 SHA512 d6e8e37c53c37e9791c9d0ed3501d271212f0d2e2aac757a8a1914f20eb7b3dc0ca7e2d33a6f17dcb3572bc1f01b2c2f5876329ac8c2a4aaa7d2bca8e71f1d84 WHIRLPOOL 6364049b25c0aa21c4336dab7d1af8d3f3d06a60766fe401fc4f818f8ff7764564d136a414c444811612698221d830040ff4c5afb2a379607d5bd32b60260be6
14 
-DIST gentoo-apache-2.4.4-20130725.tar.bz2 24525 SHA256 c155dae39d87acc43ef34b385a2eaf2a45ff9c11d31b1c1791a74f9946335c39 SHA512 95489af418e3674b9d20dc988f4473d5d088d892bb2e6660a46a225667b0427c904d883a19fa3a847778fa00eb8ac0f27e1a5f76f0d65a28eaf0a39747353bbb WHIRLPOOL 1fd36df2db6814d01846cb40be9443aa963a0df9b45647859e901981872f64a8b4ba95aff9a14a8985feb74d51c551ab10c6734a63d5e9d001c53ab3c4383c42
15 
-DIST gentoo-apache-2.4.4-20130801.tar.bz2 24536 SHA256 bae819de1ded2104a65dabc759e8a7bc6b442d2588ffb99e563be8482b3d87bf SHA512 97474e7d7f17d6537337b51385be4d093f9a15cf3a0a5f567ad883c4cc653d9bd3bed6e5f308e1bb9cf648be2c4a67a3099a95bd36b1be7c15ca8c512e01b2b0 WHIRLPOOL 4b75f5477b601f4159cb1b12c5f76ae4f678c83cef4441eba0e90a9be8222e4abd981a0d2205a54ddeebd8276567670c5ad827aa19f22f17196986bfd5c05c73
4 
+AUX apache.conf 55 SHA256 ea616c5cc37979a006d69c51bda43fca15a4327d33175762652b29f5cdea1c7b SHA512 3a53beb7a283d17c14383f16ad14c0602681ac1b193cce8f5aca50ae9d9af3a71054ce4a9ab11cbcb72fe913459e1b306fd54660154e66afe10272f8c0f149f3 WHIRLPOOL fa348414f320a9f70001386dfb77d57ca4836c3ef3d251976077b7ad545d7f6752e534efadbf28c7dcb777388e3d844eba84b939dcf48881983388daf6ac23f0
5 
+AUX apache2.2.service 716 SHA256 e850ad73585fbba52ade58a39ca91adbfd52f56a0bbd426ebcadb340a7dcb62b SHA512 5f736c803772077598248bbb41f76dff396dfd2f11a60d1ba929a619275efb8c1b4c0dab78cbcdf83b9ec94db67b958b3333b01f67d71eb3b2e07dba4bca2a7c WHIRLPOOL 776a928422b8f37a12099111a1503674ca901934b60dca8596dc8bc287390be9a0e912d7ba6226dcb22eb7c669fa298ddc20fd7bf5c275b0cf019bae0d594839
6 
+AUX apache2.4.service 728 SHA256 4420af10d1237f90ae519e56e75f1cc84e9f7c7b63aca9decf91a77f88ae0390 SHA512 6b43e5638d5da68a5408d45befd10a9e42197c1a393764e945ba22d47d0736e2b28bad36a96f4f4ad4ff928db6f2c1377bd22ce401056b2f21fb38933a3cd972 WHIRLPOOL 5526995c5f4772353fcccbd83ed93c8186cb47f80f5d1244dc454ca886189ac92539572c43978d2868b77002a2397ff4794b3c8f6c655fecb432b8013afaf38e
7 
+AUX gentoo-apache-2.2.23-initd_fixups.patch 963 SHA256 ea8cdb5ad98416fcc3daf496bc996d23c09212f325980e0328da5e76deb8ad5d SHA512 3250d94e9fc5c3f921c756d3d5cfc670b0221a06dab376ef162cc8ecec8d1300cb95266b2a96d5a608a710326de2144662d450c8a2142a12200b1210fbc9cdb0 WHIRLPOOL 314e1d2c6d156cbf1a0330ab822f64a32d2b6b52adf46e1db4d8f148eb1e471712ebd65948056e4e2e85585499cbc1f9a0d0616f2a6c1ec9b382af35bdf8f194
8 
+AUX httpd-2.4.3-mod_systemd.patch 5396 SHA256 d8f5c76dd5eb0edc9759ea300d3b320ee96b6e6f9fabb8a4043f8d1b77b646a2 SHA512 0db785fac6034aa431e9d816bd06020a5b287dbdae794f8b94eb267805981a1d2a97fdb92bd13e32d35329e6db3f799a03e98456329f6a80c5863e72a26e5c59 WHIRLPOOL 4016b9626af1a8ca001518e8a45262ca4dd27a998727db988a8f1234aa7c5d56d439f4ecfdc6219510f57c97991884a7f57eaa83535988cb72e9fd8ffdee7b6e
16 9 
 DIST gentoo-apache-2.4.9-r2-20140421.tar.bz2 24952 SHA256 0494a3e2fbcfc2139b2edeeb04fa87e66d31e0335c22a47e93dbb24289f13a10 SHA512 19dabea049730ab0ea177ec95cc34364835ec11185e87851e1ad31a4b08e3a2855a79d4be0eef2c72fe07bc4647fcf1ffc444be57f7af92b798decc20270552f WHIRLPOOL 96210b689696214d689e4842da4b3795f02732abedb5b9508a3e0c881b8f8bf67a41cf06a8cb6a353f267ddad1af9202a32a0b1b41c9ad49dbc98e5c0841f1d5
17 
-DIST httpd-2.2.22.tar.bz2 5378934 SHA256 dcdc9f1dc722f84798caf69d69dca78daa5e09a4269060045aeca7e4f44cb231 SHA512 b6901453aaef3cac31cf763f7748e06a2492e1f72e4158627f38e45423a9bcd9bea1f74ba1a1ec9a5c7fc554eb062ea61b944e2001f19825def2e530ce8a42bc WHIRLPOOL 32a03d638f82d791effdce888a02e66189d6fe87c2179ab9f3de034fbf5c8311d24835f28e9a18addb847aa6859ed817bf2e11833e315285474eefcea6f56891
18 
-DIST httpd-2.2.23.tar.bz2 5485205 SHA256 14fe79bd6edd957c02cb41f4175e132c08e6ff74a7d08dc1858dd8224e351c34 SHA512 69b3bc942b2a91cdb57356a5c57078794db2d8404a23080a2621cdf33ae2d9bdbbacd0f6e95fd6e71fbfa87e94942be0a014c3e8709148f991e391d03aa6dee2 WHIRLPOOL 8d00184aff654b2d7f1c5ebd471f19ffcb57107ea37179fa05c424424d7b70ff0c9abf3be68ed9f0d091b3c057f1ba24cb989937e35087c3199f82e3dddbbd4f
19 
-DIST httpd-2.2.24.tar.bz2 5490439 SHA256 0453f5d2d7e3b1975a1c6a8a22b6d6ff768715a3b0a89b51e5f7b5851628fad7 SHA512 e1c24535bb0ae309c249c0a6fbd390064a929d960241e5e68737744f120a88b615bd5d9065fc2f749ee664ed96621c9373576e6ca32bd189d625fcd4dc1b8f01 WHIRLPOOL b24bf388e1be29cc52341d66af00318b3a60ad6db6b4df8c6cc0abf496c4e603d3b733529d21d3d1c37dad0008cacafa8078abdff6c25cb42b3874b6e176713e
20 
-DIST httpd-2.2.25.tar.bz2 5524905 SHA256 4bcaf3524796a514b31aa5c64ce80b0cdb484bab5735416de29d00f6d50fa65a SHA512 4750e79bdab4ca28c602a808531dfc1482e86bf425d5cb3bcb42a9ccfbbfde5bfd05e66649ea741523c96de6582f5e12facbb1e7d67257bcf78a3ed7a66f80d9 WHIRLPOOL 7ce37be9b66de24cc7259c6e8a0696b496c893933b1c5dbdff5147c279fb644b5d5fc77ed02531b0f081f0c217f684d1bcd98bac26938b23c1d7a4ec085162f6
21 
-DIST httpd-2.4.3.tar.bz2 4559279 SHA256 d82102b9c111f1892fb20a2bccf4370de579c6521b2f172ed0b36f2759fb249e SHA512 d4501ae69aacb75d960bc8cb61c9e1ff52e6e42a37c37ca84c839262e183ca2f305794da28266aa2119d211ba0f4531705f66330079ab594c05e92ae8196d1ab WHIRLPOOL 4ffb7dc8057200f676557a70591d6938e92a8990d88dc88237d278f185290d260312dd8cfdd08994ffd7b7280502b3debea0f3e02acc718dd9db613222b6d2ae
22 
-DIST httpd-2.4.4.tar.bz2 4780289 SHA256 92aabddeca76a4ac7330b143df1407bbf35574c7291c15172238ac598d97655c SHA512 d68789e1e585b4acf26e4e32d063fa512525f8fcc2077b1dbf573dd9f4b47667772d94bb65fefb354fbfae331e87b3fdea422a732838c86d8887eed4b3a76af0 WHIRLPOOL c2ec29a0d52ff1d674f103d0d59c0acd15b194b1102ba5078ef76b62aa959ff92adc5977e095b30c6a778cd9385f9c4ded9bfdc6ce8fba381735ca1aa84aa9f0
23 
-DIST httpd-2.4.6.tar.bz2 4949897 SHA256 dc9f3625ebc08bea55eeb0d16e71fba656f252e6cd0aa244ee7806dc3b022fea SHA512 8ade7ec5291f07a60e279f7a73a79c11c150dbf09c9e7b059e136fcb250130aa0f381b118f84e230184b065d452d5e946df8a5766991be8cdc6e8f5d4c4bac01 WHIRLPOOL 81f036bb438afa30106a402e256d641a2687b619ef7f6ea3e4ab61f30715560e1c9dd3afa3e53c4d99c77de72f100e8a1894a5a898247c381100ceb165b8a146
24 10 
 DIST httpd-2.4.9.tar.bz2 4994460 SHA256 f78cc90dfa47caf3d83ad18fd6b4e85f237777c1733fc9088594b70ce2847603 SHA512 3a66302e18a2d165b3851665dc73be7d3849fc3359c1ff9dd9e2eaebf1f1d8fb89b7b0a05929d6247750bf0ed1abf9cf3c236a373b2d99635c8ca41698719c96 WHIRLPOOL 735677695d3b1497d554dd3e8d97733359140f3bb524335ab474275ca2b5546ceab8f5f3778948fabee2d152bf5b096d99b3dabb1011a4b68905c7cd5012a648
25 
-EBUILD apache-2.2.22-r1.ebuild 3206 SHA256 4c72b2164c32c34e85c6a8e99c68464e5505eeb79bf94eed7ad1d62ba2045c0e SHA512 bafab5ef6f8d8675614473c01ae71655b1cd94b75658353e8351df1cb8b9667b2164d501f98b4492810a2ec2d3415db6c5df416bc51aed4fc4ec6fc4a155288b WHIRLPOOL d6f4c9b06b3cfcad613084bb7902c7ba942848a8233b50ff48474e7407c3e1d4523f44a0ca9f0790510122719609ec767afbaf3fdd60b6dd7918fe409e9b08a2
26 
-EBUILD apache-2.2.22.ebuild 3001 SHA256 cf930cea2f7e8a8bd2f7cabe7de9ecf56efb33d10bd3fe2d70acaa6e86cebb0c SHA512 1de2c503698334b00c3b44cad9680d8699e7ad21c80a746af4154d03433da4bcc072cf572d2ce9dbf478f6c97423ee2650521d877f2c62a27ec0189d5c66c045 WHIRLPOOL aadae0ae48a37cdd5ed3995c92fa5bf925fd2c12792cdcce08305191c09703a80bd7bc264c61165e8c26687bde97ad543722d04e090620cd7fe473c76688e233
27 
-EBUILD apache-2.2.23.ebuild 3181 SHA256 b6502801683bcd8708e247fd11e8d7a639a7412f77d3a631827705f20e43c878 SHA512 860dce68ab969c4bacdedc3fec4d48937d7a331921e86fe02d6b1481a59cd8997d336b9c9bbc6cf9a69dd3719acc411abae1809e7770b42d31adb1cefd5dc560 WHIRLPOOL e2e128e74236c6a306d511cdc8d1e9799e9818fc842a1884eb48a8ef8683669ba321ca228ec780015e1c88044cff2904652c4a1c93a2f3af84e3552c8e7d3363
28 
-EBUILD apache-2.2.24.ebuild 3102 SHA256 b751f4d8aa98faf4f78a695368cd294777084c1d0a7dce153fb48795dd4b05c8 SHA512 3f00a8ee05dd124ed85f152bd71a328c0d62901c4b39da59464fa31182dd492cb4c8109f23936a545b72bc0a8385219b858939664a914eb65a0a593bb02f318a WHIRLPOOL b70b72cd25136eda395e283e03f7aede0197fb5bc0f6a762f60b90b2e291f5e0a98065897a9a25e6d9cd172253eac6829952cca0a1bfde3adfbab3f0034c69e1
29 
-EBUILD apache-2.2.25.ebuild 3297 SHA256 f2a97144d474359d89e67248fa1f7a58c22e1268357b1a9978800b8b8816767a SHA512 0f3af89b8d9a70b75e3888bfd110625875ed48aa9348033c9f316401b38468f34d11bd49e223e62b81d0a52abf4a94a5c44ea8c757e51a391d6dbd659c83c1c3 WHIRLPOOL 5608f8deaf9c90eb92a03237b3516af15c0a140f0decbc9a6e874b18e0135a8969435b3d85611ceb058453071e38ce2e3f0392e142843241c7040fecb8f072a6
30 
-EBUILD apache-2.4.3.ebuild 7203 SHA256 082ee4bc36fe78621a32ad8ae3f3117943b5572e1456618d1b547cf344c4d687 SHA512 56786dc2e5f835e1894760ad85bfba6ffd531b50e7e9f782240ac2deb7464a2aa222cd04495ab7bd81f0e30c91972f417857c9fd4ee53587ebc91ba6a542c41e WHIRLPOOL 4e8e22861a21d8defd9c8eb57fc5548ba38a911db640fc63b6a15fdcfcf86c8fbf50b09f78321ea784bf81340718242d5a7fa6c6ed1c4e0c31a4e79affc64d24
31 
-EBUILD apache-2.4.4-r1.ebuild 7252 SHA256 64b4537ade811698d002a19da3b32dc54fc590c76cab613095f7086502b34dca SHA512 30f72175c5093f6fcee56892b79e3c72106c7f160a5dff3f7f29c0be376ed94271b35f536ec4d3d539f352a90c9d741b368eb8aaeada501da8a22f1f8cfa67dc WHIRLPOOL 0bd24504dcbab1e364209e622f93a5baf78976761f9e4de7a85686417e6077829f8ca1ab7a87724f3c03362249de3fada01c06e9f553ec8bd24cf1bead516a4b
32 
-EBUILD apache-2.4.6-r1.ebuild 7476 SHA256 6d6b9331dce777b11cfef9bd8b5e9ac006e93728f549225ab6945cb81037a1a9 SHA512 c5ceb713601e2372bb36bdb705d9a7d7dd8c76ffa09339124b11b0054c180606243b21e2c1e95346a7ac0d0ab302ff88e238a8447b553abf08b8a42b390d9e42 WHIRLPOOL 974cf7113269dfb87c138635abd610aaddf92aa94d9dad508b1c11c3636715d9dcce969e0d7e13db1bf854b0f9c2100c428c351795987708659d3ad3ab9ca9b1
33 
-EBUILD apache-2.4.6-r2.ebuild 7487 SHA256 6d15eef1bc7ca1b70be5f61e2dfed5f8ae9feb5c3b42142c06ffc1c3a132c2cb SHA512 84d0cb9cf92a09775116702b65fc87cae08cdf0316602f9e1f05278414a9e3a9ebbbd05e4a6c2e61d7100dfb25db9b5535d3e6cc51f7294889ba370166c58be7 WHIRLPOOL 68b4c5223776d6e08c1da9e4caa93245fcf0a6f83327d6a719c0f202eb14b4a339e7105f872ca062e5f4f1f6fced87e6ddab6fc3c3f412fa6117d545e27a3dc2
34 11 
 EBUILD apache-2.4.9-r2.ebuild 7545 SHA256 091b49a8545fca2d4cdc487e7df224a3d9006e899d7e8aa9f91aa7f87edd7467 SHA512 28c9cb35ab96a69b63f19ec62d5b95737da329981591502b1e4fed1038d203ef1a77673e446ee6cdff37e300bf5cbf8129f056550b05c2fa3553df068c9a6e8c WHIRLPOOL 5d55e4130a30261a0827f1a2f5925c7321a03b915b2f8cf9464762751d97b415e13f0cb6c42698b3d030e093d1021a038ee4dec6541493e4f5c401a146f568ad
www-servers/apache/apache-2.2.22-r1.ebuild
Zeige Datei @ 89bb85f
... ... 
@@ -1,113 +0,0 @@
1 
-# Copyright 1999-2012 Gentoo Foundation
2 
-# Distributed under the terms of the GNU General Public License v2
3 
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.22-r1.ebuild,v 1.1 2012/04/20 04:22:46 patrick Exp $
4 
-
5 
-EAPI="2"
6 
-
7 
-# latest gentoo apache files
8 
-GENTOO_PATCHSTAMP="20120213"
9 
-GENTOO_DEVELOPER="jmbsvicetto"
10 
-GENTOO_PATCHNAME="gentoo-apache-2.2.22"
11 
-
12 
-# IUSE/USE_EXPAND magic
13 
-IUSE_MPMS_FORK="itk peruser prefork"
14 
-IUSE_MPMS_THREAD="event worker"
15 
-
16 
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
17 
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
18 
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
19 
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
20 
-env expires ext_filter file_cache filter headers ident imagemap include info
21 
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
22 
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
23 
-reqtimeout setenvif speling status substitute unique_id userdir usertrack
24 
-version vhost_alias"
25 
-# The following are also in the source as of this version, but are not available
26 
-# for user selection:
27 
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
28 
-# optional_fn_import optional_hook_export optional_hook_import
29 
-
30 
-# inter-module dependencies
31 
-# TODO: this may still be incomplete
32 
-MODULE_DEPENDS="
33 
-	dav_fs:dav
34 
-	dav_lock:dav
35 
-	deflate:filter
36 
-	disk_cache:cache
37 
-	ext_filter:filter
38 
-	file_cache:cache
39 
-	log_forensic:log_config
40 
-	logio:log_config
41 
-	mem_cache:cache
42 
-	mime_magic:mime
43 
-	proxy_ajp:proxy
44 
-	proxy_balancer:proxy
45 
-	proxy_connect:proxy
46 
-	proxy_ftp:proxy
47 
-	proxy_http:proxy
48 
-	proxy_scgi:proxy
49 
-	substitute:filter
50 
-"
51 
-
52 
-# module<->define mappings
53 
-MODULE_DEFINES="
54 
-	auth_digest:AUTH_DIGEST
55 
-	authnz_ldap:AUTHNZ_LDAP
56 
-	cache:CACHE
57 
-	dav:DAV
58 
-	dav_fs:DAV
59 
-	dav_lock:DAV
60 
-	disk_cache:CACHE
61 
-	file_cache:CACHE
62 
-	info:INFO
63 
-	ldap:LDAP
64 
-	mem_cache:CACHE
65 
-	proxy:PROXY
66 
-	proxy_ajp:PROXY
67 
-	proxy_balancer:PROXY
68 
-	proxy_connect:PROXY
69 
-	proxy_ftp:PROXY
70 
-	proxy_http:PROXY
71 
-	ssl:SSL
72 
-	status:STATUS
73 
-	suexec:SUEXEC
74 
-	userdir:USERDIR
75 
-"
76 
-
77 
-# critical modules for the default config
78 
-MODULE_CRITICAL="
79 
-	authz_host
80 
-	dir
81 
-	mime
82 
-"
83 
-
84 
-inherit apache-2
85 
-
86 
-DESCRIPTION="The Apache Web Server."
87 
-HOMEPAGE="http://httpd.apache.org/"
88 
-
89 
-# some helper scripts are Apache-1.1, thus both are here
90 
-LICENSE="Apache-2.0 Apache-1.1"
91 
-SLOT="2"
92 
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
93 
-IUSE=""
94 
-
95 
-DEPEND="${DEPEND}
96 
-	>=dev-libs/openssl-0.9.8m
97 
-	apache2_modules_deflate? ( sys-libs/zlib )"
98 
-
99 
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
100 
-RDEPEND="${RDEPEND}
101 
-	>=dev-libs/apr-1.4.5
102 
-	>=dev-libs/openssl-0.9.8m
103 
-	apache2_modules_mime? ( app-misc/mime-types )"
104 
-
105 
-# init script fixup - should be rolled into next tarball #389965
106 
-src_prepare() {
107 
-	epatch "${FILESDIR}"/apache-noip.diff
108 
-	#epatch "${FILESDIR}"/httpd-2.2.16-ecc.diff
109 
-	#epatch "${FILESDIR}"/apache-2.2.14-staticdhparameters.diff
110 
-	apache-2_src_prepare
111 
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
112 
-	cp ${FILESDIR}/2.2.22-envvars-std.in ${S}/support/envvars-std.in || die "Failed to apply LD_PRELOAD fix"
113 
-}
www-servers/apache/apache-2.2.22.ebuild
Zeige Datei @ 89bb85f
... ... 
@@ -1,110 +0,0 @@
1 
-# Copyright 1999-2012 Gentoo Foundation
2 
-# Distributed under the terms of the GNU General Public License v2
3 
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.22.ebuild,v 1.3 2012/03/29 10:40:41 ago Exp $
4 
-
5 
-EAPI="2"
6 
-
7 
-# latest gentoo apache files
8 
-GENTOO_PATCHSTAMP="20120213"
9 
-GENTOO_DEVELOPER="jmbsvicetto"
10 
-
11 
-# IUSE/USE_EXPAND magic
12 
-IUSE_MPMS_FORK="itk peruser prefork"
13 
-IUSE_MPMS_THREAD="event worker"
14 
-
15 
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
16 
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
17 
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
18 
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
19 
-env expires ext_filter file_cache filter headers ident imagemap include info
20 
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
21 
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
22 
-reqtimeout setenvif speling status substitute unique_id userdir usertrack
23 
-version vhost_alias"
24 
-# The following are also in the source as of this version, but are not available
25 
-# for user selection:
26 
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
27 
-# optional_fn_import optional_hook_export optional_hook_import
28 
-
29 
-# inter-module dependencies
30 
-# TODO: this may still be incomplete
31 
-MODULE_DEPENDS="
32 
-	dav_fs:dav
33 
-	dav_lock:dav
34 
-	deflate:filter
35 
-	disk_cache:cache
36 
-	ext_filter:filter
37 
-	file_cache:cache
38 
-	log_forensic:log_config
39 
-	logio:log_config
40 
-	mem_cache:cache
41 
-	mime_magic:mime
42 
-	proxy_ajp:proxy
43 
-	proxy_balancer:proxy
44 
-	proxy_connect:proxy
45 
-	proxy_ftp:proxy
46 
-	proxy_http:proxy
47 
-	proxy_scgi:proxy
48 
-	substitute:filter
49 
-"
50 
-
51 
-# module<->define mappings
52 
-MODULE_DEFINES="
53 
-	auth_digest:AUTH_DIGEST
54 
-	authnz_ldap:AUTHNZ_LDAP
55 
-	cache:CACHE
56 
-	dav:DAV
57 
-	dav_fs:DAV
58 
-	dav_lock:DAV
59 
-	disk_cache:CACHE
60 
-	file_cache:CACHE
61 
-	info:INFO
62 
-	ldap:LDAP
63 
-	mem_cache:CACHE
64 
-	proxy:PROXY
65 
-	proxy_ajp:PROXY
66 
-	proxy_balancer:PROXY
67 
-	proxy_connect:PROXY
68 
-	proxy_ftp:PROXY
69 
-	proxy_http:PROXY
70 
-	ssl:SSL
71 
-	status:STATUS
72 
-	suexec:SUEXEC
73 
-	userdir:USERDIR
74 
-"
75 
-
76 
-# critical modules for the default config
77 
-MODULE_CRITICAL="
78 
-	authz_host
79 
-	dir
80 
-	mime
81 
-"
82 
-
83 
-inherit apache-2
84 
-
85 
-DESCRIPTION="The Apache Web Server."
86 
-HOMEPAGE="http://httpd.apache.org/"
87 
-
88 
-# some helper scripts are Apache-1.1, thus both are here
89 
-LICENSE="Apache-2.0 Apache-1.1"
90 
-SLOT="2"
91 
-KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
92 
-IUSE=""
93 
-
94 
-DEPEND="${DEPEND}
95 
-	>=dev-libs/openssl-0.9.8m
96 
-	apache2_modules_deflate? ( sys-libs/zlib )"
97 
-
98 
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
99 
-RDEPEND="${RDEPEND}
100 
-	>=dev-libs/apr-1.4.5
101 
-	>=dev-libs/openssl-0.9.8m
102 
-	apache2_modules_mime? ( app-misc/mime-types )"
103 
-
104 
-# init script fixup - should be rolled into next tarball #389965
105 
-src_prepare() {
106 
-	epatch "${FILESDIR}"/apache-noip.diff
107 
-	epatch "${FILESDIR}"/httpd-2.2.16-ecc.diff
108 
-	apache-2_src_prepare
109 
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
110 
-}
www-servers/apache/apache-2.2.23.ebuild
Zeige Datei @ 89bb85f
... ... 
@@ -1,114 +0,0 @@
1 
-# Copyright 1999-2012 Gentoo Foundation
2 
-# Distributed under the terms of the GNU General Public License v2
3 
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.23.ebuild,v 1.3 2012/10/13 18:57:10 blueness Exp $
4 
-
5 
-EAPI="2"
6 
-
7 
-# latest gentoo apache files
8 
-GENTOO_PATCHSTAMP="20121012"
9 
-GENTOO_DEVELOPER="patrick"
10 
-#GENTOO_PATCHNAME="gentoo-apache-2.2.22"
11 
-
12 
-# IUSE/USE_EXPAND magic
13 
-IUSE_MPMS_FORK="itk peruser prefork"
14 
-IUSE_MPMS_THREAD="event worker"
15 
-
16 
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
17 
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
18 
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
19 
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
20 
-env expires ext_filter file_cache filter headers ident imagemap include info
21 
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
22 
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
23 
-reqtimeout setenvif speling status substitute unique_id userdir usertrack
24 
-version vhost_alias"
25 
-# The following are also in the source as of this version, but are not available
26 
-# for user selection:
27 
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
28 
-# optional_fn_import optional_hook_export optional_hook_import
29 
-
30 
-# inter-module dependencies
31 
-# TODO: this may still be incomplete
32 
-MODULE_DEPENDS="
33 
-	dav_fs:dav
34 
-	dav_lock:dav
35 
-	deflate:filter
36 
-	disk_cache:cache
37 
-	ext_filter:filter
38 
-	file_cache:cache
39 
-	log_forensic:log_config
40 
-	logio:log_config
41 
-	mem_cache:cache
42 
-	mime_magic:mime
43 
-	proxy_ajp:proxy
44 
-	proxy_balancer:proxy
45 
-	proxy_connect:proxy
46 
-	proxy_ftp:proxy
47 
-	proxy_http:proxy
48 
-	proxy_scgi:proxy
49 
-	substitute:filter
50 
-"
51 
-
52 
-# module<->define mappings
53 
-MODULE_DEFINES="
54 
-	auth_digest:AUTH_DIGEST
55 
-	authnz_ldap:AUTHNZ_LDAP
56 
-	cache:CACHE
57 
-	dav:DAV
58 
-	dav_fs:DAV
59 
-	dav_lock:DAV
60 
-	disk_cache:CACHE
61 
-	file_cache:CACHE
62 
-	info:INFO
63 
-	ldap:LDAP
64 
-	mem_cache:CACHE
65 
-	proxy:PROXY
66 
-	proxy_ajp:PROXY
67 
-	proxy_balancer:PROXY
68 
-	proxy_connect:PROXY
69 
-	proxy_ftp:PROXY
70 
-	proxy_http:PROXY
71 
-	ssl:SSL
72 
-	status:STATUS
73 
-	suexec:SUEXEC
74 
-	userdir:USERDIR
75 
-"
76 
-
77 
-# critical modules for the default config
78 
-MODULE_CRITICAL="
79 
-	authz_host
80 
-	dir
81 
-	mime
82 
-"
83 
-
84 
-inherit apache-2
85 
-
86 
-DESCRIPTION="The Apache Web Server."
87 
-HOMEPAGE="http://httpd.apache.org/"
88 
-
89 
-# some helper scripts are Apache-1.1, thus both are here
90 
-LICENSE="Apache-2.0 Apache-1.1"
91 
-SLOT="2"
92 
-KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
93 
-IUSE=""
94 
-
95 
-DEPEND="${DEPEND}
96 
-	>=dev-libs/openssl-0.9.8m
97 
-	apache2_modules_deflate? ( sys-libs/zlib )"
98 
-
99 
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
100 
-RDEPEND="${RDEPEND}
101 
-	>=dev-libs/apr-1.4.5
102 
-	>=dev-libs/openssl-0.9.8m
103 
-	apache2_modules_mime? ( app-misc/mime-types )"
104 
-
105 
-# init script fixup - should be rolled into next tarball #389965
106 
-src_prepare() {
107 
-
108 
-	epatch "${FILESDIR}"/apache-noip.diff
109 
-	epatch "${FILESDIR}"/apache-2.2.23-tls-compression-option.diff
110 
-
111 
-	apache-2_src_prepare
112 
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
113 
-	cp ${FILESDIR}/2.2.22-envvars-std.in ${S}/support/envvars-std.in || die "Failed to apply LD_PRELOAD fix"
114 
-}
www-servers/apache/apache-2.2.24.ebuild
Zeige Datei @ 89bb85f
... ... 
@@ -1,111 +0,0 @@
1 
-# Copyright 1999-2013 Gentoo Foundation
2 
-# Distributed under the terms of the GNU General Public License v2
3 
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.24.ebuild,v 1.12 2013/03/05 09:18:51 ago Exp $
4 
-
5 
-EAPI="2"
6 
-
7 
-# latest gentoo apache files
8 
-GENTOO_PATCHSTAMP="20121012"
9 
-GENTOO_DEVELOPER="patrick"
10 
-GENTOO_PATCHNAME="gentoo-apache-2.2.23"
11 
-
12 
-# IUSE/USE_EXPAND magic
13 
-IUSE_MPMS_FORK="itk peruser prefork"
14 
-IUSE_MPMS_THREAD="event worker"
15 
-
16 
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
17 
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
18 
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
19 
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
20 
-env expires ext_filter file_cache filter headers ident imagemap include info
21 
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
22 
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
23 
-reqtimeout setenvif speling status substitute unique_id userdir usertrack
24 
-version vhost_alias"
25 
-# The following are also in the source as of this version, but are not available
26 
-# for user selection:
27 
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
28 
-# optional_fn_import optional_hook_export optional_hook_import
29 
-
30 
-# inter-module dependencies
31 
-# TODO: this may still be incomplete
32 
-MODULE_DEPENDS="
33 
-	dav_fs:dav
34 
-	dav_lock:dav
35 
-	deflate:filter
36 
-	disk_cache:cache
37 
-	ext_filter:filter
38 
-	file_cache:cache
39 
-	log_forensic:log_config
40 
-	logio:log_config
41 
-	mem_cache:cache
42 
-	mime_magic:mime
43 
-	proxy_ajp:proxy
44 
-	proxy_balancer:proxy
45 
-	proxy_connect:proxy
46 
-	proxy_ftp:proxy
47 
-	proxy_http:proxy
48 
-	proxy_scgi:proxy
49 
-	substitute:filter
50 
-"
51 
-
52 
-# module<->define mappings
53 
-MODULE_DEFINES="
54 
-	auth_digest:AUTH_DIGEST
55 
-	authnz_ldap:AUTHNZ_LDAP
56 
-	cache:CACHE
57 
-	dav:DAV
58 
-	dav_fs:DAV
59 
-	dav_lock:DAV
60 
-	disk_cache:CACHE
61 
-	file_cache:CACHE
62 
-	info:INFO
63 
-	ldap:LDAP
64 
-	mem_cache:CACHE
65 
-	proxy:PROXY
66 
-	proxy_ajp:PROXY
67 
-	proxy_balancer:PROXY
68 
-	proxy_connect:PROXY
69 
-	proxy_ftp:PROXY
70 
-	proxy_http:PROXY
71 
-	ssl:SSL
72 
-	status:STATUS
73 
-	suexec:SUEXEC
74 
-	userdir:USERDIR
75 
-"
76 
-
77 
-# critical modules for the default config
78 
-MODULE_CRITICAL="
79 
-	authz_host
80 
-	dir
81 
-	mime
82 
-"
83 
-
84 
-inherit apache-2
85 
-
86 
-DESCRIPTION="The Apache Web Server."
87 
-HOMEPAGE="http://httpd.apache.org/"
88 
-
89 
-# some helper scripts are Apache-1.1, thus both are here
90 
-LICENSE="Apache-2.0 Apache-1.1"
91 
-SLOT="2"
92 
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
93 
-IUSE=""
94 
-
95 
-DEPEND="${DEPEND}
96 
-	>=dev-libs/openssl-0.9.8m
97 
-	apache2_modules_deflate? ( sys-libs/zlib )"
98 
-
99 
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
100 
-RDEPEND="${RDEPEND}
101 
-	>=dev-libs/apr-1.4.5
102 
-	>=dev-libs/openssl-0.9.8m
103 
-	apache2_modules_mime? ( app-misc/mime-types )"
104 
-
105 
-# init script fixup - should be rolled into next tarball #389965
106 
-src_prepare() {
107 
-	epatch "${FILESDIR}"/apache-noip.diff
108 
-	apache-2_src_prepare
109 
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
110 
-	cp ${FILESDIR}/2.2.22-envvars-std.in ${S}/support/envvars-std.in || die "Failed to apply LD_PRELOAD fix"
111 
-}
www-servers/apache/apache-2.2.25.ebuild
Zeige Datei @ 89bb85f
... ... 
@@ -1,120 +0,0 @@
1 
-# Copyright 1999-2013 Gentoo Foundation
2 
-# Distributed under the terms of the GNU General Public License v2
3 
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.25.ebuild,v 1.5 2013/07/23 20:02:10 ago Exp $
4 
-
5 
-EAPI="2"
6 
-
7 
-WANT_AUTOMAKE="1.11"
8 
-
9 
-# latest gentoo apache files
10 
-GENTOO_PATCHSTAMP="20121012"
11 
-GENTOO_DEVELOPER="patrick"
12 
-GENTOO_PATCHNAME="gentoo-apache-2.2.23"
13 
-
14 
-# IUSE/USE_EXPAND magic
15 
-IUSE_MPMS_FORK="itk peruser prefork"
16 
-IUSE_MPMS_THREAD="event worker"
17 
-
18 
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
19 
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
20 
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
21 
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
22 
-env expires ext_filter file_cache filter headers ident imagemap include info
23 
-log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
24 
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
25 
-reqtimeout setenvif speling status substitute unique_id userdir usertrack
26 
-version vhost_alias"
27 
-# The following are also in the source as of this version, but are not available
28 
-# for user selection:
29 
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
30 
-# optional_fn_import optional_hook_export optional_hook_import
31 
-
32 
-# inter-module dependencies
33 
-# TODO: this may still be incomplete
34 
-MODULE_DEPENDS="
35 
-	dav_fs:dav
36 
-	dav_lock:dav
37 
-	deflate:filter
38 
-	disk_cache:cache
39 
-	ext_filter:filter
40 
-	file_cache:cache
41 
-	log_forensic:log_config
42 
-	logio:log_config
43 
-	mem_cache:cache
44 
-	mime_magic:mime
45 
-	proxy_ajp:proxy
46 
-	proxy_balancer:proxy
47 
-	proxy_connect:proxy
48 
-	proxy_ftp:proxy
49 
-	proxy_http:proxy
50 
-	proxy_scgi:proxy
51 
-	substitute:filter
52 
-"
53 
-
54 
-# module<->define mappings
55 
-MODULE_DEFINES="
56 
-	auth_digest:AUTH_DIGEST
57 
-	authnz_ldap:AUTHNZ_LDAP
58 
-	cache:CACHE
59 
-	dav:DAV
60 
-	dav_fs:DAV
61 
-	dav_lock:DAV
62 
-	disk_cache:CACHE
63 
-	file_cache:CACHE
64 
-	info:INFO
65 
-	ldap:LDAP
66 
-	mem_cache:CACHE
67 
-	proxy:PROXY
68 
-	proxy_ajp:PROXY
69 
-	proxy_balancer:PROXY
70 
-	proxy_connect:PROXY
71 
-	proxy_ftp:PROXY
72 
-	proxy_http:PROXY
73 
-	ssl:SSL
74 
-	status:STATUS
75 
-	suexec:SUEXEC
76 
-	userdir:USERDIR
77 
-"
78 
-
79 
-# critical modules for the default config
80 
-MODULE_CRITICAL="
81 
-	authz_host
82 
-	dir
83 
-	mime
84 
-"
85 
-
86 
-inherit apache-2 systemd
87 
-
88 
-DESCRIPTION="The Apache Web Server."
89 
-HOMEPAGE="http://httpd.apache.org/"
90 
-
91 
-# some helper scripts are Apache-1.1, thus both are here
92 
-LICENSE="Apache-2.0 Apache-1.1"
93 
-SLOT="2"
94 
-KEYWORDS="~alpha amd64 arm hppa ~ia64 ~mips ppc ~ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
95 
-IUSE=""
96 
-
97 
-DEPEND="${DEPEND}
98 
-	>=dev-libs/openssl-0.9.8m
99 
-	apache2_modules_deflate? ( sys-libs/zlib )"
100 
-
101 
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
102 
-RDEPEND="${RDEPEND}
103 
-	>=dev-libs/apr-1.4.5
104 
-	>=dev-libs/openssl-0.9.8m
105 
-	apache2_modules_mime? ( app-misc/mime-types )"
106 
-
107 
-# init script fixup - should be rolled into next tarball #389965
108 
-src_prepare() {
109 
-	apache-2_src_prepare
110 
-	epatch "${FILESDIR}"/apache-noip.diff
111 
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
112 
-	cp "${FILESDIR}"/2.2.22-envvars-std.in "${S}"/support/envvars-std.in || die "Failed to apply LD_PRELOAD fix"
113 
-}
114 
-
115 
-src_install() {
116 
-	apache-2_src_install
117 
-
118 
-	systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service"
119 
-	systemd_dotmpfilesd "${FILESDIR}/apache.conf"
120 
-}
www-servers/apache/apache-2.4.3.ebuild
Zeige Datei @ 89bb85f
... ... 
@@ -1,214 +0,0 @@
1 
-# Copyright 1999-2012 Gentoo Foundation
2 
-# Distributed under the terms of the GNU General Public License v2
3 
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.3.ebuild,v 1.2 2012/10/13 03:13:09 mr_bones_ Exp $
4 
-
5 
-EAPI="2"
6 
-
7 
-# latest gentoo apache files
8 
-GENTOO_PATCHSTAMP="20121012"
9 
-GENTOO_DEVELOPER="patrick"
10 
-#GENTOO_PATCHNAME="gentoo-apache-2.4.1"
11 
-
12 
-# IUSE/USE_EXPAND magic
13 
-IUSE_MPMS_FORK="itk peruser prefork"
14 
-IUSE_MPMS_THREAD="event worker"
15 
-
16 
-# << obsolete modules:
17 
-# authn_default authz_default mem_cache
18 
-# mem_cache is replaced by cache_disk
19 
-# ?? buggy modules
20 
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
21 
-# >> added modules for reason:
22 
-# compat: compatibility with 2.2 access control
23 
-# authz_host: new module for access control
24 
-# authn_core: functionality provided by authn_alias in previous versions
25 
-# authz_core: new module, provides core authorization capabilities
26 
-# cache_disk: replacement for mem_cache
27 
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
28 
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
29 
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
30 
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
31 
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
32 
-# socache_shmcb: shared object cache provider. Default config with ssl needs it
33 
-# unixd: fixes startup error: Invalid command 'User'
34 
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon
35 
-authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm
36 
-authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta
37 
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir dumpio
38 
-env expires ext_filter file_cache filter headers ident imagemap include info
39 
-lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat
40 
-log_config log_forensic logio mime mime_magic negotiation proxy
41 
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
42 
-reqtimeout setenvif slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack
43 
-unixd version vhost_alias"
44 
-# The following are also in the source as of this version, but are not available
45 
-# for user selection:
46 
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
47 
-# optional_fn_import optional_hook_export optional_hook_import
48 
-
49 
-# inter-module dependencies
50 
-# TODO: this may still be incomplete
51 
-MODULE_DEPENDS="
52 
-	dav_fs:dav
53 
-	dav_lock:dav
54 
-	deflate:filter
55 
-	cache_disk:cache
56 
-	ext_filter:filter
57 
-	file_cache:cache
58 
-	lbmethod_byrequests:proxy_balancer
59 
-	lbmethod_byrequests:slotmem_shm
60 
-	lbmethod_bytraffic:proxy_balancer
61 
-	lbmethod_bybusyness:proxy_balancer
62 
-	lbmethod_heartbeat:proxy_balancer
63 
-	log_forensic:log_config
64 
-	logio:log_config
65 
-	cache_disk:cache
66 
-	mime_magic:mime
67 
-	proxy_ajp:proxy
68 
-	proxy_balancer:proxy
69 
-	proxy_connect:proxy
70 
-	proxy_ftp:proxy
71 
-	proxy_http:proxy
72 
-	proxy_scgi:proxy
73 
-	substitute:filter
74 
-"
75 
-
76 
-# module<->define mappings
77 
-MODULE_DEFINES="
78 
-	auth_digest:AUTH_DIGEST
79 
-	authnz_ldap:AUTHNZ_LDAP
80 
-	cache:CACHE
81 
-	cache_disk:CACHE
82 
-	dav:DAV
83 
-	dav_fs:DAV
84 
-	dav_lock:DAV
85 
-	file_cache:CACHE
86 
-	info:INFO
87 
-	ldap:LDAP
88 
-	proxy:PROXY
89 
-	proxy_ajp:PROXY
90 
-	proxy_balancer:PROXY
91 
-	proxy_connect:PROXY
92 
-	proxy_ftp:PROXY
93 
-	proxy_http:PROXY
94 
-	socache_shmcb:SSL
95 
-	ssl:SSL
96 
-	status:STATUS
97 
-	suexec:SUEXEC
98 
-	userdir:USERDIR
99 
-"
100 
-
101 
-# critical modules for the default config
102 
-MODULE_CRITICAL="
103 
-	authn_core
104 
-	authz_core
105 
-	authz_host
106 
-	dir
107 
-	mime
108 
-	unixd
109 
-"
110 
-# dependend criticals
111 
-use ssl && MODULE_CRITICAL+=" socache_shmcb"
112 
-use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
113 
-
114 
-inherit eutils apache-2
115 
-
116 
-DESCRIPTION="The Apache Web Server."
117 
-HOMEPAGE="http://httpd.apache.org/"
118 
-
119 
-# some helper scripts are Apache-1.1, thus both are here
120 
-LICENSE="Apache-2.0 Apache-1.1"
121 
-SLOT="2"
122 
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
123 
-IUSE=""
124 
-
125 
-DEPEND="${DEPEND}
126 
-	>=dev-libs/openssl-0.9.8m
127 
-	apache2_modules_deflate? ( sys-libs/zlib )"
128 
-
129 
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
130 
-RDEPEND="${RDEPEND}
131 
-	>=dev-libs/apr-1.4.5
132 
-	>=dev-libs/openssl-0.9.8m
133 
-	apache2_modules_mime? ( app-misc/mime-types )"
134 
-
135 
-# init script fixup - should be rolled into next tarball #389965
136 
-src_prepare() {
137 
-	epatch "${FILESDIR}"/apache-npn
138 
-	epatch "${FILESDIR}"/apache-2.4.3-dhparam.diff
139 
-	# the following patch can be removed once it is included in
140 
-	# GENTOO_PATCHNAME="gentoo-apache-2.4.1" ...
141 
-	if [ -f "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" ]; then
142 
-		cd "${GENTOO_PATCHDIR}" || die "Failed to cd to ${GENTOO_PATCHDIR}"
143 
-		epatch "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" \
144 
-			|| die "epatch failed"
145 
-		cd "${S}" || die "Failed to cd to ${S}"
146 
-	fi
147 
-	apache-2_src_prepare
148 
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
149 
-}
150 
-
151 
-src_install() {
152 
-	apache-2_src_install
153 
-	for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do
154 
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
155 
-	done
156 
-	for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do
157 
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
158 
-	done
159 
-	for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do
160 
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
161 
-	done
162 
-	for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do
163 
-		rm "${D}/"$i || die "Failed to prune apache-tools bits"
164 
-	done
165 
-
166 
-	# well, actually installing things makes them more installed, I guess?
167 
-	cp "${S}"/support/apxs "${D}"/usr/sbin/apxs || die "Failed to install apxs"
168 
-	chmod 0755 "${D}"/usr/sbin/apxs
169 
-
170 
-	# create dir defined in 40_mod_ssl.conf
171 
-	if use ssl; then
172 
-		dodir /var/run/apache_ssl_mutex || die "Failed to mkdir ssl_mutex"
173 
-	fi
174 
-}
175 
-
176 
-pkg_postinst()
177 
-{
178 
-	apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
179 
-	# warnings that default config might not work out of the box
180 
-	for mod in $MODULE_CRITICAL; do
181 
-		if ! use "apache2_modules_${mod}"; then
182 
-			echo
183 
-			ewarn "Warning: Critical module not installed!"
184 
-			ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
185 
-			ewarn "are highly recomended but might not be in the base profile yet."
186 
-			ewarn "Default config for ssl needs module 'socache_shmcb'."
187 
-			ewarn "Enabling the following flags is highly recommended:"
188 
-			for cmod in $MODULE_CRITICAL; do
189 
-				use "apache2_modules_${cmod}" || \
190 
-					ewarn "+ apache2_modules_${cmod}"
191 
-			done
192 
-			echo
193 
-			break
194 
-		fi
195 
-	done
196 
-	# warning for proxy_balancer and missing load balancing scheduler
197 
-	if use apache2_modules_proxy_balancer; then
198 
-		local lbset=
199 
-		for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
200 
-			if use "apache2_modules_${mod}"; then
201 
-				lbset=1 && break
202 
-			fi
203 
-		done
204 
-		if [ ! $lbset ]; then
205 
-			echo
206 
-			ewarn "Info: Missing load balancing scheduler algorithm module"
207 
-			ewarn "(They were split off from proxy_balancer in 2.3)"
208 
-			ewarn "In order to get the ability of load balancing, at least"
209 
-			ewarn "one of these modules has to be present:"
210 
-			ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
211 
-			echo
212 
-		fi
213 
-	fi
214 
-}
www-servers/apache/apache-2.4.4-r1.ebuild
Zeige Datei @ 89bb85f
... ... 
@@ -1,216 +0,0 @@
1 
-# Copyright 1999-2013 Gentoo Foundation
2 
-# Distributed under the terms of the GNU General Public License v2
3 
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.4-r1.ebuild,v 1.1 2013/02/27 15:49:15 chainsaw Exp $
4 
-
5 
-EAPI="2"
6 
-
7 
-# latest gentoo apache files
8 
-GENTOO_PATCHSTAMP="20130227"
9 
-GENTOO_DEVELOPER="patrick"
10 
-GENTOO_PATCHNAME="gentoo-apache-2.4.4"
11 
-
12 
-# IUSE/USE_EXPAND magic
13 
-IUSE_MPMS_FORK="itk peruser prefork"
14 
-IUSE_MPMS_THREAD="event worker"
15 
-
16 
-# << obsolete modules:
17 
-# authn_default authz_default mem_cache
18 
-# mem_cache is replaced by cache_disk
19 
-# ?? buggy modules
20 
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
21 
-# >> added modules for reason:
22 
-# compat: compatibility with 2.2 access control
23 
-# authz_host: new module for access control
24 
-# authn_core: functionality provided by authn_alias in previous versions
25 
-# authz_core: new module, provides core authorization capabilities
26 
-# cache_disk: replacement for mem_cache
27 
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
28 
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
29 
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
30 
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
31 
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
32 
-# socache_shmcb: shared object cache provider. Default config with ssl needs it
33 
-# unixd: fixes startup error: Invalid command 'User'
34 
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon
35 
-authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm
36 
-authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta
37 
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir dumpio
38 
-env expires ext_filter file_cache filter headers ident imagemap include info
39 
-lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat
40 
-log_config log_forensic logio mime mime_magic negotiation proxy
41 
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi proxy_fcgi rewrite
42 
-reqtimeout setenvif slotmem_shm speling socache_shmcb status substitute unique_id userdir usertrack
43 
-unixd version vhost_alias"
44 
-# The following are also in the source as of this version, but are not available
45 
-# for user selection:
46 
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
47 
-# optional_fn_import optional_hook_export optional_hook_import
48 
-
49 
-# inter-module dependencies
50 
-# TODO: this may still be incomplete
51 
-MODULE_DEPENDS="
52 
-	dav_fs:dav
53 
-	dav_lock:dav
54 
-	deflate:filter
55 
-	cache_disk:cache
56 
-	ext_filter:filter
57 
-	file_cache:cache
58 
-	lbmethod_byrequests:proxy_balancer
59 
-	lbmethod_byrequests:slotmem_shm
60 
-	lbmethod_bytraffic:proxy_balancer
61 
-	lbmethod_bybusyness:proxy_balancer
62 
-	lbmethod_heartbeat:proxy_balancer
63 
-	log_forensic:log_config
64 
-	logio:log_config
65 
-	cache_disk:cache
66 
-	mime_magic:mime
67 
-	proxy_ajp:proxy
68 
-	proxy_balancer:proxy
69 
-	proxy_connect:proxy
70 
-	proxy_ftp:proxy
71 
-	proxy_http:proxy
72 
-	proxy_scgi:proxy
73 
-	proxy_fcgi:proxy
74 
-	substitute:filter
75 
-"
76 
-
77 
-# module<->define mappings
78 
-MODULE_DEFINES="
79 
-	auth_digest:AUTH_DIGEST
80 
-	authnz_ldap:AUTHNZ_LDAP
81 
-	cache:CACHE
82 
-	cache_disk:CACHE
83 
-	dav:DAV
84 
-	dav_fs:DAV
85 
-	dav_lock:DAV
86 
-	file_cache:CACHE
87 
-	info:INFO
88 
-	ldap:LDAP
89 
-	proxy:PROXY
90 
-	proxy_ajp:PROXY
91 
-	proxy_balancer:PROXY
92 
-	proxy_connect:PROXY
93 
-	proxy_ftp:PROXY
94 
-	proxy_http:PROXY
95 
-	proxy_fcgi:PROXY
96 
-	socache_shmcb:SSL
97 
-	ssl:SSL
98 
-	status:STATUS
99 
-	suexec:SUEXEC
100 
-	userdir:USERDIR
101 
-"
102 
-
103 
-# critical modules for the default config
104 
-MODULE_CRITICAL="
105 
-	authn_core
106 
-	authz_core
107 
-	authz_host
108 
-	dir
109 
-	mime
110 
-	unixd
111 
-"
112 
-# dependend criticals
113 
-use ssl && MODULE_CRITICAL+=" socache_shmcb"
114 
-use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
115 
-
116 
-inherit eutils apache-2
117 
-
118 
-DESCRIPTION="The Apache Web Server."
119 
-HOMEPAGE="http://httpd.apache.org/"
120 
-
121 
-# some helper scripts are Apache-1.1, thus both are here
122 
-LICENSE="Apache-2.0 Apache-1.1"
123 
-SLOT="2"
124 
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
125 
-IUSE=""
126 
-
127 
-DEPEND="${DEPEND}
128 
-	>=dev-libs/openssl-0.9.8m
129 
-	apache2_modules_deflate? ( sys-libs/zlib )"
130 
-
131 
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
132 
-RDEPEND="${RDEPEND}
133 
-	>=dev-libs/apr-1.4.5
134 
-	>=dev-libs/openssl-0.9.8m
135 
-	apache2_modules_mime? ( app-misc/mime-types )"
136 
-
137 
-# init script fixup - should be rolled into next tarball #389965
138 
-src_prepare() {
139 
-	#epatch "${FILESDIR}"/apache-npn
140 
-	epatch "${FILESDIR}"/apache-2.4.3-dhparam.diff
141 
-	# the following patch can be removed once it is included in
142 
-	# GENTOO_PATCHNAME="gentoo-apache-2.4.1" ...
143 
-	if [ -f "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" ]; then
144 
-		cd "${GENTOO_PATCHDIR}" || die "Failed to cd to ${GENTOO_PATCHDIR}"
145 
-		epatch "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" \
146 
-			|| die "epatch failed"
147 
-		cd "${S}" || die "Failed to cd to ${S}"
148 
-	fi
149 
-	apache-2_src_prepare
150 
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
151 
-}
152 
-
153 
-src_install() {
154 
-	apache-2_src_install
155 
-	for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do
156 
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
157 
-	done
158 
-	for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do
159 
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
160 
-	done
161 
-	for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do
162 
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
163 
-	done
164 
-	for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do
165 
-		rm "${D}/"$i || die "Failed to prune apache-tools bits"
166 
-	done
167 
-
168 
-	# well, actually installing things makes them more installed, I guess?
169 
-	cp "${S}"/support/apxs "${D}"/usr/sbin/apxs || die "Failed to install apxs"
170 
-	chmod 0755 "${D}"/usr/sbin/apxs
171 
-
172 
-	# create dir defined in 40_mod_ssl.conf
173 
-	if use ssl; then
174 
-		dodir /var/run/apache_ssl_mutex || die "Failed to mkdir ssl_mutex"
175 
-	fi
176 
-}
177 
-
178 
-pkg_postinst()
179 
-{
180 
-	apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
181 
-	# warnings that default config might not work out of the box
182 
-	for mod in $MODULE_CRITICAL; do
183 
-		if ! use "apache2_modules_${mod}"; then
184 
-			echo
185 
-			ewarn "Warning: Critical module not installed!"
186 
-			ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
187 
-			ewarn "are highly recomended but might not be in the base profile yet."
188 
-			ewarn "Default config for ssl needs module 'socache_shmcb'."
189 
-			ewarn "Enabling the following flags is highly recommended:"
190 
-			for cmod in $MODULE_CRITICAL; do
191 
-				use "apache2_modules_${cmod}" || \
192 
-					ewarn "+ apache2_modules_${cmod}"
193 
-			done
194 
-			echo
195 
-			break
196 
-		fi
197 
-	done
198 
-	# warning for proxy_balancer and missing load balancing scheduler
199 
-	if use apache2_modules_proxy_balancer; then
200 
-		local lbset=
201 
-		for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
202 
-			if use "apache2_modules_${mod}"; then
203 
-				lbset=1 && break
204 
-			fi
205 
-		done
206 
-		if [ ! $lbset ]; then
207 
-			echo
208 
-			ewarn "Info: Missing load balancing scheduler algorithm module"
209 
-			ewarn "(They were split off from proxy_balancer in 2.3)"
210 
-			ewarn "In order to get the ability of load balancing, at least"
211 
-			ewarn "one of these modules has to be present:"
212 
-			ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
213 
-			echo
214 
-		fi
215 
-	fi
216 
-}
www-servers/apache/apache-2.4.6-r1.ebuild
Zeige Datei @ 89bb85f
... ... 
@@ -1,218 +0,0 @@
1 
-# Copyright 1999-2013 Gentoo Foundation
2 
-# Distributed under the terms of the GNU General Public License v2
3 
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.6-r1.ebuild,v 1.2 2013/07/28 01:39:37 aballier Exp $
4 
-
5 
-EAPI="2"
6 
-
7 
-# latest gentoo apache files
8 
-GENTOO_PATCHSTAMP="20130725"
9 
-GENTOO_DEVELOPER="kensington"
10 
-GENTOO_PATCHNAME="gentoo-apache-2.4.4"
11 
-
12 
-# IUSE/USE_EXPAND magic
13 
-IUSE_MPMS_FORK="itk peruser prefork"
14 
-IUSE_MPMS_THREAD="event worker"
15 
-
16 
-# << obsolete modules:
17 
-# authn_default authz_default mem_cache
18 
-# mem_cache is replaced by cache_disk
19 
-# ?? buggy modules
20 
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
21 
-# >> added modules for reason:
22 
-# compat: compatibility with 2.2 access control
23 
-# authz_host: new module for access control
24 
-# authn_core: functionality provided by authn_alias in previous versions
25 
-# authz_core: new module, provides core authorization capabilities
26 
-# cache_disk: replacement for mem_cache
27 
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
28 
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
29 
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
30 
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
31 
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
32 
-# socache_shmcb: shared object cache provider. Default config with ssl needs it
33 
-# unixd: fixes startup error: Invalid command 'User'
34 
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon
35 
-authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm
36 
-authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta
37 
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir dumpio
38 
-env expires ext_filter file_cache filter headers ident imagemap include info
39 
-lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat
40 
-log_config log_forensic logio mime mime_magic negotiation proxy
41 
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi proxy_fcgi
42 
-rewrite ratelimit remoteip reqtimeout setenvif slotmem_shm speling socache_shmcb status substitute
43 
-unique_id userdir usertrack unixd version vhost_alias"
44 
-# The following are also in the source as of this version, but are not available
45 
-# for user selection:
46 
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
47 
-# optional_fn_import optional_hook_export optional_hook_import
48 
-
49 
-# inter-module dependencies
50 
-# TODO: this may still be incomplete
51 
-MODULE_DEPENDS="
52 
-	dav_fs:dav
53 
-	dav_lock:dav
54 
-	deflate:filter
55 
-	cache_disk:cache
56 
-	ext_filter:filter
57 
-	file_cache:cache
58 
-	lbmethod_byrequests:proxy_balancer
59 
-	lbmethod_byrequests:slotmem_shm
60 
-	lbmethod_bytraffic:proxy_balancer
61 
-	lbmethod_bybusyness:proxy_balancer
62 
-	lbmethod_heartbeat:proxy_balancer
63 
-	log_forensic:log_config
64 
-	logio:log_config
65 
-	cache_disk:cache
66 
-	mime_magic:mime
67 
-	proxy_ajp:proxy
68 
-	proxy_balancer:proxy
69 
-	proxy_connect:proxy
70 
-	proxy_ftp:proxy
71 
-	proxy_http:proxy
72 
-	proxy_scgi:proxy
73 
-	proxy_fcgi:proxy
74 
-	substitute:filter
75 
-"
76 
-
77 
-# module<->define mappings
78 
-MODULE_DEFINES="
79 
-	auth_digest:AUTH_DIGEST
80 
-	authnz_ldap:AUTHNZ_LDAP
81 
-	cache:CACHE
82 
-	cache_disk:CACHE
83 
-	dav:DAV
84 
-	dav_fs:DAV
85 
-	dav_lock:DAV
86 
-	file_cache:CACHE
87 
-	info:INFO
88 
-	ldap:LDAP
89 
-	proxy:PROXY
90 
-	proxy_ajp:PROXY
91 
-	proxy_balancer:PROXY
92 
-	proxy_connect:PROXY
93 
-	proxy_ftp:PROXY
94 
-	proxy_http:PROXY
95 
-	proxy_fcgi:PROXY
96 
-	socache_shmcb:SSL
97 
-	ssl:SSL
98 
-	status:STATUS
99 
-	suexec:SUEXEC
100 
-	userdir:USERDIR
101 
-"
102 
-
103 
-# critical modules for the default config
104 
-MODULE_CRITICAL="
105 
-	authn_core
106 
-	authz_core
107 
-	authz_host
108 
-	dir
109 
-	mime
110 
-	unixd
111 
-"
112 
-# dependend criticals
113 
-use ssl && MODULE_CRITICAL+=" socache_shmcb"
114 
-use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
115 
-
116 
-inherit eutils apache-2 systemd
117 
-
118 
-DESCRIPTION="The Apache Web Server."
119 
-HOMEPAGE="http://httpd.apache.org/"
120 
-
121 
-# some helper scripts are Apache-1.1, thus both are here
122 
-LICENSE="Apache-2.0 Apache-1.1"
123 
-SLOT="2"
124 
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
125 
-IUSE=""
126 
-
127 
-DEPEND="${DEPEND}
128 
-	>=dev-libs/openssl-0.9.8m
129 
-	apache2_modules_deflate? ( sys-libs/zlib )"
130 
-
131 
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
132 
-RDEPEND="${RDEPEND}
133 
-	>=dev-libs/apr-1.4.5
134 
-	>=dev-libs/openssl-0.9.8m
135 
-	apache2_modules_mime? ( app-misc/mime-types )"
136 
-
137 
-# init script fixup - should be rolled into next tarball #389965
138 
-src_prepare() {
139 
-	epatch "${FILESDIR}"/apache-2.4.3-dhparam.diff
140 
-	# the following patch can be removed once it is included in
141 
-	# GENTOO_PATCHNAME="gentoo-apache-2.4.1" ...
142 
-	if [ -f "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" ]; then
143 
-		cd "${GENTOO_PATCHDIR}" || die "Failed to cd to ${GENTOO_PATCHDIR}"
144 
-		epatch "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" \
145 
-			|| die "epatch failed"
146 
-		cd "${S}" || die "Failed to cd to ${S}"
147 
-	fi
148 
-	apache-2_src_prepare
149 
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
150 
-}
151 
-
152 
-src_install() {
153 
-	apache-2_src_install
154 
-	for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do
155 
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
156 
-	done
157 
-	for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do
158 
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
159 
-	done
160 
-	for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do
161 
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
162 
-	done
163 
-	for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do
164 
-		rm "${D}/"$i || die "Failed to prune apache-tools bits"
165 
-	done
166 
-
167 
-	# well, actually installing things makes them more installed, I guess?
168 
-	cp "${S}"/support/apxs "${D}"/usr/sbin/apxs || die "Failed to install apxs"
169 
-	chmod 0755 "${D}"/usr/sbin/apxs
170 
-
171 
-	# Note: wait for mod_systemd to be included in the next release,
172 
-	# then apache2.4.service can be used and systemd support controlled
173 
-	# through --enable-systemd
174 
-	systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service"
175 
-	systemd_dotmpfilesd "${FILESDIR}/apache.conf"
176 
-	#insinto /etc/apache2/modules.d
177 
-	#doins "${FILESDIR}/00_systemd.conf"
178 
-}
179 
-
180 
-pkg_postinst()
181 
-{
182 
-	apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
183 
-	# warnings that default config might not work out of the box
184 
-	for mod in $MODULE_CRITICAL; do
185 
-		if ! use "apache2_modules_${mod}"; then
186 
-			echo
187 
-			ewarn "Warning: Critical module not installed!"
188 
-			ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
189 
-			ewarn "are highly recomended but might not be in the base profile yet."
190 
-			ewarn "Default config for ssl needs module 'socache_shmcb'."
191 
-			ewarn "Enabling the following flags is highly recommended:"
192 
-			for cmod in $MODULE_CRITICAL; do
193 
-				use "apache2_modules_${cmod}" || \
194 
-					ewarn "+ apache2_modules_${cmod}"
195 
-			done
196 
-			echo
197 
-			break
198 
-		fi
199 
-	done
200 
-	# warning for proxy_balancer and missing load balancing scheduler
201 
-	if use apache2_modules_proxy_balancer; then
202 
-		local lbset=
203 
-		for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
204 
-			if use "apache2_modules_${mod}"; then
205 
-				lbset=1 && break
206 
-			fi
207 
-		done
208 
-		if [ ! $lbset ]; then
209 
-			echo
210 
-			ewarn "Info: Missing load balancing scheduler algorithm module"
211 
-			ewarn "(They were split off from proxy_balancer in 2.3)"
212 
-			ewarn "In order to get the ability of load balancing, at least"
213 
-			ewarn "one of these modules has to be present:"
214 
-			ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
215 
-			echo
216 
-		fi
217 
-	fi
218 
-}
www-servers/apache/apache-2.4.6-r2.ebuild
Zeige Datei @ 89bb85f
... ... 
@@ -1,219 +0,0 @@
1 
-# Copyright 1999-2013 Gentoo Foundation
2 
-# Distributed under the terms of the GNU General Public License v2
3 
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.4.6-r2.ebuild,v 1.1 2013/08/01 07:16:18 kensington Exp $
4 
-
5 
-EAPI="2"
6 
-
7 
-# latest gentoo apache files
8 
-GENTOO_PATCHSTAMP="20130801"
9 
-GENTOO_DEVELOPER="kensington"
10 
-GENTOO_PATCHNAME="gentoo-apache-2.4.4"
11 
-
12 
-# IUSE/USE_EXPAND magic
13 
-IUSE_MPMS_FORK="itk peruser prefork"
14 
-IUSE_MPMS_THREAD="event worker"
15 
-
16 
-# << obsolete modules:
17 
-# authn_default authz_default mem_cache
18 
-# mem_cache is replaced by cache_disk
19 
-# ?? buggy modules
20 
-# proxy_scgi: startup error: undefined symbol "ap_proxy_release_connection", no fix found
21 
-# >> added modules for reason:
22 
-# compat: compatibility with 2.2 access control
23 
-# authz_host: new module for access control
24 
-# authn_core: functionality provided by authn_alias in previous versions
25 
-# authz_core: new module, provides core authorization capabilities
26 
-# cache_disk: replacement for mem_cache
27 
-# lbmethod_byrequests: Split off from mod_proxy_balancer in 2.3
28 
-# lbmethod_bytraffic: Split off from mod_proxy_balancer in 2.3
29 
-# lbmethod_bybusyness: Split off from mod_proxy_balancer in 2.3
30 
-# lbmethod_heartbeat: Split off from mod_proxy_balancer in 2.3
31 
-# slotmem_shm: Slot-based shared memory provider (for lbmethod_byrequests).
32 
-# socache_shmcb: shared object cache provider. Default config with ssl needs it
33 
-# unixd: fixes startup error: Invalid command 'User'
34 
-IUSE_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon
35 
-authn_core authn_dbd authn_dbm authn_file authz_core authz_dbm
36 
-authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta
37 
-charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir dumpio
38 
-env expires ext_filter file_cache filter headers ident imagemap include info
39 
-lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat
40 
-log_config log_forensic logio mime mime_magic negotiation proxy
41 
-proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi proxy_fcgi
42 
-rewrite ratelimit remoteip reqtimeout setenvif slotmem_shm speling socache_shmcb status substitute
43 
-unique_id userdir usertrack unixd version vhost_alias"
44 
-# The following are also in the source as of this version, but are not available
45 
-# for user selection:
46 
-# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
47 
-# optional_fn_import optional_hook_export optional_hook_import
48 
-
49 
-# inter-module dependencies
50 
-# TODO: this may still be incomplete
51 
-MODULE_DEPENDS="
52 
-	dav_fs:dav
53 
-	dav_lock:dav
54 
-	deflate:filter
55 
-	cache_disk:cache
56 
-	ext_filter:filter
57 
-	file_cache:cache
58 
-	lbmethod_byrequests:proxy_balancer
59 
-	lbmethod_byrequests:slotmem_shm
60 
-	lbmethod_bytraffic:proxy_balancer
61 
-	lbmethod_bybusyness:proxy_balancer
62 
-	lbmethod_heartbeat:proxy_balancer
63 
-	log_forensic:log_config
64 
-	logio:log_config
65 
-	cache_disk:cache
66 
-	mime_magic:mime
67 
-	proxy_ajp:proxy
68 
-	proxy_balancer:proxy
69 
-	proxy_connect:proxy
70 
-	proxy_ftp:proxy
71 
-	proxy_http:proxy
72 
-	proxy_scgi:proxy
73 
-	proxy_fcgi:proxy
74 
-	substitute:filter
75 
-"
76 
-
77 
-# module<->define mappings
78 
-MODULE_DEFINES="
79 
-	auth_digest:AUTH_DIGEST
80 
-	authnz_ldap:AUTHNZ_LDAP
81 
-	cache:CACHE
82 
-	cache_disk:CACHE
83 
-	dav:DAV
84 
-	dav_fs:DAV
85 
-	dav_lock:DAV
86 
-	file_cache:CACHE
87 
-	info:INFO
88 
-	ldap:LDAP
89 
-	proxy:PROXY
90 
-	proxy_ajp:PROXY
91 
-	proxy_balancer:PROXY
92 
-	proxy_connect:PROXY
93 
-	proxy_ftp:PROXY
94 
-	proxy_http:PROXY
95 
-	proxy_fcgi:PROXY
96 
-	socache_shmcb:SSL
97 
-	ssl:SSL
98 
-	status:STATUS
99 
-	suexec:SUEXEC
100 
-	userdir:USERDIR
101 
-"
102 
-
103 
-# critical modules for the default config
104 
-MODULE_CRITICAL="
105 
-	authn_core
106 
-	authz_core
107 
-	authz_host
108 
-	dir
109 
-	mime
110 
-	unixd
111 
-"
112 
-# dependend criticals
113 
-use ssl && MODULE_CRITICAL+=" socache_shmcb"
114 
-use doc && MODULE_CRITICAL+=" alias negotiation setenvif"
115 
-
116 
-inherit eutils apache-2 systemd
117 
-
118 
-DESCRIPTION="The Apache Web Server."
119 
-HOMEPAGE="http://httpd.apache.org/"
120 
-
121 
-# some helper scripts are Apache-1.1, thus both are here
122 
-LICENSE="Apache-2.0 Apache-1.1"
123 
-SLOT="2"
124 
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
125 
-IUSE=""
126 
-
127 
-DEPEND="${DEPEND}
128 
-	>=dev-libs/openssl-0.9.8m
129 
-	apache2_modules_deflate? ( sys-libs/zlib )"
130 
-
131 
-# dependency on >=dev-libs/apr-1.4.5 for bug #368651
132 
-RDEPEND="${RDEPEND}
133 
-	>=dev-libs/apr-1.4.5
134 
-	>=dev-libs/openssl-0.9.8m
135 
-	apache2_modules_mime? ( app-misc/mime-types )"
136 
-
137 
-# init script fixup - should be rolled into next tarball #389965
138 
-src_prepare() {
139 
-	epatch "${FILESDIR}/apache-2.4.6-modssl-dhparams.diff"
140 
-
141 
-	# the following patch can be removed once it is included in
142 
-	# GENTOO_PATCHNAME="gentoo-apache-2.4.1" ...
143 
-	if [ -f "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" ]; then
144 
-		cd "${GENTOO_PATCHDIR}" || die "Failed to cd to ${GENTOO_PATCHDIR}"
145 
-		epatch "${FILESDIR}/${GENTOO_PATCHNAME}-${GENTOO_DEVELOPER}-${GENTOO_PATCHSTAMP}-${PVR}.patch" \
146 
-			|| die "epatch failed"
147 
-		cd "${S}" || die "Failed to cd to ${S}"
148 
-	fi
149 
-	apache-2_src_prepare
150 
-	sed -i -e 's/! test -f/test -f/' "${GENTOO_PATCHDIR}"/init/apache2.initd || die "Failed to fix init script"
151 
-}
152 
-
153 
-src_install() {
154 
-	apache-2_src_install
155 
-	for i in /usr/bin/{htdigest,logresolve,htpasswd,htdbm,ab,httxt2dbm}; do
156 
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
157 
-	done
158 
-	for i in /usr/share/man/man8/{rotatelogs.8,htcacheclean.8}; do
159 
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
160 
-	done
161 
-	for i in /usr/share/man/man1/{logresolve.1,htdbm.1,htdigest.1,htpasswd.1,dbmmanage.1,ab.1}; do
162 
-		rm "${D}"/$i || die "Failed to prune apache-tools bits"
163 
-	done
164 
-	for i in /usr/sbin/{checkgid,fcgistarter,htcacheclean,rotatelogs}; do
165 
-		rm "${D}/"$i || die "Failed to prune apache-tools bits"
166 
-	done
167 
-
168 
-	# well, actually installing things makes them more installed, I guess?
169 
-	cp "${S}"/support/apxs "${D}"/usr/sbin/apxs || die "Failed to install apxs"
170 
-	chmod 0755 "${D}"/usr/sbin/apxs
171 
-
172 
-	# Note: wait for mod_systemd to be included in the next release,
173 
-	# then apache2.4.service can be used and systemd support controlled
174 
-	# through --enable-systemd
175 
-	systemd_newunit "${FILESDIR}/apache2.2.service" "apache2.service"
176 
-	systemd_dotmpfilesd "${FILESDIR}/apache.conf"
177 
-	#insinto /etc/apache2/modules.d
178 
-	#doins "${FILESDIR}/00_systemd.conf"
179 
-}
180 
-
181 
-pkg_postinst()
182 
-{
183 
-	apache-2_pkg_postinst || die "apache-2_pkg_postinst failed"
184 
-	# warnings that default config might not work out of the box
185 
-	for mod in $MODULE_CRITICAL; do
186 
-		if ! use "apache2_modules_${mod}"; then
187 
-			echo
188 
-			ewarn "Warning: Critical module not installed!"
189 
-			ewarn "Modules 'authn_core', 'authz_core' and 'unixd'"
190 
-			ewarn "are highly recomended but might not be in the base profile yet."
191 
-			ewarn "Default config for ssl needs module 'socache_shmcb'."
192 
-			ewarn "Enabling the following flags is highly recommended:"
193 
-			for cmod in $MODULE_CRITICAL; do
194 
-				use "apache2_modules_${cmod}" || \
195 
-					ewarn "+ apache2_modules_${cmod}"
196 
-			done
197 
-			echo
198 
-			break
199 
-		fi
200 
-	done
201 
-	# warning for proxy_balancer and missing load balancing scheduler
202 
-	if use apache2_modules_proxy_balancer; then
203 
-		local lbset=
204 
-		for mod in lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat; do
205 
-			if use "apache2_modules_${mod}"; then
206 
-				lbset=1 && break
207 
-			fi
208 
-		done
209 
-		if [ ! $lbset ]; then
210 
-			echo
211 
-			ewarn "Info: Missing load balancing scheduler algorithm module"
212 
-			ewarn "(They were split off from proxy_balancer in 2.3)"
213 
-			ewarn "In order to get the ability of load balancing, at least"
214 
-			ewarn "one of these modules has to be present:"
215 
-			ewarn "lbmethod_byrequests lbmethod_bytraffic lbmethod_bybusyness lbmethod_heartbeat"
216 
-			echo
217 
-		fi
218 
-	fi
219 
-}
www-servers/apache/files/00_systemd.conf
Zeige Datei @ 697c807
... ... 
@@ -0,0 +1,2 @@
1 
+# This file configures systemd module:
2 
+LoadModule systemd_module modules/mod_systemd.so
www-servers/apache/files/apache-2.2.14-staticdhparameters.diff
Zeige Datei @ 89bb85f
... ... 
@@ -1,314 +0,0 @@
1 
-diff -ru httpd-2.2.14.orig/modules/ssl/mod_ssl.c httpd-2.2.14.new/modules/ssl/mod_ssl.c
2 
---- httpd-2.2.14.orig/modules/ssl/mod_ssl.c	2009-05-19 13:44:59.000000000 +0200
3 
-+++ httpd-2.2.14.new/modules/ssl/mod_ssl.c	2010-07-06 11:56:50.897588899 +0200
4 
-@@ -108,6 +108,9 @@
5 
-     SSL_CMD_SRV(CertificateKeyFile, TAKE1,
6 
-                 "SSL Server Private Key file "
7 
-                 "(`/path/to/file' - PEM or DER encoded)")
8 
-+    SSL_CMD_SRV(DHParametersFile, TAKE1,
9 
-+                "SSL Server Diffie-Hellman parameters file "
10 
-+                "(`/path/to/file' - PEM or DER encoded)")
11 
-     SSL_CMD_SRV(CertificateChainFile, TAKE1,
12 
-                 "SSL Server CA Certificate Chain file "
13 
-                 "(`/path/to/file' - PEM encoded)")
14 
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_engine_config.c httpd-2.2.14.new/modules/ssl/ssl_engine_config.c
15 
---- httpd-2.2.14.orig/modules/ssl/ssl_engine_config.c	2009-05-19 13:44:59.000000000 +0200
16 
-+++ httpd-2.2.14.new/modules/ssl/ssl_engine_config.c	2010-07-06 11:56:50.897588899 +0200
17 
-@@ -72,6 +72,7 @@
18 
-     mc->tVHostKeys             = apr_hash_make(pool);
19 
-     mc->tPrivateKey            = apr_hash_make(pool);
20 
-     mc->tPublicCert            = apr_hash_make(pool);
21 
-+    mc->tDHParams              = apr_hash_make(pool);
22 
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
23 
-     mc->szCryptoDevice         = NULL;
24 
- #endif
25 
-@@ -156,6 +157,9 @@
26 
-     mctx->pks = apr_pcalloc(p, sizeof(*mctx->pks));
27 
-
28 
-     /* mctx->pks->... certs/keys are set during module init */
29 
-+
30 
-+    mctx->pks->dhparams_file = NULL;
31 
-+    mctx->pks->dhparams     = NULL;
32 
- }
33 
-
34 
- static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
35 
-@@ -246,6 +250,7 @@
36 
-
37 
-     cfgMergeString(pks->ca_name_path);
38 
-     cfgMergeString(pks->ca_name_file);
39 
-+    cfgMergeString(pks->dhparams_file);
40 
- }
41 
-
42 
- /*
43 
-@@ -762,6 +767,22 @@
44 
-     return NULL;
45 
- }
46 
-
47 
-+const char *ssl_cmd_SSLDHParametersFile(cmd_parms *cmd,
48 
-+    				        void *dcfg,
49 
-+				        const char *arg)
50 
-+{
51 
-+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
52 
-+    const char *err;
53 
-+
54 
-+    if ((err = ssl_cmd_check_file(cmd, &arg))) {
55 
-+        return err;
56 
-+    }
57 
-+
58 
-+    sc->server->pks->dhparams_file = arg;
59 
-+
60 
-+    return NULL;
61 
-+}
62 
-+
63 
- const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd,
64 
-                                           void *dcfg,
65 
-                                           const char *arg)
66 
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_engine_init.c httpd-2.2.14.new/modules/ssl/ssl_engine_init.c
67 
---- httpd-2.2.14.orig/modules/ssl/ssl_engine_init.c	2009-08-16 17:53:12.000000000 +0200
68 
-+++ httpd-2.2.14.new/modules/ssl/ssl_engine_init.c	2010-07-06 11:56:50.897588899 +0200
69 
-@@ -723,6 +723,42 @@
70 
-     }
71 
- }
72 
-
73 
-+static int ssl_server_import_dhparams(server_rec *s,
74 
-+                                      modssl_ctx_t *mctx,
75 
-+                                      const char *id)
76 
-+{
77 
-+    SSLModConfigRec *mc = myModConfig(s);
78 
-+    ssl_asn1_t *asn1;
79 
-+    MODSSL_D2I_DHparams_CONST unsigned char *ptr;
80 
-+    DH *dhparams = NULL;
81 
-+
82 
-+    if (!(asn1 = ssl_asn1_table_get(mc->tDHParams, id))) {
83 
-+        return FALSE;
84 
-+    }
85 
-+
86 
-+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
87 
-+                 "Configuring server Diffie-Hellman parameters");
88 
-+
89 
-+    ptr = asn1->cpData;
90 
-+    if (!(dhparams = d2i_DHparams(NULL, &ptr, asn1->nData))) {
91 
-+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
92 
-+                "Unable to import server Diffie-Hellman parameters");
93 
-+        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
94 
-+        ssl_die();
95 
-+    }
96 
-+
97 
-+    if (SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams) <= 0) {
98 
-+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
99 
-+                "Unable to configure server Diffie-Hellman parameters");
100 
-+        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
101 
-+        ssl_die();
102 
-+    }
103 
-+
104 
-+    mctx->pks->dhparams = dhparams;
105 
-+
106 
-+    return TRUE;
107 
-+}
108 
-+
109 
- static int ssl_server_import_cert(server_rec *s,
110 
-                                   modssl_ctx_t *mctx,
111 
-                                   const char *id,
112 
-@@ -882,16 +918,18 @@
113 
-                                   apr_pool_t *ptemp,
114 
-                                   modssl_ctx_t *mctx)
115 
- {
116 
--    const char *rsa_id, *dsa_id;
117 
-+    const char *rsa_id, *dsa_id, *dh_id;
118 
-     const char *vhost_id = mctx->sc->vhost_id;
119 
-     int i;
120 
-     int have_rsa, have_dsa;
121 
-
122 
-     rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
123 
-     dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
124 
-+    dh_id = apr_pstrcat(ptemp, vhost_id, ":", "DH", NULL);
125 
-
126 
-     have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
127 
-     have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
128 
-+    (void)ssl_server_import_dhparams(s, mctx, dh_id);
129 
-
130 
-     if (!(have_rsa || have_dsa)) {
131 
-         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
132 
-@@ -1265,6 +1303,7 @@
133 
-         MODSSL_CFG_ITEM_FREE(EVP_PKEY_free,
134 
-                              mctx->pks->keys[i]);
135 
-     }
136 
-+    MODSSL_CFG_ITEM_FREE(DH_free, mctx->pks->dhparams);
137 
- }
138 
-
139 
- apr_status_t ssl_init_ModuleKill(void *data)
140 
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_engine_pphrase.c httpd-2.2.14.new/modules/ssl/ssl_engine_pphrase.c
141 
---- httpd-2.2.14.orig/modules/ssl/ssl_engine_pphrase.c	2009-09-16 22:06:05.000000000 +0200
142 
-+++ httpd-2.2.14.new/modules/ssl/ssl_engine_pphrase.c	2010-07-06 11:56:50.897588899 +0200
143 
-@@ -144,6 +144,7 @@
144 
-     unsigned char *ucp;
145 
-     long int length;
146 
-     X509 *pX509Cert;
147 
-+    DH *pDHParams;
148 
-     BOOL bReadable;
149 
-     apr_array_header_t *aPassPhrase;
150 
-     int nPassPhrase;
151 
-@@ -192,8 +193,10 @@
152 
-                          pServ->defn_name, pServ->defn_line_number);
153 
-             ssl_die();
154 
-         }
155 
-+
156 
-         algoCert = SSL_ALGO_UNKNOWN;
157 
-         algoKey  = SSL_ALGO_UNKNOWN;
158 
-+
159 
-         for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->server->pks->cert_files[i] != NULL; i++) {
160 
-
161 
-             apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath));
162 
-@@ -517,6 +520,45 @@
163 
-              */
164 
-             EVP_PKEY_free(pPrivateKey);
165 
-         }
166 
-+
167 
-+	/*
168 
-+	 * Read in Diffie-Hellman parameters file if such a file is
169 
-+	 * specified.
170 
-+	 */
171 
-+	if (sc->server->pks->dhparams_file) {
172 
-+            apr_cpystrn(szPath, sc->server->pks->dhparams_file, sizeof(szPath));
173 
-+            if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) {
174 
-+                ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
175 
-+                             "Init: Can't open server Diffie-Hellman parameters file %s",
176 
-+                             szPath);
177 
-+                ssl_die();
178 
-+            }
179 
-+            if ((pDHParams = SSL_read_DHparams(szPath, NULL, NULL)) == NULL) {
180 
-+                ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
181 
-+                        "Init: Unable to read server Diffie-Hellman parameters from file %s", szPath);
182 
-+                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
183 
-+                ssl_die();
184 
-+            }
185 
-+
186 
-+            /*
187 
-+	     * Insert the DH params into global module configuration
188 
-+	     * to let it survive the processing between the 1st Apache
189 
-+	     * API init round (where we operate here) and the 2nd
190 
-+	     * Apache init round (where it will be actually used to
191 
-+	     * configure mod_ssl's per-server configuration
192 
-+	     * structures).
193 
-+             */
194 
-+            cp = asn1_table_vhost_key(mc, p, cpVHostID, "DH");
195 
-+            length = i2d_DHparams(pDHParams, NULL);
196 
-+            ucp = ssl_asn1_table_set(mc->tDHParams, cp, length);
197 
-+            (void)i2d_DHparams(pDHParams, &ucp); /* 2nd arg increments */
198 
-+
199 
-+            /*
200 
-+             * Free the DH structure
201 
-+             */
202 
-+            DH_free(pDHParams);
203 
-+	}
204 
-+
205 
-     }
206 
-
207 
-     /*
208 
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_private.h httpd-2.2.14.new/modules/ssl/ssl_private.h
209 
---- httpd-2.2.14.orig/modules/ssl/ssl_private.h	2009-05-19 13:44:59.000000000 +0200
210 
-+++ httpd-2.2.14.new/modules/ssl/ssl_private.h	2010-07-06 11:56:50.897588899 +0200
211 
-@@ -378,6 +378,7 @@
212 
-     void           *pTmpKeys[SSL_TMP_KEY_MAX];
213 
-     apr_hash_t     *tPublicCert;
214 
-     apr_hash_t     *tPrivateKey;
215 
-+    apr_hash_t     *tDHParams;
216 
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
217 
-     const char     *szCryptoDevice;
218 
- #endif
219 
-@@ -394,8 +395,10 @@
220 
-      */
221 
-     const char  *cert_files[SSL_AIDX_MAX];
222 
-     const char  *key_files[SSL_AIDX_MAX];
223 
-+    const char	*dhparams_file;
224 
-     X509        *certs[SSL_AIDX_MAX];
225 
-     EVP_PKEY    *keys[SSL_AIDX_MAX];
226 
-+    DH		*dhparams;
227 
-
228 
-     /** Certificates which specify the set of CA names which should be
229 
-      * sent in the CertificateRequest message: */
230 
-@@ -510,6 +513,7 @@
231 
- const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
232 
- const char  *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
233 
- const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
234 
-+const char  *ssl_cmd_SSLDHParametersFile(cmd_parms *, void *, const char *);
235 
- const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
236 
- const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
237 
- const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
238 
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_toolkit_compat.h httpd-2.2.14.new/modules/ssl/ssl_toolkit_compat.h
239 
---- httpd-2.2.14.orig/modules/ssl/ssl_toolkit_compat.h	2009-05-19 13:44:59.000000000 +0200
240 
-+++ httpd-2.2.14.new/modules/ssl/ssl_toolkit_compat.h	2010-07-06 11:56:50.897588899 +0200
241 
-@@ -100,9 +100,11 @@
242 
- #if (OPENSSL_VERSION_NUMBER >= 0x00908000)
243 
- # define MODSSL_D2I_PrivateKey_CONST const
244 
- # define MODSSL_D2I_X509_CONST const
245 
-+# define MODSSL_D2I_DHparams_CONST const
246 
- #else
247 
- # define MODSSL_D2I_PrivateKey_CONST
248 
- # define MODSSL_D2I_X509_CONST
249 
-+# define MODSSL_D2I_DHparams_CONST
250 
- #endif
251 
-
252 
- #if (OPENSSL_VERSION_NUMBER >= 0x00909000)
253 
-@@ -117,8 +119,10 @@
254 
-
255 
- #if (OPENSSL_VERSION_NUMBER < 0x00904000)
256 
- #define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb)
257 
-+#define modssl_PEM_read_bio_DHparams(b, x, cb, arg) PEM_read_bio_DHparams(b, x, cb)
258 
- #else
259 
- #define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb, arg)
260 
-+#define modssl_PEM_read_bio_DHparams(b, x, cb, arg) PEM_read_bio_DHparams(b, x, cb, arg)
261 
- #endif
262 
-
263 
- #define modssl_PEM_X509_INFO_read_bio PEM_X509_INFO_read_bio
264 
-diff -ru httpd-2.2.14.orig/modules/ssl/ssl_util_ssl.c httpd-2.2.14.new/modules/ssl/ssl_util_ssl.c
265 
---- httpd-2.2.14.orig/modules/ssl/ssl_util_ssl.c	2009-08-06 09:28:47.000000000 +0200
266 
-+++ httpd-2.2.14.new/modules/ssl/ssl_util_ssl.c	2010-07-06 11:56:50.897588899 +0200
267 
-@@ -115,6 +115,47 @@
268 
-     return rc;
269 
- }
270 
-
271 
-+DH *SSL_read_DHparams(char* filename, DH **DHparams, modssl_read_bio_cb_fn *cb)
272 
-+{
273 
-+    DH  *rc;
274 
-+    BIO *bioS;
275 
-+    BIO *bioF;
276 
-+
277 
-+    /* 1. try PEM (= DER+Base64+headers) */
278 
-+    if ((bioS=BIO_new_file(filename, "r")) == NULL)
279 
-+        return NULL;
280 
-+    rc = modssl_PEM_read_bio_DHparams (bioS, DHparams, cb, NULL);
281 
-+    BIO_free(bioS);
282 
-+
283 
-+    if (rc == NULL) {
284 
-+        /* 2. try DER+Base64 */
285 
-+        if ((bioS=BIO_new_file(filename, "r")) == NULL)
286 
-+            return NULL;
287 
-+
288 
-+        if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
289 
-+            BIO_free(bioS);
290 
-+            return NULL;
291 
-+        }
292 
-+        bioS = BIO_push(bioF, bioS);
293 
-+        rc = d2i_DHparams_bio(bioS, NULL);
294 
-+        BIO_free_all(bioS);
295 
-+
296 
-+        if (rc == NULL) {
297 
-+            /* 3. try plain DER */
298 
-+            if ((bioS=BIO_new_file(filename, "r")) == NULL)
299 
-+                return NULL;
300 
-+            rc = d2i_DHparams_bio(bioS, NULL);
301 
-+            BIO_free(bioS);
302 
-+        }
303 
-+    }
304 
-+    if (rc != NULL && DHparams != NULL) {
305 
-+        if (*DHparams != NULL)
306 
-+            DH_free(*DHparams);
307 
-+        *DHparams = rc;
308 
-+    }
309 
-+    return rc;
310 
-+}
311 
-+
312 
- #if SSL_LIBRARY_VERSION <= 0x00904100
313 
- static EVP_PKEY *d2i_PrivateKey_bio(BIO *bio, EVP_PKEY **key)
314 
- {
www-servers/apache/files/apache-2.2.23-tls-compression-option.diff
Zeige Datei @ 89bb85f
... ... 
@@ -1,128 +0,0 @@
1 
-Index: modules/ssl/ssl_private.h
2 
-===================================================================
3 
---- modules/ssl/ssl_private.h	(revision 1395230)
4 
-+++ modules/ssl/ssl_private.h	(revision 1395231)
5 
-@@ -64,6 +64,11 @@
6 
- #define HAVE_TLSV1_X
7 
- #endif
8 
-
9 
-+#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
10 
-+    && OPENSSL_VERSION_NUMBER < 0x00908000L
11 
-+#define OPENSSL_NO_COMP
12 
-+#endif
13 
-+
14 
- #include "ssl_util_ssl.h"
15 
-
16 
- /** The #ifdef macros are only defined AFTER including the above
17 
-@@ -504,6 +509,9 @@
18 
- #ifdef HAVE_FIPS
19 
-     BOOL             fips;
20 
- #endif
21 
-+#ifndef OPENSSL_NO_COMP
22 
-+    BOOL             compression;
23 
-+#endif
24 
- };
25 
-
26 
- /**
27 
-@@ -560,6 +568,7 @@
28 
- const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
29 
- const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
30 
- const char  *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag);
31 
-+const char  *ssl_cmd_SSLCompression(cmd_parms *, void *, int flag);
32 
- const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
33 
- const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
34 
- const char  *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
35 
-Index: modules/ssl/ssl_engine_init.c
36 
-===================================================================
37 
---- modules/ssl/ssl_engine_init.c	(revision 1395230)
38 
-+++ modules/ssl/ssl_engine_init.c	(revision 1395231)
39 
-@@ -533,6 +533,18 @@
40 
-     }
41 
- #endif
42 
-
43 
-+
44 
-+#ifndef OPENSSL_NO_COMP
45 
-+    if (sc->compression == FALSE) {
46 
-+#ifdef SSL_OP_NO_COMPRESSION
47 
-+        /* OpenSSL >= 1.0 only */
48 
-+        SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
49 
-+#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
50 
-+        sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
51 
-+#endif
52 
-+    }
53 
-+#endif
54 
-+
55 
- #ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
56 
-     if (sc->insecure_reneg == TRUE) {
57 
-         SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
58 
-Index: modules/ssl/ssl_engine_config.c
59 
-===================================================================
60 
---- modules/ssl/ssl_engine_config.c	(revision 1395230)
61 
-+++ modules/ssl/ssl_engine_config.c	(revision 1395231)
62 
-@@ -180,6 +180,9 @@
63 
- #ifdef HAVE_FIPS
64 
-     sc->fips                   = UNSET;
65 
- #endif
66 
-+#ifndef OPENSSL_NO_COMP
67 
-+    sc->compression            = UNSET;
68 
-+#endif
69 
-
70 
-     modssl_ctx_init_proxy(sc, p);
71 
-
72 
-@@ -278,6 +281,9 @@
73 
- #ifdef HAVE_FIPS
74 
-     cfgMergeBool(fips);
75 
- #endif
76 
-+#ifndef OPENSSL_NO_COMP
77 
-+    cfgMergeBool(compression);
78 
-+#endif
79 
-
80 
-     modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
81 
-
82 
-@@ -711,6 +717,23 @@
83 
-
84 
- }
85 
-
86 
-+const char *ssl_cmd_SSLCompression(cmd_parms *cmd, void *dcfg, int flag)
87 
-+{
88 
-+#if !defined(OPENSSL_NO_COMP)
89 
-+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
90 
-+#ifndef SSL_OP_NO_COMPRESSION
91 
-+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
92 
-+    if (err)
93 
-+        return "This version of openssl does not support configuring "
94 
-+               "compression within <VirtualHost> sections.";
95 
-+#endif
96 
-+    sc->compression = flag ? TRUE : FALSE;
97 
-+    return NULL;
98 
-+#else
99 
-+    return "Setting Compression mode unsupported; not implemented by the SSL library";
100 
-+#endif
101 
-+}
102 
-+
103 
- const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag)
104 
- {
105 
- #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
106 
-Index: modules/ssl/mod_ssl.c
107 
-===================================================================
108 
---- modules/ssl/mod_ssl.c	(revision 1395230)
109 
-+++ modules/ssl/mod_ssl.c	(revision 1395231)
110 
-@@ -156,6 +156,9 @@
111 
-                 "('[+-][" SSL_PROTOCOLS "] ...' - see manual)")
112 
-     SSL_CMD_SRV(HonorCipherOrder, FLAG,
113 
-                 "Use the server's cipher ordering preference")
114 
-+    SSL_CMD_SRV(Compression, FLAG,
115 
-+                "Enable SSL level compression"
116 
-+                "(`on', `off')")
117 
-     SSL_CMD_SRV(InsecureRenegotiation, FLAG,
118 
-                 "Enable support for insecure renegotiation")
119 
-     SSL_CMD_ALL(UserName, TAKE1,
120 
-Index: .
121 
-===================================================================
122 
---- .	(revision 1395230)
123 
-+++ .	(revision 1395231)
124 
-
125 
-Property changes on: .
126 
-___________________________________________________________________
127 
-Modified: svn:mergeinfo
128 
-   Merged /httpd/httpd/trunk:r1345319,1348656
www-servers/apache/files/apache-2.4.3-dhparam.diff
Zeige Datei @ 89bb85f
... ... 
@@ -1,331 +0,0 @@
1 
-diff -Naur httpd-2.4.3/modules/ssl/mod_ssl.c httpd-2.4.3-dh/modules/ssl/mod_ssl.c
2 
---- httpd-2.4.3/modules/ssl/mod_ssl.c	2012-08-05 15:48:40.000000000 +0200
3 
-+++ httpd-2.4.3-dh/modules/ssl/mod_ssl.c	2012-10-23 16:10:39.905810300 +0200
4 
-@@ -88,6 +88,9 @@
5 
-     SSL_CMD_SRV(CertificateKeyFile, TAKE1,
6 
-                 "SSL Server Private Key file "
7 
-                 "('/path/to/file' - PEM or DER encoded)")
8 
-+    SSL_CMD_SRV(DHParametersFile, TAKE1,
9 
-+                "SSL Server Diffie-Hellman parameters file "
10 
-+                "(`/path/to/file' - PEM or DER encoded)")
11 
-     SSL_CMD_SRV(CertificateChainFile, TAKE1,
12 
-                 "SSL Server CA Certificate Chain file "
13 
-                 "('/path/to/file' - PEM encoded)")
14 
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_config.c httpd-2.4.3-dh/modules/ssl/ssl_engine_config.c
15 
---- httpd-2.4.3/modules/ssl/ssl_engine_config.c	2012-08-05 15:48:40.000000000 +0200
16 
-+++ httpd-2.4.3-dh/modules/ssl/ssl_engine_config.c	2012-10-23 16:10:39.907810276 +0200
17 
-@@ -67,6 +67,7 @@
18 
-     mc->tVHostKeys             = apr_hash_make(pool);
19 
-     mc->tPrivateKey            = apr_hash_make(pool);
20 
-     mc->tPublicCert            = apr_hash_make(pool);
21 
-+    mc->tDHParams              = apr_hash_make(pool);
22 
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
23 
-     mc->szCryptoDevice         = NULL;
24 
- #endif
25 
-@@ -182,6 +183,9 @@
26 
-
27 
-     /* mctx->pks->... certs/keys are set during module init */
28 
-
29 
-+    mctx->pks->dhparams_file = NULL;
30 
-+    mctx->pks->dhparams     = NULL;
31 
-+
32 
- #ifdef HAVE_TLS_SESSION_TICKETS
33 
-     mctx->ticket_key = apr_pcalloc(p, sizeof(*mctx->ticket_key));
34 
- #endif
35 
-@@ -302,6 +306,7 @@
36 
-
37 
-     cfgMergeString(pks->ca_name_path);
38 
-     cfgMergeString(pks->ca_name_file);
39 
-+    cfgMergeString(pks->dhparams_file);
40 
-
41 
- #ifdef HAVE_TLS_SESSION_TICKETS
42 
-     cfgMergeString(ticket_key->file_path);
43 
-@@ -783,6 +788,22 @@
44 
-
45 
-     return NULL;
46 
- }
47 
-+
48 
-+const char *ssl_cmd_SSLDHParametersFile(cmd_parms *cmd,
49 
-+                                        void *dcfg,
50 
-+					const char *arg)
51 
-+{
52 
-+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
53 
-+    const char *err;
54 
-+
55 
-+    if ((err = ssl_cmd_check_file(cmd, &arg))) {
56 
-+        return err;
57 
-+    }
58 
-+
59 
-+    sc->server->pks->dhparams_file = arg;
60 
-+
61 
-+    return NULL;
62 
-+}
63 
-
64 
- const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd,
65 
-                                           void *dcfg,
66 
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_init.c httpd-2.4.3-dh/modules/ssl/ssl_engine_init.c
67 
---- httpd-2.4.3/modules/ssl/ssl_engine_init.c	2012-08-05 15:48:40.000000000 +0200
68 
-+++ httpd-2.4.3-dh/modules/ssl/ssl_engine_init.c	2012-10-23 16:11:28.481213388 +0200
69 
-@@ -962,6 +962,42 @@
70 
-     }
71 
- }
72 
-
73 
-+static int ssl_server_import_dhparams(server_rec *s,
74 
-+                                      modssl_ctx_t *mctx,
75 
-+                                      const char *id)
76 
-+{
77 
-+    SSLModConfigRec *mc = myModConfig(s);
78 
-+    ssl_asn1_t *asn1;
79 
-+    MODSSL_D2I_DHparams_CONST unsigned char *ptr;
80 
-+    DH *dhparams = NULL;
81 
-+
82 
-+    if (!(asn1 = ssl_asn1_table_get(mc->tDHParams, id))) {
83 
-+        return FALSE;
84 
-+    }
85 
-+
86 
-+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
87 
-+                 "Configuring server Diffie-Hellman parameters");
88 
-+
89 
-+    ptr = asn1->cpData;
90 
-+    if (!(dhparams = d2i_DHparams(NULL, &ptr, asn1->nData))) {
91 
-+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
92 
-+                "Unable to import server Diffie-Hellman parameters");
93 
-+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
94 
-+        ssl_die(s);
95 
-+    }
96 
-+
97 
-+    if (SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams) <= 0) {
98 
-+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
99 
-+                "Unable to configure server Diffie-Hellman parameters");
100 
-+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
101 
-+        ssl_die(s);
102 
-+    }
103 
-+
104 
-+    mctx->pks->dhparams = dhparams;
105 
-+
106 
-+    return TRUE;
107 
-+}
108 
-+
109 
- static int ssl_server_import_cert(server_rec *s,
110 
-                                   modssl_ctx_t *mctx,
111 
-                                   const char *id,
112 
-@@ -1169,7 +1205,7 @@
113 
-                                   apr_pool_t *ptemp,
114 
-                                   modssl_ctx_t *mctx)
115 
- {
116 
--    const char *rsa_id, *dsa_id;
117 
-+    const char *rsa_id, *dsa_id, *dh_id;
118 
- #ifndef OPENSSL_NO_EC
119 
-     const char *ecc_id;
120 
- #endif
121 
-@@ -1182,12 +1218,14 @@
122 
-
123 
-     rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
124 
-     dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
125 
-+    dh_id = apr_pstrcat(ptemp, vhost_id, ":", "DH", NULL);
126 
- #ifndef OPENSSL_NO_EC
127 
-     ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC);
128 
- #endif
129 
-
130 
-     have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
131 
-     have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
132 
-+    (void)ssl_server_import_dhparams(s, mctx, dh_id);
133 
- #ifndef OPENSSL_NO_EC
134 
-     have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC);
135 
- #endif
136 
-@@ -1723,6 +1761,7 @@
137 
-         MODSSL_CFG_ITEM_FREE(EVP_PKEY_free,
138 
-                              mctx->pks->keys[i]);
139 
-     }
140 
-+    MODSSL_CFG_ITEM_FREE(DH_free, mctx->pks->dhparams);
141 
- }
142 
-
143 
- apr_status_t ssl_init_ModuleKill(void *data)
144 
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_pphrase.c httpd-2.4.3-dh/modules/ssl/ssl_engine_pphrase.c
145 
---- httpd-2.4.3/modules/ssl/ssl_engine_pphrase.c	2012-08-04 23:22:38.000000000 +0200
146 
-+++ httpd-2.4.3-dh/modules/ssl/ssl_engine_pphrase.c	2012-10-23 16:16:39.306422234 +0200
147 
-@@ -147,6 +147,7 @@
148 
-     unsigned char *ucp;
149 
-     long int length;
150 
-     X509 *pX509Cert;
151 
-+    DH *pDHParams;
152 
-     BOOL bReadable;
153 
-     apr_array_header_t *aPassPhrase;
154 
-     int nPassPhrase;
155 
-@@ -162,6 +163,7 @@
156 
-     char *an;
157 
-     apr_time_t pkey_mtime = 0;
158 
-     apr_status_t rv;
159 
-+    const char *dhid;
160 
-     /*
161 
-      * Start with a fresh pass phrase array
162 
-      */
163 
-@@ -225,14 +227,14 @@
164 
-                     ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(02201)
165 
-                                  "Init: Can't open server certificate file %s",
166 
-                                  szPath);
167 
--                    ssl_die(s);
168 
-+                    ssl_die(pServ);
169 
-                 }
170 
-                 if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
171 
-                     ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02241)
172 
-                                  "Init: Unable to read server certificate from"
173 
-                                  " file %s", szPath);
174 
-                     ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
175 
--                    ssl_die(s);
176 
-+                    ssl_die(pServ);
177 
-                 }
178 
-                 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02202)
179 
-                              "Init: Read server certificate from '%s'",
180 
-@@ -550,6 +552,43 @@
181 
-              */
182 
-             EVP_PKEY_free(pPrivateKey);
183 
-         }
184 
-+	/*
185 
-+         * Read in Diffie-Hellman parameters file if such a file is
186 
-+         * specified.
187 
-+         */
188 
-+        if (sc->server->pks->dhparams_file) {
189 
-+            apr_cpystrn(szPath, sc->server->pks->dhparams_file, sizeof(szPath));
190 
-+            if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) {
191 
-+                ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
192 
-+                             "Init: Can't open server Diffie-Hellman parameters file %s",
193 
-+                             szPath);
194 
-+                ssl_die(s);
195 
-+            }
196 
-+            if ((pDHParams = SSL_read_DHparams(szPath, NULL, NULL)) == NULL) {
197 
-+                ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
198 
-+                        "Init: Unable to read server Diffie-Hellman parameters from file %s", szPath);
199 
-+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
200 
-+                ssl_die(s);
201 
-+            }
202 
-+
203 
-+	    /*
204 
-+             * Insert the DH params into global module configuration
205 
-+             * to let it survive the processing between the 1st Apache
206 
-+             * API init round (where we operate here) and the 2nd
207 
-+             * Apache init round (where it will be actually used to
208 
-+             * configure mod_ssl's per-server configuration
209 
-+             * structures).
210 
-+             */
211 
-+            dhid = asn1_table_vhost_key(mc, p, cpVHostID, "DH");
212 
-+            length = i2d_DHparams(pDHParams, NULL);
213 
-+            ucp = ssl_asn1_table_set(mc->tDHParams, dhid, length);
214 
-+            (void)i2d_DHparams(pDHParams, &ucp); /* 2nd arg increments */
215 
-+
216 
-+            /*
217 
-+             * Free the DH structure
218 
-+             */
219 
-+            DH_free(pDHParams);
220 
-+        }
221 
-     }
222 
-
223 
-     /*
224 
-diff -Naur httpd-2.4.3/modules/ssl/ssl_private.h httpd-2.4.3-dh/modules/ssl/ssl_private.h
225 
---- httpd-2.4.3/modules/ssl/ssl_private.h	2012-08-05 15:48:40.000000000 +0200
226 
-+++ httpd-2.4.3-dh/modules/ssl/ssl_private.h	2012-10-23 16:10:39.911810230 +0200
227 
-@@ -121,10 +121,12 @@
228 
- #define MODSSL_D2I_ASN1_type_bytes_CONST const
229 
- #define MODSSL_D2I_PrivateKey_CONST const
230 
- #define MODSSL_D2I_X509_CONST const
231 
-+#define MODSSL_D2I_DHparams_CONST const
232 
- #else
233 
- #define MODSSL_D2I_ASN1_type_bytes_CONST
234 
- #define MODSSL_D2I_PrivateKey_CONST
235 
- #define MODSSL_D2I_X509_CONST
236 
-+#define MODSSL_D2I_DHparams_CONST
237 
- #endif
238 
-
239 
- #if OPENSSL_VERSION_NUMBER >= 0x00908080 && !defined(OPENSSL_NO_OCSP) \
240 
-@@ -535,6 +537,7 @@
241 
-      * example the string "vhost.example.com:443:RSA". */
242 
-     apr_hash_t     *tPublicCert;
243 
-     apr_hash_t     *tPrivateKey;
244 
-+    apr_hash_t     *tDHParams;
245 
-
246 
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
247 
-     const char     *szCryptoDevice;
248 
-@@ -561,11 +564,13 @@
249 
-      * unordered lists. */
250 
-     const char  *cert_files[SSL_AIDX_MAX];
251 
-     const char  *key_files[SSL_AIDX_MAX];
252 
-+    const char  *dhparams_file;
253 
-     /* Loaded certs and keys; these arrays ARE indexed by the
254 
-      * algorithm type, i.e.  keys[SSL_AIDX_RSA] maps to the RSA
255 
-      * private key. */
256 
-     X509        *certs[SSL_AIDX_MAX];
257 
-     EVP_PKEY    *keys[SSL_AIDX_MAX];
258 
-+    DH          *dhparams;
259 
-
260 
-     /** Certificates which specify the set of CA names which should be
261 
-      * sent in the CertificateRequest message: */
262 
-@@ -723,6 +728,7 @@
263 
- const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
264 
- const char  *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
265 
- const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
266 
-+const char  *ssl_cmd_SSLDHParametersFile(cmd_parms *, void *, const char *);
267 
- const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
268 
- const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
269 
- const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
270 
-diff -Naur httpd-2.4.3/modules/ssl/ssl_util_ssl.c httpd-2.4.3-dh/modules/ssl/ssl_util_ssl.c
271 
---- httpd-2.4.3/modules/ssl/ssl_util_ssl.c	2012-02-28 13:07:31.000000000 +0100
272 
-+++ httpd-2.4.3-dh/modules/ssl/ssl_util_ssl.c	2012-10-23 16:10:39.911810230 +0200
273 
-@@ -156,6 +156,47 @@
274 
-     return rc;
275 
- }
276 
-
277 
-+DH *SSL_read_DHparams(char* filename, DH **DHparams, void *cb)
278 
-+{
279 
-+    DH  *rc;
280 
-+    BIO *bioS;
281 
-+    BIO *bioF;
282 
-+
283 
-+    /* 1. try PEM (= DER+Base64+headers) */
284 
-+    if ((bioS=BIO_new_file(filename, "r")) == NULL)
285 
-+        return NULL;
286 
-+    rc = PEM_read_bio_DHparams(bioS, DHparams, cb, NULL);
287 
-+    BIO_free(bioS);
288 
-+
289 
-+    if (rc == NULL) {
290 
-+        /* 2. try DER+Base64 */
291 
-+        if ((bioS=BIO_new_file(filename, "r")) == NULL)
292 
-+            return NULL;
293 
-+
294 
-+        if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
295 
-+            BIO_free(bioS);
296 
-+            return NULL;
297 
-+        }
298 
-+        bioS = BIO_push(bioF, bioS);
299 
-+        rc = d2i_DHparams_bio(bioS, NULL);
300 
-+        BIO_free_all(bioS);
301 
-+
302 
-+        if (rc == NULL) {
303 
-+            /* 3. try plain DER */
304 
-+            if ((bioS=BIO_new_file(filename, "r")) == NULL)
305 
-+                return NULL;
306 
-+            rc = d2i_DHparams_bio(bioS, NULL);
307 
-+            BIO_free(bioS);
308 
-+        }
309 
-+    }
310 
-+    if (rc != NULL && DHparams != NULL) {
311 
-+        if (*DHparams != NULL)
312 
-+            DH_free(*DHparams);
313 
-+        *DHparams = rc;
314 
-+    }
315 
-+    return rc;
316 
-+}
317 
-+
318 
- /*  _________________________________________________________________
319 
- **
320 
- **  Smart shutdown
321 
-diff -Naur httpd-2.4.3/modules/ssl/ssl_util_ssl.h httpd-2.4.3-dh/modules/ssl/ssl_util_ssl.h
322 
---- httpd-2.4.3/modules/ssl/ssl_util_ssl.h	2012-01-08 11:12:18.000000000 +0100
323 
-+++ httpd-2.4.3-dh/modules/ssl/ssl_util_ssl.h	2012-10-23 16:10:39.912810219 +0200
324 
-@@ -62,6 +62,7 @@
325 
- void        SSL_set_app_data2(SSL *, void *);
326 
- X509       *SSL_read_X509(char *, X509 **, pem_password_cb *);
327 
- EVP_PKEY   *SSL_read_PrivateKey(char *, EVP_PKEY **, pem_password_cb *, void *);
328 
-+DH         *SSL_read_DHparams(char* filename, DH **DHparams, void *cb);
329 
- int         SSL_smart_shutdown(SSL *ssl);
330 
- BOOL        SSL_X509_isSGC(X509 *);
331 
- BOOL        SSL_X509_getBC(X509 *, int *, int *);
www-servers/apache/files/apache-2.4.6-modssl-dhparams.diff
Zeige Datei @ 89bb85f
... ... 
@@ -1,1552 +0,0 @@
1 
-diff -Naur httpd-2.4.6-orig/LAYOUT httpd-2.4.6/LAYOUT
2 
---- httpd-2.4.6-orig/LAYOUT	2013-10-01 12:20:45.706812951 +0200
3 
-+++ httpd-2.4.6/LAYOUT	2013-10-01 12:20:50.988746918 +0200
4 
-@@ -108,7 +108,6 @@
5 
-     mod_ssl.c ............... main source file containing API structures
6 
-     mod_ssl.h ............... common header file of mod_ssl
7 
-     ssl_engine_config.c ..... module configuration handling
8 
--    ssl_engine_dh.c ......... DSA/DH support
9 
-     ssl_engine_init.c ....... module initialization
10 
-     ssl_engine_io.c ......... I/O support
11 
-     ssl_engine_kernel.c ..... SSL engine kernel
12 
-diff -Naur httpd-2.4.6-orig/modules/ssl/config.m4 httpd-2.4.6/modules/ssl/config.m4
13 
---- httpd-2.4.6-orig/modules/ssl/config.m4	2013-10-01 12:20:45.774812101 +0200
14 
-+++ httpd-2.4.6/modules/ssl/config.m4	2013-10-01 12:20:50.989746905 +0200
15 
-@@ -20,7 +20,6 @@
16 
- ssl_objs="dnl
17 
- mod_ssl.lo dnl
18 
- ssl_engine_config.lo dnl
19 
--ssl_engine_dh.lo dnl
20 
- ssl_engine_init.lo dnl
21 
- ssl_engine_io.lo dnl
22 
- ssl_engine_kernel.lo dnl
23 
-diff -Naur httpd-2.4.6-orig/modules/ssl/mod_ssl.c httpd-2.4.6/modules/ssl/mod_ssl.c
24 
---- httpd-2.4.6-orig/modules/ssl/mod_ssl.c	2013-10-01 12:20:45.775812088 +0200
25 
-+++ httpd-2.4.6/modules/ssl/mod_ssl.c	2013-10-01 12:20:50.989746905 +0200
26 
-@@ -148,7 +148,7 @@
27 
-     SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
28 
-                 "Strict SNI virtual host checking")
29 
-
30 
--#ifndef OPENSSL_NO_SRP
31 
-+#ifdef HAVE_SRP
32 
-     SSL_CMD_SRV(SRPVerifierFile, TAKE1,
33 
-                 "SRP verifier file "
34 
-                 "('/path/to/file' - created by srptool)")
35 
-@@ -471,15 +471,6 @@
36 
-
37 
-     sslconn->ssl = ssl;
38 
-
39 
--    /*
40 
--     *  Configure callbacks for SSL connection
41 
--     */
42 
--    SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
43 
--    SSL_set_tmp_dh_callback(ssl,  ssl_callback_TmpDH);
44 
--#ifndef OPENSSL_NO_EC
45 
--    SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH);
46 
--#endif
47 
--
48 
-     SSL_set_verify_result(ssl, X509_V_OK);
49 
-
50 
-     ssl_io_filter_init(c, r, ssl);
51 
-diff -Naur httpd-2.4.6-orig/modules/ssl/mod_ssl.dsp httpd-2.4.6/modules/ssl/mod_ssl.dsp
52 
---- httpd-2.4.6-orig/modules/ssl/mod_ssl.dsp	2013-10-01 12:20:45.775812088 +0200
53 
-+++ httpd-2.4.6/modules/ssl/mod_ssl.dsp	2013-10-01 12:20:50.989746905 +0200
54 
-@@ -112,10 +112,6 @@
55 
- # End Source File
56 
- # Begin Source File
57 
-
58 
--SOURCE=.\ssl_engine_dh.c
59 
--# End Source File
60 
--# Begin Source File
61 
--
62 
- SOURCE=.\ssl_engine_init.c
63 
- # End Source File
64 
- # Begin Source File
65 
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_config.c httpd-2.4.6/modules/ssl/ssl_engine_config.c
66 
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_config.c	2013-10-01 12:20:45.776812076 +0200
67 
-+++ httpd-2.4.6/modules/ssl/ssl_engine_config.c	2013-10-01 12:20:50.989746905 +0200
68 
-@@ -75,8 +75,6 @@
69 
-     mc->stapling_mutex         = NULL;
70 
- #endif
71 
-
72 
--    memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys));
73 
--
74 
-     apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,
75 
-                           apr_pool_cleanup_null,
76 
-                           pool);
77 
-@@ -150,7 +148,7 @@
78 
-     mctx->stapling_force_url         = NULL;
79 
- #endif
80 
-
81 
--#ifndef OPENSSL_NO_SRP
82 
-+#ifdef HAVE_SRP
83 
-     mctx->srp_vfile =             NULL;
84 
-     mctx->srp_unknown_user_seed = NULL;
85 
-     mctx->srp_vbase =             NULL;
86 
-@@ -208,7 +206,7 @@
87 
-     sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET;
88 
-     sc->proxy_ssl_check_peer_cn     = SSL_ENABLED_UNSET;
89 
-     sc->proxy_ssl_check_peer_name   = SSL_ENABLED_UNSET;
90 
--#ifndef OPENSSL_NO_TLSEXT
91 
-+#ifdef HAVE_TLSEXT
92 
-     sc->strict_sni_vhost_check = SSL_ENABLED_UNSET;
93 
- #endif
94 
- #ifdef HAVE_FIPS
95 
-@@ -282,7 +280,7 @@
96 
-     cfgMerge(stapling_force_url, NULL);
97 
- #endif
98 
-
99 
--#ifndef OPENSSL_NO_SRP
100 
-+#ifdef HAVE_SRP
101 
-     cfgMergeString(srp_vfile);
102 
-     cfgMergeString(srp_unknown_user_seed);
103 
- #endif
104 
-@@ -338,7 +336,7 @@
105 
-     cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);
106 
-     cfgMerge(proxy_ssl_check_peer_cn, SSL_ENABLED_UNSET);
107 
-     cfgMerge(proxy_ssl_check_peer_name, SSL_ENABLED_UNSET);
108 
--#ifndef OPENSSL_NO_TLSEXT
109 
-+#ifdef HAVE_TLSEXT
110 
-     cfgMerge(strict_sni_vhost_check, SSL_ENABLED_UNSET);
111 
- #endif
112 
- #ifdef HAVE_FIPS
113 
-@@ -645,6 +643,9 @@
114 
-     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
115 
-     SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
116 
-
117 
-+    /* always disable null and export ciphers */
118 
-+    arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL);
119 
-+
120 
-     if (cmd->path) {
121 
-         dc->szCipherSuite = arg;
122 
-     }
123 
-@@ -1384,6 +1385,9 @@
124 
- {
125 
-     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
126 
-
127 
-+    /* always disable null and export ciphers */
128 
-+    arg = apr_pstrcat(cmd->pool, "!aNULL:!eNULL:!EXP:", arg, NULL);
129 
-+
130 
-     sc->proxy->auth.cipher_suite = arg;
131 
-
132 
-     return NULL;
133 
-@@ -1645,7 +1649,7 @@
134 
-
135 
- const char  *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag)
136 
- {
137 
--#ifndef OPENSSL_NO_TLSEXT
138 
-+#ifdef HAVE_TLSEXT
139 
-     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
140 
-
141 
-     sc->strict_sni_vhost_check = flag ? SSL_ENABLED_TRUE : SSL_ENABLED_FALSE;
142 
-@@ -1804,7 +1808,7 @@
143 
-
144 
- #endif /* HAVE_OCSP_STAPLING */
145 
-
146 
--#ifndef OPENSSL_NO_SRP
147 
-+#ifdef HAVE_SRP
148 
-
149 
- const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg,
150 
-                                        const char *arg)
151 
-@@ -1828,7 +1832,7 @@
152 
-     return NULL;
153 
- }
154 
-
155 
--#endif /* OPENSSL_NO_SRP */
156 
-+#endif /* HAVE_SRP */
157 
-
158 
- void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
159 
- {
160 
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_dh.c httpd-2.4.6/modules/ssl/ssl_engine_dh.c
161 
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_dh.c	2013-10-01 12:20:45.777812063 +0200
162 
-+++ httpd-2.4.6/modules/ssl/ssl_engine_dh.c	2013-10-01 12:20:50.990746893 +0200
163 
-@@ -1,244 +0,0 @@
164 
--#if 0
165 
--=pod
166 
--#endif
167 
--
168 
--/* Licensed to the Apache Software Foundation (ASF) under one or more
169 
-- * contributor license agreements.  See the NOTICE file distributed with
170 
-- * this work for additional information regarding copyright ownership.
171 
-- * The ASF licenses this file to You under the Apache License, Version 2.0
172 
-- * (the "License"); you may not use this file except in compliance with
173 
-- * the License.  You may obtain a copy of the License at
174 
-- *
175 
-- *     http://www.apache.org/licenses/LICENSE-2.0
176 
-- *
177 
-- * Unless required by applicable law or agreed to in writing, software
178 
-- * distributed under the License is distributed on an "AS IS" BASIS,
179 
-- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
180 
-- * See the License for the specific language governing permissions and
181 
-- * limitations under the License.
182 
-- */
183 
--
184 
--/*                      _             _
185 
-- *  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
186 
-- * | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
187 
-- * | | | | | | (_) | (_| |   \__ \__ \ |
188 
-- * |_| |_| |_|\___/ \__,_|___|___/___/_|
189 
-- *                      |_____|
190 
-- * ssl_engine_dh.c
191 
-- * Diffie-Hellman Built-in Temporary Parameters
192 
-- */
193 
--
194 
--#include "ssl_private.h"
195 
--
196 
--/* ----BEGIN GENERATED SECTION-------- */
197 
--
198 
--/*
199 
--** Diffie-Hellman-Parameters: (512 bit)
200 
--**     prime:
201 
--**         00:9f:db:8b:8a:00:45:44:f0:04:5f:17:37:d0:ba:
202 
--**         2e:0b:27:4c:df:1a:9f:58:82:18:fb:43:53:16:a1:
203 
--**         6e:37:41:71:fd:19:d8:d8:f3:7c:39:bf:86:3f:d6:
204 
--**         0e:3e:30:06:80:a3:03:0c:6e:4c:37:57:d0:8f:70:
205 
--**         e6:aa:87:10:33
206 
--**     generator: 2 (0x2)
207 
--** Diffie-Hellman-Parameters: (1024 bit)
208 
--**     prime:
209 
--**         00:d6:7d:e4:40:cb:bb:dc:19:36:d6:93:d3:4a:fd:
210 
--**         0a:d5:0c:84:d2:39:a4:5f:52:0b:b8:81:74:cb:98:
211 
--**         bc:e9:51:84:9f:91:2e:63:9c:72:fb:13:b4:b4:d7:
212 
--**         17:7e:16:d5:5a:c1:79:ba:42:0b:2a:29:fe:32:4a:
213 
--**         46:7a:63:5e:81:ff:59:01:37:7b:ed:dc:fd:33:16:
214 
--**         8a:46:1a:ad:3b:72:da:e8:86:00:78:04:5b:07:a7:
215 
--**         db:ca:78:74:08:7d:15:10:ea:9f:cc:9d:dd:33:05:
216 
--**         07:dd:62:db:88:ae:aa:74:7d:e0:f4:d6:e2:bd:68:
217 
--**         b0:e7:39:3e:0f:24:21:8e:b3
218 
--**     generator: 2 (0x2)
219 
--*/
220 
--
221 
--static unsigned char dh512_p[] = {
222 
--    0x9F, 0xDB, 0x8B, 0x8A, 0x00, 0x45, 0x44, 0xF0, 0x04, 0x5F, 0x17, 0x37,
223 
--    0xD0, 0xBA, 0x2E, 0x0B, 0x27, 0x4C, 0xDF, 0x1A, 0x9F, 0x58, 0x82, 0x18,
224 
--    0xFB, 0x43, 0x53, 0x16, 0xA1, 0x6E, 0x37, 0x41, 0x71, 0xFD, 0x19, 0xD8,
225 
--    0xD8, 0xF3, 0x7C, 0x39, 0xBF, 0x86, 0x3F, 0xD6, 0x0E, 0x3E, 0x30, 0x06,
226 
--    0x80, 0xA3, 0x03, 0x0C, 0x6E, 0x4C, 0x37, 0x57, 0xD0, 0x8F, 0x70, 0xE6,
227 
--    0xAA, 0x87, 0x10, 0x33,
228 
--};
229 
--static unsigned char dh512_g[] = {
230 
--    0x02,
231 
--};
232 
--
233 
--static DH *get_dh512(void)
234 
--{
235 
--    DH *dh;
236 
--
237 
--    if (!(dh = DH_new())) {
238 
--        return NULL;
239 
--    }
240 
--
241 
--    dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
242 
--    dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
243 
--    if (!(dh->p && dh->g)) {
244 
--        DH_free(dh);
245 
--        return NULL;
246 
--    }
247 
--
248 
--    return dh;
249 
--}
250 
--
251 
--static unsigned char dh1024_p[] = {
252 
--    0xD6, 0x7D, 0xE4, 0x40, 0xCB, 0xBB, 0xDC, 0x19, 0x36, 0xD6, 0x93, 0xD3,
253 
--    0x4A, 0xFD, 0x0A, 0xD5, 0x0C, 0x84, 0xD2, 0x39, 0xA4, 0x5F, 0x52, 0x0B,
254 
--    0xB8, 0x81, 0x74, 0xCB, 0x98, 0xBC, 0xE9, 0x51, 0x84, 0x9F, 0x91, 0x2E,
255 
--    0x63, 0x9C, 0x72, 0xFB, 0x13, 0xB4, 0xB4, 0xD7, 0x17, 0x7E, 0x16, 0xD5,
256 
--    0x5A, 0xC1, 0x79, 0xBA, 0x42, 0x0B, 0x2A, 0x29, 0xFE, 0x32, 0x4A, 0x46,
257 
--    0x7A, 0x63, 0x5E, 0x81, 0xFF, 0x59, 0x01, 0x37, 0x7B, 0xED, 0xDC, 0xFD,
258 
--    0x33, 0x16, 0x8A, 0x46, 0x1A, 0xAD, 0x3B, 0x72, 0xDA, 0xE8, 0x86, 0x00,
259 
--    0x78, 0x04, 0x5B, 0x07, 0xA7, 0xDB, 0xCA, 0x78, 0x74, 0x08, 0x7D, 0x15,
260 
--    0x10, 0xEA, 0x9F, 0xCC, 0x9D, 0xDD, 0x33, 0x05, 0x07, 0xDD, 0x62, 0xDB,
261 
--    0x88, 0xAE, 0xAA, 0x74, 0x7D, 0xE0, 0xF4, 0xD6, 0xE2, 0xBD, 0x68, 0xB0,
262 
--    0xE7, 0x39, 0x3E, 0x0F, 0x24, 0x21, 0x8E, 0xB3,
263 
--};
264 
--static unsigned char dh1024_g[] = {
265 
--    0x02,
266 
--};
267 
--
268 
--static DH *get_dh1024(void)
269 
--{
270 
--    DH *dh;
271 
--
272 
--    if (!(dh = DH_new())) {
273 
--        return NULL;
274 
--    }
275 
--
276 
--    dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
277 
--    dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
278 
--    if (!(dh->p && dh->g)) {
279 
--        DH_free(dh);
280 
--        return NULL;
281 
--    }
282 
--
283 
--    return dh;
284 
--}
285 
--
286 
--/* ----END GENERATED SECTION---------- */
287 
--
288 
--DH *ssl_dh_GetTmpParam(int nKeyLen)
289 
--{
290 
--    DH *dh;
291 
--
292 
--    if (nKeyLen == 512)
293 
--        dh = get_dh512();
294 
--    else if (nKeyLen == 1024)
295 
--        dh = get_dh1024();
296 
--    else
297 
--        dh = get_dh1024();
298 
--    return dh;
299 
--}
300 
--
301 
--DH *ssl_dh_GetParamFromFile(char *file)
302 
--{
303 
--    DH *dh = NULL;
304 
--    BIO *bio;
305 
--
306 
--    if ((bio = BIO_new_file(file, "r")) == NULL)
307 
--        return NULL;
308 
--    dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
309 
--    BIO_free(bio);
310 
--    return (dh);
311 
--}
312 
--
313 
--/*
314 
--=cut
315 
--##
316 
--##  Embedded Perl script for generating the temporary DH parameters
317 
--##
318 
--
319 
--require 5.003;
320 
--use strict;
321 
--
322 
--#   configuration
323 
--my $file  = $0;
324 
--my $begin = '----BEGIN GENERATED SECTION--------';
325 
--my $end   = '----END GENERATED SECTION----------';
326 
--
327 
--#   read ourself and keep a backup
328 
--open(FP, "<$file") || die;
329 
--my $source = '';
330 
--$source .= $_ while (<FP>);
331 
--close(FP);
332 
--open(FP, ">$file.bak") || die;
333 
--print FP $source;
334 
--close(FP);
335 
--
336 
--#   generate the DH parameters
337 
--print "1. Generate 512 and 1024 bit Diffie-Hellman parameters (p, g)\n";
338 
--my $rand = '';
339 
--foreach $file (qw(/var/log/messages /var/adm/messages
340 
--                  /kernel /vmunix /vmlinuz /etc/hosts /etc/resolv.conf)) {
341 
--    if (-f $file) {
342 
--        $rand = $file     if ($rand eq '');
343 
--        $rand .= ":$file" if ($rand ne '');
344 
--    }
345 
--}
346 
--$rand = "-rand $rand" if ($rand ne '');
347 
--system("openssl gendh $rand -out dh512.pem 512");
348 
--system("openssl gendh $rand -out dh1024.pem 1024");
349 
--
350 
--#   generate DH param info
351 
--my $dhinfo = '';
352 
--open(FP, "openssl dh -noout -text -in dh512.pem |") || die;
353 
--$dhinfo .= $_ while (<FP>);
354 
--close(FP);
355 
--open(FP, "openssl dh -noout -text -in dh1024.pem |") || die;
356 
--$dhinfo .= $_ while (<FP>);
357 
--close(FP);
358 
--$dhinfo =~ s|^|** |mg;
359 
--$dhinfo = "\n\/\*\n$dhinfo\*\/\n\n";
360 
--
361 
--my $indent_args = "-i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1";
362 
--
363 
--#   generate C source from DH params
364 
--my $dhsource = '';
365 
--open(FP, "openssl dh -noout -C -in dh512.pem | indent $indent_args | expand |") || die;
366 
--$dhsource .= $_ while (<FP>);
367 
--close(FP);
368 
--open(FP, "openssl dh -noout -C -in dh1024.pem | indent $indent_args | expand |") || die;
369 
--$dhsource .= $_ while (<FP>);
370 
--close(FP);
371 
--$dhsource =~ s|(DH\s+\*get_dh)(\d+)[^}]*\n}|static $1$2(void)
372 
--{
373 
--    DH *dh;
374 
--
375 
--    if (!(dh = DH_new())) {
376 
--        return NULL;
377 
--    }
378 
--
379 
--    dh->p = BN_bin2bn(dh$2_p, sizeof(dh$2_p), NULL);
380 
--    dh->g = BN_bin2bn(dh$2_g, sizeof(dh$2_g), NULL);
381 
--    if (!(dh->p && dh->g)) {
382 
--        DH_free(dh);
383 
--        return NULL;
384 
--    }
385 
--
386 
--    return dh;
387 
--}
388 
--|sg;
389 
--
390 
--#   generate output
391 
--my $o = $dhinfo . $dhsource;
392 
--
393 
--#   insert the generated code at the target location
394 
--$source =~ s|(\/\* $begin.+?\n).*\n(.*?\/\* $end)|$1$o$2|s;
395 
--
396 
--#   and update the source on disk
397 
--print "Updating file `$file'\n";
398 
--open(FP, ">$file") || die;
399 
--print FP $source;
400 
--close(FP);
401 
--
402 
--#   cleanup
403 
--unlink("dh512.pem");
404 
--unlink("dh1024.pem");
405 
--
406 
--=pod
407 
--*/
408 
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_init.c httpd-2.4.6/modules/ssl/ssl_engine_init.c
409 
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_init.c	2013-10-01 12:20:45.777812063 +0200
410 
-+++ httpd-2.4.6/modules/ssl/ssl_engine_init.c	2013-10-01 12:20:50.990746893 +0200
411 
-@@ -35,7 +35,7 @@
412 
- **  _________________________________________________________________
413 
- */
414 
-
415 
--#ifndef OPENSSL_NO_EC
416 
-+#ifdef HAVE_ECC
417 
- #define KEYTYPES "RSA, DSA or ECC"
418 
- #else
419 
- #define KEYTYPES "RSA or DSA"
420 
-@@ -56,180 +56,6 @@
421 
-                  modver, AP_SERVER_BASEVERSION, incver);
422 
- }
423 
-
424 
--
425 
--/*
426 
-- * Handle the Temporary RSA Keys and DH Params
427 
-- */
428 
--
429 
--#define MODSSL_TMP_KEY_FREE(mc, type, idx) \
430 
--    if (mc->pTmpKeys[idx]) { \
431 
--        type##_free((type *)mc->pTmpKeys[idx]); \
432 
--        mc->pTmpKeys[idx] = NULL; \
433 
--    }
434 
--
435 
--#define MODSSL_TMP_KEYS_FREE(mc, type) \
436 
--    MODSSL_TMP_KEY_FREE(mc, type, SSL_TMP_KEY_##type##_512); \
437 
--    MODSSL_TMP_KEY_FREE(mc, type, SSL_TMP_KEY_##type##_1024)
438 
--
439 
--static void ssl_tmp_keys_free(server_rec *s)
440 
--{
441 
--    SSLModConfigRec *mc = myModConfig(s);
442 
--
443 
--    MODSSL_TMP_KEYS_FREE(mc, RSA);
444 
--    MODSSL_TMP_KEYS_FREE(mc, DH);
445 
--#ifndef OPENSSL_NO_EC
446 
--    MODSSL_TMP_KEY_FREE(mc, EC_KEY, SSL_TMP_KEY_EC_256);
447 
--#endif
448 
--}
449 
--
450 
--static int ssl_tmp_key_init_rsa(server_rec *s,
451 
--                                int bits, int idx)
452 
--{
453 
--    SSLModConfigRec *mc = myModConfig(s);
454 
--
455 
--#ifdef HAVE_FIPS
456 
--
457 
--    if (FIPS_mode() && bits < 1024) {
458 
--        mc->pTmpKeys[idx] = NULL;
459 
--        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01877)
460 
--                     "Init: Skipping generating temporary "
461 
--                     "%d bit RSA private key in FIPS mode", bits);
462 
--        return OK;
463 
--    }
464 
--
465 
--#endif
466 
--#ifdef HAVE_GENERATE_EX
467 
--    {
468 
--        RSA *tkey;
469 
--        BIGNUM *bn_f4;
470 
--        if (!(tkey = RSA_new())
471 
--          || !(bn_f4 = BN_new())
472 
--          || !BN_set_word(bn_f4, RSA_F4)
473 
--          || !RSA_generate_key_ex(tkey, bits, bn_f4, NULL))
474 
--        {
475 
--            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01878)
476 
--                         "Init: Failed to generate temporary "
477 
--                         "%d bit RSA private key", bits);
478 
--            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
479 
--            return !OK;
480 
--        }
481 
--        BN_free(bn_f4);
482 
--        mc->pTmpKeys[idx] = tkey;
483 
--    }
484 
--#else
485 
--    if (!(mc->pTmpKeys[idx] =
486 
--          RSA_generate_key(bits, RSA_F4, NULL, NULL)))
487 
--    {
488 
--        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01879)
489 
--                     "Init: Failed to generate temporary "
490 
--                     "%d bit RSA private key", bits);
491 
--        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
492 
--        return !OK;
493 
--    }
494 
--#endif
495 
--
496 
--    return OK;
497 
--}
498 
--
499 
--static int ssl_tmp_key_init_dh(server_rec *s,
500 
--                               int bits, int idx)
501 
--{
502 
--    SSLModConfigRec *mc = myModConfig(s);
503 
--
504 
--#ifdef HAVE_FIPS
505 
--
506 
--    if (FIPS_mode() && bits < 1024) {
507 
--        mc->pTmpKeys[idx] = NULL;
508 
--        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01880)
509 
--                     "Init: Skipping generating temporary "
510 
--                     "%d bit DH parameters in FIPS mode", bits);
511 
--        return OK;
512 
--    }
513 
--
514 
--#endif
515 
--
516 
--    if (!(mc->pTmpKeys[idx] =
517 
--          ssl_dh_GetTmpParam(bits)))
518 
--    {
519 
--        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01881)
520 
--                     "Init: Failed to generate temporary "
521 
--                     "%d bit DH parameters", bits);
522 
--        return !OK;
523 
--    }
524 
--
525 
--    return OK;
526 
--}
527 
--
528 
--#ifndef OPENSSL_NO_EC
529 
--static int ssl_tmp_key_init_ec(server_rec *s,
530 
--                               int bits, int idx)
531 
--{
532 
--    SSLModConfigRec *mc = myModConfig(s);
533 
--    EC_KEY *ecdh = NULL;
534 
--
535 
--    /* XXX: Are there any FIPS constraints we should enforce? */
536 
--
537 
--    if (bits != 256) {
538 
--        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02298)
539 
--                     "Init: Failed to generate temporary "
540 
--                     "%d bit EC parameters, only 256 bits supported", bits);
541 
--        return !OK;
542 
--    }
543 
--
544 
--    if ((ecdh = EC_KEY_new()) == NULL ||
545 
--        EC_KEY_set_group(ecdh, EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) != 1)
546 
--    {
547 
--        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02299)
548 
--                     "Init: Failed to generate temporary "
549 
--                     "%d bit EC parameters", bits);
550 
--        return !OK;
551 
--    }
552 
--
553 
--    mc->pTmpKeys[idx] = ecdh;
554 
--    return OK;
555 
--}
556 
--
557 
--#define MODSSL_TMP_KEY_INIT_EC(s, bits) \
558 
--    ssl_tmp_key_init_ec(s, bits, SSL_TMP_KEY_EC_##bits)
559 
--
560 
--#endif
561 
--
562 
--#define MODSSL_TMP_KEY_INIT_RSA(s, bits) \
563 
--    ssl_tmp_key_init_rsa(s, bits, SSL_TMP_KEY_RSA_##bits)
564 
--
565 
--#define MODSSL_TMP_KEY_INIT_DH(s, bits) \
566 
--    ssl_tmp_key_init_dh(s, bits, SSL_TMP_KEY_DH_##bits)
567 
--
568 
--static int ssl_tmp_keys_init(server_rec *s)
569 
--{
570 
--    ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
571 
--                 "Init: Generating temporary RSA private keys (512/1024 bits)");
572 
--
573 
--    if (MODSSL_TMP_KEY_INIT_RSA(s, 512) ||
574 
--        MODSSL_TMP_KEY_INIT_RSA(s, 1024)) {
575 
--        return !OK;
576 
--    }
577 
--
578 
--    ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
579 
--                 "Init: Generating temporary DH parameters (512/1024 bits)");
580 
--
581 
--    if (MODSSL_TMP_KEY_INIT_DH(s, 512) ||
582 
--        MODSSL_TMP_KEY_INIT_DH(s, 1024)) {
583 
--        return !OK;
584 
--    }
585 
--
586 
--#ifndef OPENSSL_NO_EC
587 
--    ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
588 
--                 "Init: Generating temporary EC parameters (256 bits)");
589 
--
590 
--    if (MODSSL_TMP_KEY_INIT_EC(s, 256)) {
591 
--        return !OK;
592 
--    }
593 
--#endif
594 
--
595 
--    return OK;
596 
--}
597 
--
598 
- /*
599 
-  *  Per-module initialization
600 
-  */
601 
-@@ -367,10 +193,6 @@
602 
-      */
603 
-     ssl_pphrase_Handle(base_server, ptemp);
604 
-
605 
--    if (ssl_tmp_keys_init(base_server)) {
606 
--        return !OK;
607 
--    }
608 
--
609 
-     /*
610 
-      * initialize the mutex handling
611 
-      */
612 
-@@ -481,7 +303,7 @@
613 
-      */
614 
-     if (mctx->pks->certs[SSL_AIDX_RSA] ||
615 
-         mctx->pks->certs[SSL_AIDX_DSA]
616 
--#ifndef OPENSSL_NO_EC
617 
-+#ifdef HAVE_ECC
618 
-       || mctx->pks->certs[SSL_AIDX_ECC]
619 
- #endif
620 
-         )
621 
-@@ -493,7 +315,7 @@
622 
-     }
623 
- }
624 
-
625 
--#ifndef OPENSSL_NO_TLSEXT
626 
-+#ifdef HAVE_TLSEXT
627 
- static void ssl_init_ctx_tls_extensions(server_rec *s,
628 
-                                         apr_pool_t *p,
629 
-                                         apr_pool_t *ptemp,
630 
-@@ -527,7 +349,7 @@
631 
-     }
632 
- #endif
633 
-
634 
--#ifndef OPENSSL_NO_SRP
635 
-+#ifdef HAVE_SRP
636 
-     /*
637 
-      * TLS-SRP support
638 
-      */
639 
-@@ -660,7 +482,7 @@
640 
- #ifdef SSL_OP_NO_COMPRESSION
641 
-         /* OpenSSL >= 1.0 only */
642 
-         SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
643 
--#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
644 
-+#else
645 
-         sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
646 
- #endif
647 
-     }
648 
-@@ -678,6 +500,9 @@
649 
-      * Configure additional context ingredients
650 
-      */
651 
-     SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
652 
-+#ifdef HAVE_ECC
653 
-+    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
654 
-+#endif
655 
-
656 
- #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
657 
-     /*
658 
-@@ -718,11 +543,7 @@
659 
- {
660 
-     SSL_CTX *ctx = mctx->ssl_ctx;
661 
-
662 
--    SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
663 
-     SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
664 
--#ifndef OPENSSL_NO_EC
665 
--    SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH);
666 
--#endif
667 
-
668 
-     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
669 
- }
670 
-@@ -818,14 +639,16 @@
671 
-                                       modssl_ctx_t *mctx)
672 
- {
673 
-     SSL_CTX *ctx = mctx->ssl_ctx;
674 
--    const char *suite = mctx->auth.cipher_suite;
675 
-+    const char *suite;
676 
-
677 
-     /*
678 
--     *  Configure SSL Cipher Suite
679 
-+     *  Configure SSL Cipher Suite. Always disable NULL and export ciphers,
680 
-+     *  see also ssl_engine_config.c:ssl_cmd_SSLCipherSuite().
681 
-+     *  OpenSSL's SSL_DEFAULT_CIPHER_LIST already includes !aNULL:!eNULL,
682 
-+     *  so only prepend !EXP in this case.
683 
-      */
684 
--    if (!suite) {
685 
--        return;
686 
--    }
687 
-+    suite = mctx->auth.cipher_suite ? mctx->auth.cipher_suite :
688 
-+            apr_pstrcat(ptemp, "!EXP:", SSL_DEFAULT_CIPHER_LIST, NULL);
689 
-
690 
-     ap_log_error(APLOG_MARK, APLOG_TRACE1, 0, s,
691 
-                  "Configuring permitted SSL ciphers [%s]",
692 
-@@ -988,7 +811,7 @@
693 
-     if (mctx->pks) {
694 
-         /* XXX: proxy support? */
695 
-         ssl_init_ctx_cert_chain(s, p, ptemp, mctx);
696 
--#ifndef OPENSSL_NO_TLSEXT
697 
-+#ifdef HAVE_TLSEXT
698 
-         ssl_init_ctx_tls_extensions(s, p, ptemp, mctx);
699 
- #endif
700 
-     }
701 
-@@ -1001,7 +824,7 @@
702 
- {
703 
-     SSLModConfigRec *mc = myModConfig(s);
704 
-     ssl_asn1_t *asn1;
705 
--    MODSSL_D2I_X509_CONST unsigned char *ptr;
706 
-+    const unsigned char *ptr;
707 
-     const char *type = ssl_asn1_keystr(idx);
708 
-     X509 *cert;
709 
-
710 
-@@ -1048,12 +871,12 @@
711 
- {
712 
-     SSLModConfigRec *mc = myModConfig(s);
713 
-     ssl_asn1_t *asn1;
714 
--    MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;
715 
-+    const unsigned char *ptr;
716 
-     const char *type = ssl_asn1_keystr(idx);
717 
-     int pkey_type;
718 
-     EVP_PKEY *pkey;
719 
-
720 
--#ifndef OPENSSL_NO_EC
721 
-+#ifdef HAVE_ECC
722 
-     if (idx == SSL_AIDX_ECC)
723 
-       pkey_type = EVP_PKEY_EC;
724 
-     else
725 
-@@ -1157,30 +980,34 @@
726 
-                                   modssl_ctx_t *mctx)
727 
- {
728 
-     const char *rsa_id, *dsa_id;
729 
--#ifndef OPENSSL_NO_EC
730 
-+#ifdef HAVE_ECC
731 
-     const char *ecc_id;
732 
-+    EC_GROUP *ecparams;
733 
-+    int nid;
734 
-+    EC_KEY *eckey;
735 
- #endif
736 
-     const char *vhost_id = mctx->sc->vhost_id;
737 
-     int i;
738 
-     int have_rsa, have_dsa;
739 
--#ifndef OPENSSL_NO_EC
740 
-+    DH *dhparams;
741 
-+#ifdef HAVE_ECC
742 
-     int have_ecc;
743 
- #endif
744 
-
745 
-     rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
746 
-     dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
747 
--#ifndef OPENSSL_NO_EC
748 
-+#ifdef HAVE_ECC
749 
-     ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC);
750 
- #endif
751 
-
752 
-     have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
753 
-     have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
754 
--#ifndef OPENSSL_NO_EC
755 
-+#ifdef HAVE_ECC
756 
-     have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC);
757 
- #endif
758 
-
759 
-     if (!(have_rsa || have_dsa
760 
--#ifndef OPENSSL_NO_EC
761 
-+#ifdef HAVE_ECC
762 
-         || have_ecc
763 
- #endif
764 
- )) {
765 
-@@ -1196,12 +1023,12 @@
766 
-
767 
-     have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
768 
-     have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
769 
--#ifndef OPENSSL_NO_EC
770 
-+#ifdef HAVE_ECC
771 
-     have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC);
772 
- #endif
773 
-
774 
-     if (!(have_rsa || have_dsa
775 
--#ifndef OPENSSL_NO_EC
776 
-+#ifdef HAVE_ECC
777 
-         || have_ecc
778 
- #endif
779 
-           )) {
780 
-@@ -1209,6 +1036,40 @@
781 
-                 "Oops, no " KEYTYPES " server private key found?!");
782 
-         ssl_die(s);
783 
-     }
784 
-+
785 
-+    /*
786 
-+     * Try to read DH parameters from the (first) SSLCertificateFile
787 
-+     */
788 
-+    if ((mctx->pks->cert_files[0] != NULL) &&
789 
-+        (dhparams = ssl_dh_GetParamFromFile(mctx->pks->cert_files[0]))) {
790 
-+        SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams);
791 
-+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
792 
-+                     "Custom DH parameters (%d bits) for %s loaded from %s",
793 
-+                     BN_num_bits(dhparams->p), vhost_id,
794 
-+                     mctx->pks->cert_files[0]);
795 
-+    }
796 
-+
797 
-+#ifdef HAVE_ECC
798 
-+    /*
799 
-+     * Similarly, try to read the ECDH curve name from SSLCertificateFile...
800 
-+     */
801 
-+    if ((mctx->pks->cert_files[0] != NULL) &&
802 
-+        (ecparams = ssl_ec_GetParamFromFile(mctx->pks->cert_files[0])) &&
803 
-+        (nid = EC_GROUP_get_curve_name(ecparams)) &&
804 
-+        (eckey = EC_KEY_new_by_curve_name(nid))) {
805 
-+        SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
806 
-+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541)
807 
-+                     "ECDH curve %s for %s specified in %s",
808 
-+                     OBJ_nid2sn(nid), vhost_id, mctx->pks->cert_files[0]);
809 
-+    }
810 
-+    /*
811 
-+     * ...otherwise, configure NIST P-256 (required to enable ECDHE)
812 
-+     */
813 
-+    else {
814 
-+        SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
815 
-+                             EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
816 
-+    }
817 
-+#endif
818 
- }
819 
-
820 
- #ifdef HAVE_TLS_SESSION_TICKETS
821 
-@@ -1516,7 +1377,7 @@
822 
-         klen = strlen(key);
823 
-
824 
-         if ((ps = (server_rec *)apr_hash_get(table, key, klen))) {
825 
--#ifdef OPENSSL_NO_TLSEXT
826 
-+#ifndef HAVE_TLSEXT
827 
-             int level = APLOG_WARNING;
828 
-             const char *problem = "conflict";
829 
- #else
830 
-@@ -1540,7 +1401,7 @@
831 
-     }
832 
-
833 
-     if (conflict) {
834 
--#ifdef OPENSSL_NO_TLSEXT
835 
-+#ifndef HAVE_TLSEXT
836 
-         ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01917)
837 
-                      "Init: You should not use name-based "
838 
-                      "virtual hosts in conjunction with SSL!!");
839 
-@@ -1689,7 +1550,7 @@
840 
- {
841 
-     MODSSL_CFG_ITEM_FREE(SSL_CTX_free, mctx->ssl_ctx);
842 
-
843 
--#ifndef OPENSSL_NO_SRP
844 
-+#ifdef HAVE_SRP
845 
-     if (mctx->srp_vbase != NULL) {
846 
-         SRP_VBASE_free(mctx->srp_vbase);
847 
-         mctx->srp_vbase = NULL;
848 
-@@ -1745,11 +1606,6 @@
849 
-     ssl_scache_kill(base_server);
850 
-
851 
-     /*
852 
--     * Destroy the temporary keys and params
853 
--     */
854 
--    ssl_tmp_keys_free(base_server);
855 
--
856 
--    /*
857 
-      * Free the non-pool allocated structures
858 
-      * in the per-server configurations
859 
-      */
860 
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_io.c httpd-2.4.6/modules/ssl/ssl_engine_io.c
861 
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_io.c	2013-10-01 12:20:45.775812088 +0200
862 
-+++ httpd-2.4.6/modules/ssl/ssl_engine_io.c	2013-10-01 12:20:50.991746880 +0200
863 
-@@ -1048,7 +1048,7 @@
864 
-
865 
-     server = sslconn->server;
866 
-     if (sslconn->is_proxy) {
867 
--#ifndef OPENSSL_NO_TLSEXT
868 
-+#ifdef HAVE_TLSEXT
869 
-         apr_ipsubnet_t *ip;
870 
- #endif
871 
-         const char *hostname_note = apr_table_get(c->notes,
872 
-@@ -1056,7 +1056,7 @@
873 
-         BOOL proxy_ssl_check_peer_ok = TRUE;
874 
-         sc = mySrvConfig(server);
875 
-
876 
--#ifndef OPENSSL_NO_TLSEXT
877 
-+#ifdef HAVE_TLSEXT
878 
-         /*
879 
-          * Enable SNI for backend requests. Make sure we don't do it for
880 
-          * pure SSLv3 connections, and also prevent IP addresses
881 
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_kernel.c httpd-2.4.6/modules/ssl/ssl_engine_kernel.c
882 
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_kernel.c	2013-10-01 12:20:45.776812076 +0200
883 
-+++ httpd-2.4.6/modules/ssl/ssl_engine_kernel.c	2013-10-01 12:20:50.992746868 +0200
884 
-@@ -32,7 +32,7 @@
885 
- #include "util_md5.h"
886 
-
887 
- static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
888 
--#ifndef OPENSSL_NO_TLSEXT
889 
-+#ifdef HAVE_TLSEXT
890 
- static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s);
891 
- #endif
892 
-
893 
-@@ -119,7 +119,7 @@
894 
-     SSLSrvConfigRec *sc = mySrvConfig(r->server);
895 
-     SSLConnRec *sslconn;
896 
-     const char *upgrade;
897 
--#ifndef OPENSSL_NO_TLSEXT
898 
-+#ifdef HAVE_TLSEXT
899 
-     const char *servername;
900 
- #endif
901 
-     SSL *ssl;
902 
-@@ -162,7 +162,7 @@
903 
-     if (!ssl) {
904 
-         return DECLINED;
905 
-     }
906 
--#ifndef OPENSSL_NO_TLSEXT
907 
-+#ifdef HAVE_TLSEXT
908 
-     if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
909 
-         char *host, *scope_id;
910 
-         apr_port_t port;
911 
-@@ -329,7 +329,7 @@
912 
-         return DECLINED;
913 
-     }
914 
-
915 
--#ifndef OPENSSL_NO_SRP
916 
-+#ifdef HAVE_SRP
917 
-     /*
918 
-      * Support for per-directory reconfigured SSL connection parameters
919 
-      *
920 
-@@ -1101,7 +1101,7 @@
921 
-     "SSL_SERVER_A_SIG",
922 
-     "SSL_SESSION_ID",
923 
-     "SSL_SESSION_RESUMED",
924 
--#ifndef OPENSSL_NO_SRP
925 
-+#ifdef HAVE_SRP
926 
-     "SSL_SRP_USER",
927 
-     "SSL_SRP_USERINFO",
928 
- #endif
929 
-@@ -1115,7 +1115,7 @@
930 
-     SSLDirConfigRec *dc = myDirConfig(r);
931 
-     apr_table_t *env = r->subprocess_env;
932 
-     char *var, *val = "";
933 
--#ifndef OPENSSL_NO_TLSEXT
934 
-+#ifdef HAVE_TLSEXT
935 
-     const char *servername;
936 
- #endif
937 
-     STACK_OF(X509) *peer_certs;
938 
-@@ -1144,7 +1144,7 @@
939 
-     /* the always present HTTPS (=HTTP over SSL) flag! */
940 
-     apr_table_setn(env, "HTTPS", "on");
941 
-
942 
--#ifndef OPENSSL_NO_TLSEXT
943 
-+#ifdef HAVE_TLSEXT
944 
-     /* add content of SNI TLS extension (if supplied with ClientHello) */
945 
-     if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
946 
-         apr_table_set(env, "SSL_TLS_SNI", servername);
947 
-@@ -1287,117 +1287,70 @@
948 
- */
949 
-
950 
- /*
951 
-- * Handle out temporary RSA private keys on demand
952 
-- *
953 
-- * The background of this as the TLSv1 standard explains it:
954 
-- *
955 
-- * | D.1. Temporary RSA keys
956 
-- * |
957 
-- * |    US Export restrictions limit RSA keys used for encryption to 512
958 
-- * |    bits, but do not place any limit on lengths of RSA keys used for
959 
-- * |    signing operations. Certificates often need to be larger than 512
960 
-- * |    bits, since 512-bit RSA keys are not secure enough for high-value
961 
-- * |    transactions or for applications requiring long-term security. Some
962 
-- * |    certificates are also designated signing-only, in which case they
963 
-- * |    cannot be used for key exchange.
964 
-- * |
965 
-- * |    When the public key in the certificate cannot be used for encryption,
966 
-- * |    the server signs a temporary RSA key, which is then exchanged. In
967 
-- * |    exportable applications, the temporary RSA key should be the maximum
968 
-- * |    allowable length (i.e., 512 bits). Because 512-bit RSA keys are
969 
-- * |    relatively insecure, they should be changed often. For typical
970 
-- * |    electronic commerce applications, it is suggested that keys be
971 
-- * |    changed daily or every 500 transactions, and more often if possible.
972 
-- * |    Note that while it is acceptable to use the same temporary key for
973 
-- * |    multiple transactions, it must be signed each time it is used.
974 
-- * |
975 
-- * |    RSA key generation is a time-consuming process. In many cases, a
976 
-- * |    low-priority process can be assigned the task of key generation.
977 
-- * |    Whenever a new key is completed, the existing temporary key can be
978 
-- * |    replaced with the new one.
979 
-- *
980 
-- * XXX: base on comment above, if thread support is enabled,
981 
-- * we should spawn a low-priority thread to generate new keys
982 
-- * on the fly.
983 
-- *
984 
-- * So we generated 512 and 1024 bit temporary keys on startup
985 
-- * which we now just hand out on demand....
986 
-+ * Grab well-defined DH parameters from OpenSSL, see <openssl/bn.h>
987 
-+ * (get_rfc*) for all available primes.
988 
-  */
989 
--
990 
--RSA *ssl_callback_TmpRSA(SSL *ssl, int export, int keylen)
991 
--{
992 
--    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
993 
--    SSLModConfigRec *mc = myModConfigFromConn(c);
994 
--    int idx;
995 
--
996 
--    ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
997 
--                  "handing out temporary %d bit RSA key", keylen);
998 
--
999 
--    /* doesn't matter if export flag is on,
1000 
--     * we won't be asked for keylen > 512 in that case.
1001 
--     * if we are asked for a keylen > 1024, it is too expensive
1002 
--     * to generate on the fly.
1003 
--     * XXX: any reason not to generate 2048 bit keys at startup?
1004 
--     */
1005 
--
1006 
--    switch (keylen) {
1007 
--      case 512:
1008 
--        idx = SSL_TMP_KEY_RSA_512;
1009 
--        break;
1010 
--
1011 
--      case 1024:
1012 
--      default:
1013 
--        idx = SSL_TMP_KEY_RSA_1024;
1014 
--    }
1015 
--
1016 
--    return (RSA *)mc->pTmpKeys[idx];
1017 
-+#define make_get_dh(rfc,size,gen) \
1018 
-+static DH *get_dh##size(void) \
1019 
-+{ \
1020 
-+    DH *dh; \
1021 
-+    if (!(dh = DH_new())) { \
1022 
-+        return NULL; \
1023 
-+    } \
1024 
-+    dh->p = get_##rfc##_prime_##size(NULL); \
1025 
-+    BN_dec2bn(&dh->g, #gen); \
1026 
-+    if (!dh->p || !dh->g) { \
1027 
-+        DH_free(dh); \
1028 
-+        return NULL; \
1029 
-+    } \
1030 
-+    return dh; \
1031 
- }
1032 
-
1033 
- /*
1034 
-- * Hand out the already generated DH parameters...
1035 
-+ * Prepare DH parameters from 1024 to 4096 bits, in 1024-bit increments
1036 
-+ */
1037 
-+make_get_dh(rfc2409, 1024, 2)
1038 
-+make_get_dh(rfc3526, 2048, 2)
1039 
-+make_get_dh(rfc3526, 3072, 2)
1040 
-+make_get_dh(rfc3526, 4096, 2)
1041 
-+
1042 
-+/*
1043 
-+ * Hand out standard DH parameters, based on the authentication strength
1044 
-  */
1045 
- DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
1046 
- {
1047 
-     conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
1048 
--    SSLModConfigRec *mc = myModConfigFromConn(c);
1049 
--    int idx;
1050 
--
1051 
--    ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
1052 
--                  "handing out temporary %d bit DH key", keylen);
1053 
-+    EVP_PKEY *pkey = SSL_get_privatekey(ssl);
1054 
-+    int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
1055 
-
1056 
--    switch (keylen) {
1057 
--      case 512:
1058 
--        idx = SSL_TMP_KEY_DH_512;
1059 
--        break;
1060 
--
1061 
--      case 1024:
1062 
--      default:
1063 
--        idx = SSL_TMP_KEY_DH_1024;
1064 
-+    /*
1065 
-+     * OpenSSL will call us with either keylen == 512 or keylen == 1024
1066 
-+     * (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
1067 
-+     * Adjust the DH parameter length according to the size of the
1068 
-+     * RSA/DSA private key used for the current connection, and always
1069 
-+     * use at least 1024-bit parameters.
1070 
-+     * Note: This may cause interoperability issues with implementations
1071 
-+     * which limit their DH support to 1024 bit - e.g. Java 7 and earlier.
1072 
-+     * In this case, SSLCertificateFile can be used to specify fixed
1073 
-+     * 1024-bit DH parameters (with the effect that OpenSSL skips this
1074 
-+     * callback).
1075 
-+     */
1076 
-+    if ((type == EVP_PKEY_RSA) || (type == EVP_PKEY_DSA)) {
1077 
-+        keylen = EVP_PKEY_bits(pkey);
1078 
-     }
1079 
-
1080 
--    return (DH *)mc->pTmpKeys[idx];
1081 
--}
1082 
--
1083 
--#ifndef OPENSSL_NO_EC
1084 
--EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen)
1085 
--{
1086 
--    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
1087 
--    SSLModConfigRec *mc = myModConfigFromConn(c);
1088 
--    int idx;
1089 
--
1090 
--    /* XXX Uses 256-bit key for now. TODO: support other sizes. */
1091 
-     ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
1092 
--                  "handing out temporary 256 bit ECC key");
1093 
-+                  "handing out built-in DH parameters for %d-bit authenticated connection", keylen);
1094 
-
1095 
--    switch (keylen) {
1096 
--      case 256:
1097 
--      default:
1098 
--        idx = SSL_TMP_KEY_EC_256;
1099 
--    }
1100 
--
1101 
--    return (EC_KEY *)mc->pTmpKeys[idx];
1102 
-+    if (keylen >= 4096)
1103 
-+        return get_dh4096();
1104 
-+    else if (keylen >= 3072)
1105 
-+        return get_dh3072();
1106 
-+    else if (keylen >= 2048)
1107 
-+        return get_dh2048();
1108 
-+    else
1109 
-+        return get_dh1024();
1110 
- }
1111 
--#endif
1112 
-
1113 
- /*
1114 
-  * This OpenSSL callback function is called when OpenSSL
1115 
-@@ -1938,7 +1891,7 @@
1116 
-     }
1117 
- }
1118 
-
1119 
--#ifndef OPENSSL_NO_TLSEXT
1120 
-+#ifdef HAVE_TLSEXT
1121 
- /*
1122 
-  * This callback function is executed when OpenSSL encounters an extended
1123 
-  * client hello with a server name indication extension ("SNI", cf. RFC 4366).
1124 
-@@ -2089,7 +2042,7 @@
1125 
-
1126 
-     return 0;
1127 
- }
1128 
--#endif /* OPENSSL_NO_TLSEXT */
1129 
-+#endif /* HAVE_TLSEXT */
1130 
-
1131 
- #ifdef HAVE_TLS_SESSION_TICKETS
1132 
- /*
1133 
-@@ -2161,7 +2114,7 @@
1134 
- }
1135 
- #endif /* HAVE_TLS_SESSION_TICKETS */
1136 
-
1137 
--#ifndef OPENSSL_NO_SRP
1138 
-+#ifdef HAVE_SRP
1139 
-
1140 
- int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
1141 
- {
1142 
-@@ -2185,4 +2138,4 @@
1143 
-     return SSL_ERROR_NONE;
1144 
- }
1145 
-
1146 
--#endif /* OPENSSL_NO_SRP */
1147 
-+#endif /* HAVE_SRP */
1148 
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_pphrase.c httpd-2.4.6/modules/ssl/ssl_engine_pphrase.c
1149 
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_pphrase.c	2013-10-01 12:20:45.777812063 +0200
1150 
-+++ httpd-2.4.6/modules/ssl/ssl_engine_pphrase.c	2013-10-01 12:20:50.992746868 +0200
1151 
-@@ -708,7 +708,7 @@
1152 
-                     ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01966)
1153 
-                                  "Init: Failed to create pass phrase pipe '%s'",
1154 
-                                  sc->server->pphrase_dialog_path);
1155 
--                    PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1156 
-+                    PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1157 
-                     memset(buf, 0, (unsigned int)bufsize);
1158 
-                     return (-1);
1159 
-                 }
1160 
-@@ -718,7 +718,7 @@
1161 
-         }
1162 
-         else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */
1163 
- #ifdef WIN32
1164 
--            PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1165 
-+            PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1166 
-             memset(buf, 0, (unsigned int)bufsize);
1167 
-             return (-1);
1168 
- #else
1169 
-@@ -769,7 +769,7 @@
1170 
-                 i = EVP_read_pw_string(buf, bufsize, "", FALSE);
1171 
-             }
1172 
-             if (i != 0) {
1173 
--                PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1174 
-+                PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
1175 
-                 memset(buf, 0, (unsigned int)bufsize);
1176 
-                 return (-1);
1177 
-             }
1178 
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_engine_vars.c httpd-2.4.6/modules/ssl/ssl_engine_vars.c
1179 
---- httpd-2.4.6-orig/modules/ssl/ssl_engine_vars.c	2013-10-01 12:20:45.775812088 +0200
1180 
-+++ httpd-2.4.6/modules/ssl/ssl_engine_vars.c	2013-10-01 12:20:50.992746868 +0200
1181 
-@@ -382,7 +382,7 @@
1182 
-     else if (ssl != NULL && strcEQ(var, "COMPRESS_METHOD")) {
1183 
-         result = ssl_var_lookup_ssl_compress_meth(ssl);
1184 
-     }
1185 
--#ifndef OPENSSL_NO_TLSEXT
1186 
-+#ifdef HAVE_TLSEXT
1187 
-     else if (ssl != NULL && strcEQ(var, "TLS_SNI")) {
1188 
-         result = apr_pstrdup(p, SSL_get_servername(ssl,
1189 
-                                                    TLSEXT_NAMETYPE_host_name));
1190 
-@@ -395,7 +395,7 @@
1191 
- #endif
1192 
-         result = apr_pstrdup(p, flag ? "true" : "false");
1193 
-     }
1194 
--#ifndef OPENSSL_NO_SRP
1195 
-+#ifdef HAVE_SRP
1196 
-     else if (ssl != NULL && strcEQ(var, "SRP_USER")) {
1197 
-         if ((result = SSL_get_srp_username(ssl)) != NULL) {
1198 
-             result = apr_pstrdup(p, result);
1199 
-@@ -879,7 +879,7 @@
1200 
-  * success and writes the string to the given bio. */
1201 
- static int dump_extn_value(BIO *bio, ASN1_OCTET_STRING *str)
1202 
- {
1203 
--    MODSSL_D2I_ASN1_type_bytes_CONST unsigned char *pp = str->data;
1204 
-+    const unsigned char *pp = str->data;
1205 
-     ASN1_STRING *ret = ASN1_STRING_new();
1206 
-     int rv = 0;
1207 
-
1208 
-@@ -975,7 +975,7 @@
1209 
- static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl)
1210 
- {
1211 
-     char *result = "NULL";
1212 
--#if (OPENSSL_VERSION_NUMBER >= 0x00908000) && !defined(OPENSSL_NO_COMP)
1213 
-+#ifndef OPENSSL_NO_COMP
1214 
-     SSL_SESSION *pSession = SSL_get_session(ssl);
1215 
-
1216 
-     if (pSession) {
1217 
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_private.h httpd-2.4.6/modules/ssl/ssl_private.h
1218 
---- httpd-2.4.6-orig/modules/ssl/ssl_private.h	2013-10-01 12:20:45.774812101 +0200
1219 
-+++ httpd-2.4.6/modules/ssl/ssl_private.h	2013-10-01 12:20:50.993746855 +0200
1220 
-@@ -105,65 +105,55 @@
1221 
- #include <openssl/engine.h>
1222 
- #endif
1223 
-
1224 
--#if (OPENSSL_VERSION_NUMBER < 0x0090700f)
1225 
--#error mod_ssl requires OpenSSL 0.9.7 or later
1226 
--#endif
1227 
--
1228 
--/* ...shifting sands of OpenSSL... */
1229 
--#if (OPENSSL_VERSION_NUMBER >= 0x0090707f)
1230 
--#define MODSSL_D2I_SSL_SESSION_CONST const
1231 
--#else
1232 
--#define MODSSL_D2I_SSL_SESSION_CONST
1233 
--#endif
1234 
--
1235 
--#if (OPENSSL_VERSION_NUMBER >= 0x00908000)
1236 
--#define HAVE_GENERATE_EX
1237 
--#define MODSSL_D2I_ASN1_type_bytes_CONST const
1238 
--#define MODSSL_D2I_PrivateKey_CONST const
1239 
--#define MODSSL_D2I_X509_CONST const
1240 
--#else
1241 
--#define MODSSL_D2I_ASN1_type_bytes_CONST
1242 
--#define MODSSL_D2I_PrivateKey_CONST
1243 
--#define MODSSL_D2I_X509_CONST
1244 
--#endif
1245 
--
1246 
--#if OPENSSL_VERSION_NUMBER >= 0x00908080 && !defined(OPENSSL_NO_OCSP) \
1247 
--    && !defined(OPENSSL_NO_TLSEXT)
1248 
--#define HAVE_OCSP_STAPLING
1249 
--#if (OPENSSL_VERSION_NUMBER < 0x10000000)
1250 
--#define sk_OPENSSL_STRING_pop sk_pop
1251 
--#endif
1252 
--#endif
1253 
--
1254 
--#if (OPENSSL_VERSION_NUMBER >= 0x009080a0) && defined(OPENSSL_FIPS)
1255 
--#define HAVE_FIPS
1256 
-+#if (OPENSSL_VERSION_NUMBER < 0x0090801f)
1257 
-+#error mod_ssl requires OpenSSL 0.9.8a or later
1258 
- #endif
1259 
-
1260 
-+/**
1261 
-+ * ...shifting sands of OpenSSL...
1262 
-+ * Note: when adding support for new OpenSSL features, avoid explicit
1263 
-+ * version number checks whenever possible, and use "feature-based"
1264 
-+ * detection instead (check for definitions of constants or functions)
1265 
-+ */
1266 
- #if (OPENSSL_VERSION_NUMBER >= 0x10000000)
1267 
- #define MODSSL_SSL_CIPHER_CONST const
1268 
- #define MODSSL_SSL_METHOD_CONST const
1269 
- #else
1270 
- #define MODSSL_SSL_CIPHER_CONST
1271 
- #define MODSSL_SSL_METHOD_CONST
1272 
--/* ECC support came along in OpenSSL 1.0.0 */
1273 
--#define OPENSSL_NO_EC
1274 
- #endif
1275 
-
1276 
--#ifndef PEM_F_DEF_CALLBACK
1277 
--#ifdef PEM_F_PEM_DEF_CALLBACK
1278 
--/** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
1279 
--#define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
1280 
-+#if defined(OPENSSL_FIPS)
1281 
-+#define HAVE_FIPS
1282 
- #endif
1283 
-+
1284 
-+#if defined(SSL_OP_NO_TLSv1_2)
1285 
-+#define HAVE_TLSV1_X
1286 
- #endif
1287 
-
1288 
--#ifndef OPENSSL_NO_TLSEXT
1289 
--#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
1290 
--#define OPENSSL_NO_TLSEXT
1291 
-+/**
1292 
-+  * The following features all depend on TLS extension support.
1293 
-+  * Within this block, check again for features (not version numbers).
1294 
-+  */
1295 
-+#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)
1296 
-+
1297 
-+#define HAVE_TLSEXT
1298 
-+
1299 
-+/* ECC: make sure we have at least 1.0.0 */
1300 
-+#if !defined(OPENSSL_NO_EC) && defined(TLSEXT_ECPOINTFORMAT_uncompressed)
1301 
-+#define HAVE_ECC
1302 
-+#endif
1303 
-+
1304 
-+/* OCSP stapling */
1305 
-+#if !defined(OPENSSL_NO_OCSP) && defined(SSL_CTX_set_tlsext_status_cb)
1306 
-+#define HAVE_OCSP_STAPLING
1307 
-+#ifndef sk_OPENSSL_STRING_pop
1308 
-+#define sk_OPENSSL_STRING_pop sk_pop
1309 
- #endif
1310 
- #endif
1311 
-
1312 
--#ifndef OPENSSL_NO_TLSEXT
1313 
--#ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
1314 
-+/* TLS session tickets */
1315 
-+#if defined(SSL_CTX_set_tlsext_ticket_key_cb)
1316 
- #define HAVE_TLS_SESSION_TICKETS
1317 
- #define TLSEXT_TICKET_KEY_LEN 48
1318 
- #ifndef tlsext_tick_md
1319 
-@@ -174,26 +164,15 @@
1320 
- #endif
1321 
- #endif
1322 
- #endif
1323 
--#endif
1324 
-
1325 
--#ifdef SSL_OP_NO_TLSv1_2
1326 
--#define HAVE_TLSV1_X
1327 
--#endif
1328 
--
1329 
--#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
1330 
--    && OPENSSL_VERSION_NUMBER < 0x00908000L
1331 
--#define OPENSSL_NO_COMP
1332 
--#endif
1333 
--
1334 
--/* SRP support came in OpenSSL 1.0.1 */
1335 
--#ifndef OPENSSL_NO_SRP
1336 
--#ifdef SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
1337 
-+/* Secure Remote Password */
1338 
-+#if !defined(OPENSSL_NO_SRP) && defined(SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB)
1339 
-+#define HAVE_SRP
1340 
- #include <openssl/srp.h>
1341 
--#else
1342 
--#define OPENSSL_NO_SRP
1343 
--#endif
1344 
- #endif
1345 
-
1346 
-+#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
1347 
-+
1348 
- /* mod_ssl headers */
1349 
- #include "ssl_util_ssl.h"
1350 
-
1351 
-@@ -287,7 +266,7 @@
1352 
- #define SSL_ALGO_UNKNOWN (0)
1353 
- #define SSL_ALGO_RSA     (1<<0)
1354 
- #define SSL_ALGO_DSA     (1<<1)
1355 
--#ifndef OPENSSL_NO_EC
1356 
-+#ifdef HAVE_ECC
1357 
- #define SSL_ALGO_ECC     (1<<2)
1358 
- #define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA|SSL_ALGO_ECC)
1359 
- #else
1360 
-@@ -296,29 +275,13 @@
1361 
-
1362 
- #define SSL_AIDX_RSA     (0)
1363 
- #define SSL_AIDX_DSA     (1)
1364 
--#ifndef OPENSSL_NO_EC
1365 
-+#ifdef HAVE_ECC
1366 
- #define SSL_AIDX_ECC     (2)
1367 
- #define SSL_AIDX_MAX     (3)
1368 
- #else
1369 
- #define SSL_AIDX_MAX     (2)
1370 
- #endif
1371 
-
1372 
--
1373 
--/**
1374 
-- * Define IDs for the temporary RSA keys and DH params
1375 
-- */
1376 
--
1377 
--#define SSL_TMP_KEY_RSA_512  (0)
1378 
--#define SSL_TMP_KEY_RSA_1024 (1)
1379 
--#define SSL_TMP_KEY_DH_512   (2)
1380 
--#define SSL_TMP_KEY_DH_1024  (3)
1381 
--#ifndef OPENSSL_NO_EC
1382 
--#define SSL_TMP_KEY_EC_256   (4)
1383 
--#define SSL_TMP_KEY_MAX      (5)
1384 
--#else
1385 
--#define SSL_TMP_KEY_MAX      (4)
1386 
--#endif
1387 
--
1388 
- /**
1389 
-  * Define the SSL options
1390 
-  */
1391 
-@@ -534,7 +497,6 @@
1392 
-     apr_global_mutex_t   *pMutex;
1393 
-     apr_array_header_t   *aRandSeed;
1394 
-     apr_hash_t     *tVHostKeys;
1395 
--    void           *pTmpKeys[SSL_TMP_KEY_MAX];
1396 
-
1397 
-     /* Two hash tables of pointers to ssl_asn1_t structures.  The
1398 
-      * structures are used to store certificates and private keys
1399 
-@@ -656,7 +618,7 @@
1400 
-     const char *stapling_force_url;
1401 
- #endif
1402 
-
1403 
--#ifndef OPENSSL_NO_SRP
1404 
-+#ifdef HAVE_SRP
1405 
-     char *srp_vfile;
1406 
-     char *srp_unknown_user_seed;
1407 
-     SRP_VBASE  *srp_vbase;
1408 
-@@ -688,7 +650,7 @@
1409 
-     ssl_enabled_t    proxy_ssl_check_peer_expire;
1410 
-     ssl_enabled_t    proxy_ssl_check_peer_cn;
1411 
-     ssl_enabled_t    proxy_ssl_check_peer_name;
1412 
--#ifndef OPENSSL_NO_TLSEXT
1413 
-+#ifdef HAVE_TLSEXT
1414 
-     ssl_enabled_t    strict_sni_vhost_check;
1415 
- #endif
1416 
- #ifdef HAVE_FIPS
1417 
-@@ -792,7 +754,7 @@
1418 
- const char *ssl_cmd_SSLOCSPResponderTimeout(cmd_parms *cmd, void *dcfg, const char *arg);
1419 
- const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag);
1420 
-
1421 
--#ifndef OPENSSL_NO_SRP
1422 
-+#ifdef HAVE_SRP
1423 
- const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, const char *arg);
1424 
- const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg, const char *arg);
1425 
- #endif
1426 
-@@ -823,11 +785,7 @@
1427 
- extern const authz_provider ssl_authz_provider_verify_client;
1428 
-
1429 
- /**  OpenSSL callbacks */
1430 
--RSA         *ssl_callback_TmpRSA(SSL *, int, int);
1431 
- DH          *ssl_callback_TmpDH(SSL *, int, int);
1432 
--#ifndef OPENSSL_NO_EC
1433 
--EC_KEY      *ssl_callback_TmpECDH(SSL *, int, int);
1434 
--#endif
1435 
- int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
1436 
- int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
1437 
- int          ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
1438 
-@@ -835,7 +793,7 @@
1439 
- SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
1440 
- void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
1441 
- void         ssl_callback_Info(const SSL *, int, int);
1442 
--#ifndef OPENSSL_NO_TLSEXT
1443 
-+#ifdef HAVE_TLSEXT
1444 
- int          ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
1445 
- #endif
1446 
- #ifdef HAVE_TLS_SESSION_TICKETS
1447 
-@@ -873,7 +831,7 @@
1448 
- void         ssl_stapling_ex_init(void);
1449 
- int          ssl_stapling_init_cert(server_rec *s, modssl_ctx_t *mctx, X509 *x);
1450 
- #endif
1451 
--#ifndef OPENSSL_NO_SRP
1452 
-+#ifdef HAVE_SRP
1453 
- int          ssl_callback_SRPServerParams(SSL *, int *, void *);
1454 
- #endif
1455 
-
1456 
-@@ -906,8 +864,10 @@
1457 
- void         ssl_pphrase_Handle(server_rec *, apr_pool_t *);
1458 
-
1459 
- /**  Diffie-Hellman Parameter Support  */
1460 
--DH           *ssl_dh_GetTmpParam(int);
1461 
--DH           *ssl_dh_GetParamFromFile(char *);
1462 
-+DH           *ssl_dh_GetParamFromFile(const char *);
1463 
-+#ifdef HAVE_ECC
1464 
-+EC_GROUP     *ssl_ec_GetParamFromFile(const char *);
1465 
-+#endif
1466 
-
1467 
- unsigned char *ssl_asn1_table_set(apr_hash_t *table,
1468 
-                                   const char *key,
1469 
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_scache.c httpd-2.4.6/modules/ssl/ssl_scache.c
1470 
---- httpd-2.4.6-orig/modules/ssl/ssl_scache.c	2013-10-01 12:20:45.776812076 +0200
1471 
-+++ httpd-2.4.6/modules/ssl/ssl_scache.c	2013-10-01 12:20:50.993746855 +0200
1472 
-@@ -148,7 +148,7 @@
1473 
-     SSLModConfigRec *mc = myModConfig(s);
1474 
-     unsigned char dest[SSL_SESSION_MAX_DER];
1475 
-     unsigned int destlen = SSL_SESSION_MAX_DER;
1476 
--    MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr;
1477 
-+    const unsigned char *ptr;
1478 
-     apr_status_t rv;
1479 
-
1480 
-     if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
1481 
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_util.c httpd-2.4.6/modules/ssl/ssl_util.c
1482 
---- httpd-2.4.6-orig/modules/ssl/ssl_util.c	2013-10-01 12:20:45.775812088 +0200
1483 
-+++ httpd-2.4.6/modules/ssl/ssl_util.c	2013-10-01 12:20:50.993746855 +0200
1484 
-@@ -151,7 +151,7 @@
1485 
-             case EVP_PKEY_DSA:
1486 
-                 t = SSL_ALGO_DSA;
1487 
-                 break;
1488 
--#ifndef OPENSSL_NO_EC
1489 
-+#ifdef HAVE_ECC
1490 
-             case EVP_PKEY_EC:
1491 
-                 t = SSL_ALGO_ECC;
1492 
-                 break;
1493 
-@@ -177,7 +177,7 @@
1494 
-         case SSL_ALGO_DSA:
1495 
-             cp = "DSA";
1496 
-             break;
1497 
--#ifndef OPENSSL_NO_EC
1498 
-+#ifdef HAVE_ECC
1499 
-         case SSL_ALGO_ECC:
1500 
-             cp = "ECC";
1501 
-             break;
1502 
-@@ -253,7 +253,7 @@
1503 
-     apr_hash_set(table, key, klen, NULL);
1504 
- }
1505 
-
1506 
--#ifndef OPENSSL_NO_EC
1507 
-+#ifdef HAVE_ECC
1508 
- static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"};
1509 
- #else
1510 
- static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
1511 
-diff -Naur httpd-2.4.6-orig/modules/ssl/ssl_util_ssl.c httpd-2.4.6/modules/ssl/ssl_util_ssl.c
1512 
---- httpd-2.4.6-orig/modules/ssl/ssl_util_ssl.c	2013-10-01 12:20:45.777812063 +0200
1513 
-+++ httpd-2.4.6/modules/ssl/ssl_util_ssl.c	2013-10-01 12:20:50.993746855 +0200
1514 
-@@ -483,6 +483,38 @@
1515 
-
1516 
- /*  _________________________________________________________________
1517 
- **
1518 
-+**  Custom (EC)DH parameter support
1519 
-+**  _________________________________________________________________
1520 
-+*/
1521 
-+
1522 
-+DH *ssl_dh_GetParamFromFile(const char *file)
1523 
-+{
1524 
-+    DH *dh = NULL;
1525 
-+    BIO *bio;
1526 
-+
1527 
-+    if ((bio = BIO_new_file(file, "r")) == NULL)
1528 
-+        return NULL;
1529 
-+    dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
1530 
-+    BIO_free(bio);
1531 
-+    return (dh);
1532 
-+}
1533 
-+
1534 
-+#ifdef HAVE_ECC
1535 
-+EC_GROUP *ssl_ec_GetParamFromFile(const char *file)
1536 
-+{
1537 
-+    EC_GROUP *group = NULL;
1538 
-+    BIO *bio;
1539 
-+
1540 
-+    if ((bio = BIO_new_file(file, "r")) == NULL)
1541 
-+        return NULL;
1542 
-+    group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL);
1543 
-+    BIO_free(bio);
1544 
-+    return (group);
1545 
-+}
1546 
-+#endif
1547 
-+
1548 
-+/*  _________________________________________________________________
1549 
-+**
1550 
- **  Extra Server Certificate Chain Support
1551 
- **  _________________________________________________________________
1552 
- */
www-servers/apache/files/apache-noip.diff
Zeige Datei @ 89bb85f
... ... 
@@ -1,11 +0,0 @@
1 
---- server/log.c.1	2007-10-04 16:34:00.000000000 +0200
2 
-+++ server/log.c	2007-10-04 16:35:46.000000000 +0200
3 
-@@ -595,7 +595,7 @@
4 
-          * first. -djg
5 
-          */
6 
-         len += apr_snprintf(errstr + len, MAX_STRING_LEN - len,
7 
--                            "[client %s] ", c->remote_ip);
8 
-+                            "[client 0.0.0.0] ");
9 
-     }
10 
-     if (status != 0) {
11 
-         if (status < APR_OS_START_EAIERR) {
www-servers/apache/files/apache-npn
Zeige Datei @ 89bb85f
... ... 
@@ -1,242 +0,0 @@
1 
-diff -Naur httpd-2.4.3/modules/ssl/mod_ssl.c httpd-2.4.3-1/modules/ssl/mod_ssl.c
2 
---- httpd-2.4.3/modules/ssl/mod_ssl.c	2012-08-05 15:48:40.000000000 +0200
3 
-+++ httpd-2.4.3-1/modules/ssl/mod_ssl.c	2012-10-23 15:53:15.014424913 +0200
4 
-@@ -263,6 +263,18 @@
5 
-     AP_END_CMD
6 
- };
7 
-
8 
-+/* Implement 'modssl_run_npn_advertise_protos_hook'. */
9 
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
10 
-+    modssl, AP, int, npn_advertise_protos_hook,
11 
-+    (conn_rec *connection, apr_array_header_t *protos),
12 
-+    (connection, protos), OK, DECLINED);
13 
-+
14 
-+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
15 
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
16 
-+    modssl, AP, int, npn_proto_negotiated_hook,
17 
-+    (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
18 
-+    (connection, proto_name, proto_name_len), OK, DECLINED);
19 
-+
20 
- /*
21 
-  *  the various processing hooks
22 
-  */
23 
-diff -Naur httpd-2.4.3/modules/ssl/mod_ssl.h httpd-2.4.3-1/modules/ssl/mod_ssl.h
24 
---- httpd-2.4.3/modules/ssl/mod_ssl.h	2011-09-23 15:38:09.000000000 +0200
25 
-+++ httpd-2.4.3-1/modules/ssl/mod_ssl.h	2012-10-23 15:53:15.014424913 +0200
26 
-@@ -63,5 +63,26 @@
27 
-
28 
- APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
29 
-
30 
-+/** The npn_advertise_protos optional hook allows other modules to add entries
31 
-+ * to the list of protocol names advertised by the server during the Next
32 
-+ * Protocol Negotiation (NPN) portion of the SSL handshake.  The hook callee is
33 
-+ * given the connection and an APR array; it should push one or more char*'s
34 
-+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
35 
-+ * the array and return OK, or do nothing and return DECLINED. */
36 
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
37 
-+                          (conn_rec *connection, apr_array_header_t *protos));
38 
-+
39 
-+/** The npn_proto_negotiated optional hook allows other modules to discover the
40 
-+ * name of the protocol that was chosen during the Next Protocol Negotiation
41 
-+ * (NPN) portion of the SSL handshake.  Note that this may be the empty string
42 
-+ * (in which case modules should probably assume HTTP), or it may be a protocol
43 
-+ * that was never even advertised by the server.  The hook callee is given the
44 
-+ * connection, a non-null-terminated string containing the protocol name, and
45 
-+ * the length of the string; it should do something appropriate (i.e. insert or
46 
-+ * remove filters) and return OK, or do nothing and return DECLINED. */
47 
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
48 
-+                          (conn_rec *connection, const char *proto_name,
49 
-+                           apr_size_t proto_name_len));
50 
-+
51 
- #endif /* __MOD_SSL_H__ */
52 
- /** @} */
53 
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_init.c httpd-2.4.3-1/modules/ssl/ssl_engine_init.c
54 
---- httpd-2.4.3/modules/ssl/ssl_engine_init.c	2012-08-05 15:48:40.000000000 +0200
55 
-+++ httpd-2.4.3-1/modules/ssl/ssl_engine_init.c	2012-10-23 15:53:15.030424726 +0200
56 
-@@ -693,6 +693,11 @@
57 
- #endif
58 
-
59 
-     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
60 
-+
61 
-+#ifdef HAVE_TLS_NPN
62 
-+    SSL_CTX_set_next_protos_advertised_cb(
63 
-+        ctx, ssl_callback_AdvertiseNextProtos, NULL);
64 
-+#endif
65 
- }
66 
-
67 
- static void ssl_init_ctx_verify(server_rec *s,
68 
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_io.c httpd-2.4.3-1/modules/ssl/ssl_engine_io.c
69 
---- httpd-2.4.3/modules/ssl/ssl_engine_io.c	2012-05-05 10:44:19.000000000 +0200
70 
-+++ httpd-2.4.3-1/modules/ssl/ssl_engine_io.c	2012-10-23 15:53:15.030424726 +0200
71 
-@@ -28,6 +28,7 @@
72 
-                                   core keeps dumping.''
73 
-                                             -- Unknown    */
74 
- #include "ssl_private.h"
75 
-+#include "mod_ssl.h"
76 
- #include "apr_date.h"
77 
-
78 
- /*  _________________________________________________________________
79 
-@@ -297,6 +298,7 @@
80 
-     apr_pool_t *pool;
81 
-     char buffer[AP_IOBUFSIZE];
82 
-     ssl_filter_ctx_t *filter_ctx;
83 
-+    int npn_finished;  /* 1 if NPN has finished, 0 otherwise */
84 
- } bio_filter_in_ctx_t;
85 
-
86 
- /*
87 
-@@ -1374,6 +1376,26 @@
88 
-         APR_BRIGADE_INSERT_TAIL(bb, bucket);
89 
-     }
90 
-
91 
-+#ifdef HAVE_TLS_NPN
92 
-+    /* By this point, Next Protocol Negotiation (NPN) should be completed (if
93 
-+     * our version of OpenSSL supports it).  If we haven't already, find out
94 
-+     * which protocol was decided upon and inform other modules by calling
95 
-+     * npn_proto_negotiated_hook. */
96 
-+    if (!inctx->npn_finished) {
97 
-+        const unsigned char *next_proto = NULL;
98 
-+        unsigned next_proto_len = 0;
99 
-+
100 
-+        SSL_get0_next_proto_negotiated(
101 
-+            inctx->ssl, &next_proto, &next_proto_len);
102 
-+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, APR_SUCCESS, f->c,
103 
-+                      APLOGNO(02306) "SSL NPN negotiated protocol: '%*s'",
104 
-+                      next_proto_len, (const char*)next_proto);
105 
-+        modssl_run_npn_proto_negotiated_hook(
106 
-+            f->c, (const char*)next_proto, next_proto_len);
107 
-+        inctx->npn_finished = 1;
108 
-+    }
109 
-+#endif
110 
-+
111 
-     return APR_SUCCESS;
112 
- }
113 
-
114 
-@@ -1855,6 +1877,7 @@
115 
-     inctx->block = APR_BLOCK_READ;
116 
-     inctx->pool = c->pool;
117 
-     inctx->filter_ctx = filter_ctx;
118 
-+    inctx->npn_finished = 0;
119 
- }
120 
-
121 
- /* The request_rec pointer is passed in here only to ensure that the
122 
-diff -Naur httpd-2.4.3/modules/ssl/ssl_engine_kernel.c httpd-2.4.3-1/modules/ssl/ssl_engine_kernel.c
123 
---- httpd-2.4.3/modules/ssl/ssl_engine_kernel.c	2012-05-05 10:44:19.000000000 +0200
124 
-+++ httpd-2.4.3-1/modules/ssl/ssl_engine_kernel.c	2012-10-23 15:53:15.031424714 +0200
125 
-@@ -29,6 +29,7 @@
126 
-                                   time I was too famous.''
127 
-                                             -- Unknown                */
128 
- #include "ssl_private.h"
129 
-+#include "mod_ssl.h"
130 
- #include "util_md5.h"
131 
-
132 
- static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
133 
-@@ -2143,3 +2144,86 @@
134 
-     return -1;
135 
- }
136 
- #endif
137 
-+
138 
-+#ifdef HAVE_TLS_NPN
139 
-+/*
140 
-+ * This callback function is executed when SSL needs to decide what protocols
141 
-+ * to advertise during Next Protocol Negotiation (NPN).  It must produce a
142 
-+ * string in wire format -- a sequence of length-prefixed strings -- indicating
143 
-+ * the advertised protocols.  Refer to SSL_CTX_set_next_protos_advertised_cb
144 
-+ * in OpenSSL for reference.
145 
-+ */
146 
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
147 
-+                                     unsigned int *size_out, void *arg)
148 
-+{
149 
-+    conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
150 
-+    apr_array_header_t *protos;
151 
-+    int num_protos;
152 
-+    unsigned int size;
153 
-+    int i;
154 
-+    unsigned char *data;
155 
-+    unsigned char *start;
156 
-+
157 
-+    *data_out = NULL;
158 
-+    *size_out = 0;
159 
-+
160 
-+    /* If the connection object is not available, then there's nothing for us
161 
-+     * to do. */
162 
-+    if (c == NULL) {
163 
-+        return SSL_TLSEXT_ERR_OK;
164 
-+    }
165 
-+
166 
-+    /* Invoke our npn_advertise_protos hook, giving other modules a chance to
167 
-+     * add alternate protocol names to advertise. */
168 
-+    protos = apr_array_make(c->pool, 0, sizeof(char*));
169 
-+    modssl_run_npn_advertise_protos_hook(c, protos);
170 
-+    num_protos = protos->nelts;
171 
-+
172 
-+    /* We now have a list of null-terminated strings; we need to concatenate
173 
-+     * them together into a single string, where each protocol name is prefixed
174 
-+     * by its length.  First, calculate how long that string will be. */
175 
-+    size = 0;
176 
-+    for (i = 0; i < num_protos; ++i) {
177 
-+        const char *string = APR_ARRAY_IDX(protos, i, const char*);
178 
-+        unsigned int length = strlen(string);
179 
-+        /* If the protocol name is too long (the length must fit in one byte),
180 
-+         * then log an error and skip it. */
181 
-+        if (length > 255) {
182 
-+            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02307)
183 
-+                          "SSL NPN protocol name too long (length=%u): %s",
184 
-+                          length, string);
185 
-+            continue;
186 
-+        }
187 
-+        /* Leave room for the length prefix (one byte) plus the protocol name
188 
-+         * itself. */
189 
-+        size += 1 + length;
190 
-+    }
191 
-+
192 
-+    /* If there is nothing to advertise (either because no modules added
193 
-+     * anything to the protos array, or because all strings added to the array
194 
-+     * were skipped), then we're done. */
195 
-+    if (size == 0) {
196 
-+        return SSL_TLSEXT_ERR_OK;
197 
-+    }
198 
-+
199 
-+    /* Now we can build the string.  Copy each protocol name string into the
200 
-+     * larger string, prefixed by its length. */
201 
-+    data = apr_palloc(c->pool, size * sizeof(unsigned char));
202 
-+    start = data;
203 
-+    for (i = 0; i < num_protos; ++i) {
204 
-+        const char *string = APR_ARRAY_IDX(protos, i, const char*);
205 
-+        apr_size_t length = strlen(string);
206 
-+        if (length > 255)
207 
-+            continue;
208 
-+        *start = (unsigned char)length;
209 
-+        ++start;
210 
-+        memcpy(start, string, length * sizeof(unsigned char));
211 
-+        start += length;
212 
-+    }
213 
-+
214 
-+    /* Success. */
215 
-+    *data_out = data;
216 
-+    *size_out = size;
217 
-+    return SSL_TLSEXT_ERR_OK;
218 
-+}
219 
-+#endif
220 
-diff -Naur httpd-2.4.3/modules/ssl/ssl_private.h httpd-2.4.3-1/modules/ssl/ssl_private.h
221 
---- httpd-2.4.3/modules/ssl/ssl_private.h	2012-08-05 15:48:40.000000000 +0200
222 
-+++ httpd-2.4.3-1/modules/ssl/ssl_private.h	2012-10-23 15:53:15.031424714 +0200
223 
-@@ -139,6 +139,11 @@
224 
- #define HAVE_FIPS
225 
- #endif
226 
-
227 
-+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
228 
-+    && !defined(OPENSSL_NO_TLSEXT)
229 
-+#define HAVE_TLS_NPN
230 
-+#endif
231 
-+
232 
- #if (OPENSSL_VERSION_NUMBER >= 0x10000000)
233 
- #define MODSSL_SSL_CIPHER_CONST const
234 
- #define MODSSL_SSL_METHOD_CONST const
235 
-@@ -820,6 +825,7 @@
236 
- int         ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *,
237 
-                                        EVP_CIPHER_CTX *, HMAC_CTX *, int);
238 
- #endif
239 
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
240 
-
241 
- /**  Session Cache Support  */
242 
- void         ssl_scache_init(server_rec *, apr_pool_t *);
www-servers/apache/files/apache.conf
Zeige Datei @ 697c807
... ... 
@@ -0,0 +1,2 @@
1 
+d /run/apache2 710 root apache
2 
+d /run/apache_ssl_mutex
www-servers/apache/files/apache2.2.service
Zeige Datei @ 697c807
... ... 
@@ -0,0 +1,19 @@
1 
+[Unit]
2 
+Description=The Apache HTTP Server
3 
+After=network.target remote-fs.target nss-lookup.target
4 
+
5 
+[Service]
6 
+EnvironmentFile=/etc/conf.d/apache2
7 
+ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND
8 
+ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful
9 
+ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop
10 
+# We want systemd to give httpd some time to finish gracefully, but still want
11 
+# it to kill httpd after TimeoutStopSec if something went wrong during the
12 
+# graceful stop. Normally, Systemd sends SIGTERM signal right after the
13 
+# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
14 
+# httpd time to finish.
15 
+KillSignal=SIGCONT
16 
+PrivateTmp=true
17 
+
18 
+[Install]
19 
+WantedBy=multi-user.target
www-servers/apache/files/apache2.4.service
Zeige Datei @ 697c807
... ... 
@@ -0,0 +1,20 @@
1 
+[Unit]
2 
+Description=The Apache HTTP Server
3 
+After=network.target remote-fs.target nss-lookup.target
4 
+
5 
+[Service]
6 
+Type=notify
7 
+EnvironmentFile=/etc/conf.d/apache2
8 
+ExecStart=/usr/sbin/apache2 $APACHE2_OPTS -DFOREGROUND
9 
+ExecReload=/usr/sbin/apache2 $APACHE2_OPTS -k graceful
10 
+ExecStop=/usr/sbin/apache2 $APACHE2_OPTS -k graceful-stop
11 
+# We want systemd to give httpd some time to finish gracefully, but still want
12 
+# it to kill httpd after TimeoutStopSec if something went wrong during the
13 
+# graceful stop. Normally, Systemd sends SIGTERM signal right after the
14 
+# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
15 
+# httpd time to finish.
16 
+KillSignal=SIGCONT
17 
+PrivateTmp=true
18 
+
19 
+[Install]
20 
+WantedBy=multi-user.target
www-servers/apache/files/gentoo-apache-2.2.23-initd_fixups.patch
Zeige Datei @ 697c807
... ... 
@@ -0,0 +1,40 @@
1 
+--- gentoo-apache-2.2.23/init/apache2.initd
2 
++++ gentoo-apache-2.2.23/init/apache2.initd
3 
+@@ -77,12 +77,16 @@
4 
+ 	# Use start stop daemon to apply system limits #347301
5 
+ 	start-stop-daemon --start -- ${APACHE2} ${APACHE2_OPTS} -k start
6 
+
7 
+-	i=0
8 
+-	while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do
9 
++	local i=0 retval=1
10 
++	while [ $i -lt ${TIMEOUT} ] ; do
11 
++		if [ -e "${PIDFILE}" ] ; then
12 
++			retval=0
13 
++			break
14 
++		fi
15 
+ 		sleep 1 && i=$(expr $i + 1)
16 
+ 	done
17 
+
18 
+-	eend $(test $i -lt ${TIMEOUT})
19 
++	eend ${retval}
20 
+ }
21 
+
22 
+ stop() {
23 
+@@ -101,13 +105,14 @@
24 
+ 	ebegin "Stopping ${SVCNAME}"
25 
+ 	${APACHE2} ${APACHE2_OPTS} -k stop
26 
+
27 
+-	i=0
28 
+-	while ( ! test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \
29 
++	local i=0 retval=0
30 
++	while ( test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \
31 
+ 		&& [ $i -lt ${TIMEOUT} ]; do
32 
+ 		sleep 1 && i=$(expr $i + 1)
33 
+ 	done
34 
++	[ -e "${PIDFILE}" ] && retval=1
35 
+
36 
+-	eend $(test $i -lt ${TIMEOUT})
37 
++	eend ${retval}
38 
+ }
39 
+
40 
+ reload() {
www-servers/apache/files/httpd-2.2.16-ecc.diff
Zeige Datei @ 89bb85f
... ... 
@@ -1,249 +0,0 @@
1 
-diff -Naur httpd-2.2.16/modules/ssl/mod_ssl.c httpd-2.2.16-ecc/modules/ssl/mod_ssl.c
2 
---- httpd-2.2.16/modules/ssl/mod_ssl.c	2010-07-12 20:47:45.000000000 +0200
3 
-+++ httpd-2.2.16-ecc/modules/ssl/mod_ssl.c	2011-01-04 21:54:17.587477515 +0100
4 
-@@ -424,6 +424,9 @@
5 
-      */
6 
-     SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
7 
-     SSL_set_tmp_dh_callback(ssl,  ssl_callback_TmpDH);
8 
-+#ifndef OPENSSL_NO_EC
9 
-+    SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH);
10 
-+#endif
11 
-
12 
-     SSL_set_verify_result(ssl, X509_V_OK);
13 
-
14 
-diff -Naur httpd-2.2.16/modules/ssl/ssl_engine_init.c httpd-2.2.16-ecc/modules/ssl/ssl_engine_init.c
15 
---- httpd-2.2.16/modules/ssl/ssl_engine_init.c	2010-07-12 20:47:45.000000000 +0200
16 
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_engine_init.c	2011-01-04 21:56:05.611610901 +0100
17 
-@@ -399,7 +399,11 @@
18 
-      *  Check for problematic re-initializations
19 
-      */
20 
-     if (mctx->pks->certs[SSL_AIDX_RSA] ||
21 
--        mctx->pks->certs[SSL_AIDX_DSA])
22 
-+        mctx->pks->certs[SSL_AIDX_DSA]
23 
-+#ifndef OPENSSL_NO_EC
24 
-+      || mctx->pks->certs[SSL_AIDX_ECC]
25 
-+#endif
26 
-+        )
27 
-     {
28 
-         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
29 
-                 "Illegal attempt to re-initialise SSL for server "
30 
-@@ -554,6 +558,9 @@
31 
-
32 
-     SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
33 
-     SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
34 
-+#ifndef OPENSSL_NO_EC
35 
-+    SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH);
36 
-+#endif
37 
-
38 
-     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
39 
- }
40 
-@@ -821,9 +828,16 @@
41 
-     ssl_asn1_t *asn1;
42 
-     MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;
43 
-     const char *type = ssl_asn1_keystr(idx);
44 
--    int pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
45 
-+    int pkey_type;
46 
-     EVP_PKEY *pkey;
47 
-
48 
-+#ifndef OPENSSL_NO_EC
49 
-+    if (idx == SSL_AIDX_ECC)
50 
-+      pkey_type = EVP_PKEY_EC;
51 
-+    else
52 
-+#endif /* SSL_LIBRARY_VERSION */
53 
-+    pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
54 
-+
55 
-     if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) {
56 
-         return FALSE;
57 
-     }
58 
-@@ -934,19 +948,39 @@
59 
-                                   modssl_ctx_t *mctx)
60 
- {
61 
-     const char *rsa_id, *dsa_id;
62 
-+#ifndef OPENSSL_NO_EC
63 
-+    const char *ecc_id;
64 
-+#endif
65 
-     const char *vhost_id = mctx->sc->vhost_id;
66 
-     int i;
67 
-     int have_rsa, have_dsa;
68 
-+#ifndef OPENSSL_NO_EC
69 
-+    int have_ecc;
70 
-+#endif
71 
-
72 
-     rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
73 
-     dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
74 
-+#ifndef OPENSSL_NO_EC
75 
-+    ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC);
76 
-+#endif
77 
-
78 
-     have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
79 
-     have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
80 
-+#ifndef OPENSSL_NO_EC
81 
-+    have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC);
82 
-+#endif
83 
-
84 
--    if (!(have_rsa || have_dsa)) {
85 
-+    if (!(have_rsa || have_dsa
86 
-+#ifndef OPENSSL_NO_EC
87 
-+        || have_ecc
88 
-+#endif
89 
-+)) {
90 
-         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
91 
-+#ifndef OPENSSL_NO_EC
92 
-+                "Oops, no RSA, DSA or ECC server certificate found "
93 
-+#else
94 
-                 "Oops, no RSA or DSA server certificate found "
95 
-+#endif
96 
-                 "for '%s:%d'?!", s->server_hostname, s->port);
97 
-         ssl_die();
98 
-     }
99 
-@@ -957,10 +991,21 @@
100 
-
101 
-     have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
102 
-     have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
103 
-+#ifndef OPENSSL_NO_EC
104 
-+    have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC);
105 
-+#endif
106 
-
107 
--    if (!(have_rsa || have_dsa)) {
108 
-+    if (!(have_rsa || have_dsa
109 
-+#ifndef OPENSSL_NO_EC
110 
-+        || have_ecc
111 
-+#endif
112 
-+          )) {
113 
-         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
114 
-+#ifndef OPENSSL_NO_EC
115 
-+                "Oops, no RSA, DSA or ECC server private key found?!");
116 
-+#else
117 
-                 "Oops, no RSA or DSA server private key found?!");
118 
-+#endif
119 
-         ssl_die();
120 
-     }
121 
- }
122 
-diff -Naur httpd-2.2.16/modules/ssl/ssl_engine_kernel.c httpd-2.2.16-ecc/modules/ssl/ssl_engine_kernel.c
123 
---- httpd-2.2.16/modules/ssl/ssl_engine_kernel.c	2010-02-27 22:00:58.000000000 +0100
124 
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_engine_kernel.c	2011-01-04 21:54:17.578477589 +0100
125 
-@@ -1287,6 +1287,33 @@
126 
-     return (DH *)mc->pTmpKeys[idx];
127 
- }
128 
-
129 
-+#ifndef OPENSSL_NO_EC
130 
-+EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen)
131 
-+{
132 
-+    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
133 
-+    SSLModConfigRec *mc = myModConfig(c->base_server);
134 
-+    int idx;
135 
-+    static EC_KEY *ecdh = NULL;
136 
-+    static init = 0;
137 
-+
138 
-+    /* XXX Uses 256-bit key for now. TODO: support other sizes. */
139 
-+    ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
140 
-+                  "handing out temporary 256 bit ECC key");
141 
-+
142 
-+    if (init == 0) {
143 
-+        ecdh = EC_KEY_new();
144 
-+        if (ecdh != NULL) {
145 
-+            /* ecdh->group = EC_GROUP_new_by_nid(NID_secp160r2); */
146 
-+            EC_KEY_set_group(ecdh,
147 
-+              EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
148 
-+        }
149 
-+        init = 1;
150 
-+    }
151 
-+
152 
-+    return ecdh;
153 
-+}
154 
-+#endif
155 
-+
156 
- /*
157 
-  * This OpenSSL callback function is called when OpenSSL
158 
-  * does client authentication and verifies the certificate chain.
159 
-diff -Naur httpd-2.2.16/modules/ssl/ssl_private.h httpd-2.2.16-ecc/modules/ssl/ssl_private.h
160 
---- httpd-2.2.16/modules/ssl/ssl_private.h	2010-07-12 20:47:45.000000000 +0200
161 
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_private.h	2011-01-04 21:54:17.577477597 +0100
162 
-@@ -181,11 +181,21 @@
163 
- #define SSL_ALGO_UNKNOWN (0)
164 
- #define SSL_ALGO_RSA     (1<<0)
165 
- #define SSL_ALGO_DSA     (1<<1)
166 
-+#ifndef OPENSSL_NO_EC
167 
-+#define SSL_ALGO_ECC     (1<<2)
168 
-+#define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA|SSL_ALGO_ECC)
169 
-+#else
170 
- #define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA)
171 
-+#endif /* SSL_LIBRARY_VERSION */
172 
-
173 
- #define SSL_AIDX_RSA     (0)
174 
- #define SSL_AIDX_DSA     (1)
175 
-+#ifndef OPENSSL_NO_EC
176 
-+#define SSL_AIDX_ECC     (2)
177 
-+#define SSL_AIDX_MAX     (3)
178 
-+#else
179 
- #define SSL_AIDX_MAX     (2)
180 
-+#endif /* SSL_LIBRARY_VERSION */
181 
-
182 
-
183 
- /**
184 
-@@ -589,6 +599,9 @@
185 
- /**  OpenSSL callbacks */
186 
- RSA         *ssl_callback_TmpRSA(SSL *, int, int);
187 
- DH          *ssl_callback_TmpDH(SSL *, int, int);
188 
-+#ifndef OPENSSL_NO_EC
189 
-+EC_KEY      *ssl_callback_TmpECDH(SSL *, int, int);
190 
-+#endif /* SSL_LIBRARY_VERSION */
191 
- int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
192 
- int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
193 
- int          ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);
194 
-diff -Naur httpd-2.2.16/modules/ssl/ssl_toolkit_compat.h httpd-2.2.16-ecc/modules/ssl/ssl_toolkit_compat.h
195 
---- httpd-2.2.16/modules/ssl/ssl_toolkit_compat.h	2010-07-12 20:47:45.000000000 +0200
196 
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_toolkit_compat.h	2011-01-04 21:55:26.583924797 +0100
197 
-@@ -38,6 +38,13 @@
198 
- #include <openssl/evp.h>
199 
- #include <openssl/rand.h>
200 
- #include <openssl/x509v3.h>
201 
-+
202 
-+
203 
-+/* ECC support came along in OpenSSL 1.0.0 */
204 
-+#if (OPENSSL_VERSION_NUMBER < 0x10000000)
205 
-+#define OPENSSL_NO_EC
206 
-+#endif
207 
-+
208 
- /** Avoid tripping over an engine build installed globally and detected
209 
-  * when the user points at an explicit non-engine flavor of OpenSSL
210 
-  */
211 
-diff -Naur httpd-2.2.16/modules/ssl/ssl_util.c httpd-2.2.16-ecc/modules/ssl/ssl_util.c
212 
---- httpd-2.2.16/modules/ssl/ssl_util.c	2008-09-18 16:34:51.000000000 +0200
213 
-+++ httpd-2.2.16-ecc/modules/ssl/ssl_util.c	2011-01-04 21:54:17.578477589 +0100
214 
-@@ -150,6 +150,11 @@
215 
-             case EVP_PKEY_DSA:
216 
-                 t = SSL_ALGO_DSA;
217 
-                 break;
218 
-+#ifndef OPENSSL_NO_EC
219 
-+            case EVP_PKEY_EC:
220 
-+                t = SSL_ALGO_ECC;
221 
-+                break;
222 
-+#endif
223 
-             default:
224 
-                 break;
225 
-         }
226 
-@@ -174,6 +179,11 @@
227 
-         case SSL_ALGO_DSA:
228 
-             cp = "DSA";
229 
-             break;
230 
-+#ifndef OPENSSL_NO_EC
231 
-+        case SSL_ALGO_ECC:
232 
-+            cp = "ECC";
233 
-+            break;
234 
-+#endif
235 
-         default:
236 
-             break;
237 
-     }
238 
-@@ -245,7 +255,11 @@
239 
-     apr_hash_set(table, key, klen, NULL);
240 
- }
241 
-
242 
-+#ifndef OPENSSL_NO_EC
243 
-+static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"};
244 
-+#else
245 
- static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
246 
-+#endif
247 
-
248 
- const char *ssl_asn1_keystr(int keytype)
249 
- {
www-servers/apache/files/httpd-2.4.3-mod_systemd.patch
Zeige Datei @ 697c807
... ... 
@@ -0,0 +1,163 @@
1 
+--- httpd-2.4.3/modules/arch/unix/config5.m4.systemd
2 
++++ httpd-2.4.3/modules/arch/unix/config5.m4
3 
+@@ -18,6 +18,19 @@ APACHE_MODULE(privileges, Per-virtualhos
4 
+   fi
5 
+ ])
6 
+
7 
++
8 
++APACHE_MODULE(systemd, Systemd support, , , $unixd_mods_enabled, [
9 
++  AC_CHECK_LIB(systemd-daemon, sd_notify, SYSTEMD_LIBS="-lsystemd-daemon")
10 
++  AC_CHECK_HEADERS(systemd/sd-daemon.h, [ap_HAVE_SD_DAEMON_H="yes"], [ap_HAVE_SD_DAEMON_H="no"])
11 
++  if test $ap_HAVE_SD_DAEMON_H = "no" || test -z "${SYSTEMD_LIBS}"; then
12 
++    AC_MSG_WARN([Your system does not support systemd.])
13 
++    enable_systemd="no"
14 
++  else
15 
++    APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS])
16 
++    enable_systemd="yes"
17 
++  fi
18 
++])
19 
++
20 
+ APR_ADDTO(INCLUDES, [-I\$(top_srcdir)/$modpath_current])
21 
+
22 
+ APACHE_MODPATH_FINISH
23 
+--- httpd-2.4.3/modules/arch/unix/mod_systemd.c.systemd
24 
++++ httpd-2.4.3/modules/arch/unix/mod_systemd.c
25 
+@@ -0,0 +1,138 @@
26 
++/* Licensed to the Apache Software Foundation (ASF) under one or more
27 
++ * contributor license agreements.  See the NOTICE file distributed with
28 
++ * this work for additional information regarding copyright ownership.
29 
++ * The ASF licenses this file to You under the Apache License, Version 2.0
30 
++ * (the "License"); you may not use this file except in compliance with
31 
++ * the License.  You may obtain a copy of the License at
32 
++ *
33 
++ *     http://www.apache.org/licenses/LICENSE-2.0
34 
++ *
35 
++ * Unless required by applicable law or agreed to in writing, software
36 
++ * distributed under the License is distributed on an "AS IS" BASIS,
37 
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
38 
++ * See the License for the specific language governing permissions and
39 
++ * limitations under the License.
40 
++ *
41 
++ */
42 
++
43 
++#include <stdint.h>
44 
++#include <ap_config.h>
45 
++#include "ap_mpm.h"
46 
++#include <http_core.h>
47 
++#include <http_log.h>
48 
++#include <apr_version.h>
49 
++#include <apr_pools.h>
50 
++#include <apr_strings.h>
51 
++#include "unixd.h"
52 
++#include "scoreboard.h"
53 
++#include "mpm_common.h"
54 
++
55 
++#include "systemd/sd-daemon.h"
56 
++
57 
++#if APR_HAVE_UNISTD_H
58 
++#include <unistd.h>
59 
++#endif
60 
++
61 
++#define KBYTE 1024
62 
++
63 
++static pid_t pid;	/* PID of the main httpd instance */
64 
++static int server_limit, thread_limit, threads_per_child, max_servers;
65 
++static time_t last_update_time;
66 
++static unsigned long last_update_access;
67 
++static unsigned long last_update_kbytes;
68 
++
69 
++static int systemd_pre_mpm(apr_pool_t *p, ap_scoreboard_e sb_type)
70 
++{
71 
++    int rv;
72 
++    last_update_time = time(0);
73 
++
74 
++    ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
75 
++    ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit);
76 
++    ap_mpm_query(AP_MPMQ_MAX_THREADS, &threads_per_child);
77 
++    /* work around buggy MPMs */
78 
++    if (threads_per_child == 0)
79 
++        threads_per_child = 1;
80 
++    ap_mpm_query(AP_MPMQ_MAX_DAEMONS, &max_servers);
81 
++
82 
++    pid = getpid();
83 
++
84 
++    rv = sd_notifyf(0, "READY=1\n"
85 
++                    "STATUS=Processing requests...\n"
86 
++                    "MAINPID=%lu",
87 
++                    (unsigned long) pid);
88 
++    if (rv < 0) {
89 
++        ap_log_perror(APLOG_MARK, APLOG_ERR, 0, p,
90 
++                     "sd_notifyf returned an error %d", rv);
91 
++    }
92 
++
93 
++    return OK;
94 
++}
95 
++
96 
++static int systemd_monitor(apr_pool_t *p, server_rec *s)
97 
++{
98 
++    int i, j, res, rv;
99 
++    process_score *ps_record;
100 
++    worker_score *ws_record;
101 
++    unsigned long access = 0;
102 
++    unsigned long bytes = 0;
103 
++    unsigned long kbytes = 0;
104 
++    char bps[5];
105 
++    time_t now = time(0);
106 
++    time_t elapsed = now - last_update_time;
107 
++
108 
++    for (i = 0; i < server_limit; ++i) {
109 
++        ps_record = ap_get_scoreboard_process(i);
110 
++        for (j = 0; j < thread_limit; ++j) {
111 
++            ws_record = ap_get_scoreboard_worker_from_indexes(i, j);
112 
++            if (ap_extended_status && !ps_record->quiescing && ps_record->pid) {
113 
++                res = ws_record->status;
114 
++                if (ws_record->access_count != 0 ||
115 
++                    (res != SERVER_READY && res != SERVER_DEAD)) {
116 
++                    access += ws_record->access_count;
117 
++                    bytes += ws_record->bytes_served;
118 
++                    if (bytes >= KBYTE) {
119 
++                        kbytes += (bytes >> 10);
120 
++                        bytes = bytes & 0x3ff;
121 
++                    }
122 
++                }
123 
++            }
124 
++        }
125 
++    }
126 
++
127 
++    apr_strfsize((unsigned long)(KBYTE *(float) (kbytes - last_update_kbytes)
128 
++                                 / (float) elapsed), bps);
129 
++
130 
++    rv = sd_notifyf(0, "READY=1\n"
131 
++                    "STATUS=Total requests: %lu; Current requests/sec: %.3g; "
132 
++                    "Current traffic: %sB/sec\n", access,
133 
++                    ((float)access - last_update_access) / (float) elapsed, bps);
134 
++    if (rv < 0) {
135 
++        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00000)
136 
++                     "sd_notifyf returned an error %d", rv);
137 
++    }
138 
++
139 
++    last_update_access = access;
140 
++    last_update_kbytes = kbytes;
141 
++    last_update_time = now;
142 
++
143 
++    return DECLINED;
144 
++}
145 
++
146 
++static void systemd_register_hooks(apr_pool_t *p)
147 
++{
148 
++    /* We know the PID in this hook ... */
149 
++    ap_hook_pre_mpm(systemd_pre_mpm, NULL, NULL, APR_HOOK_LAST);
150 
++    /* Used to update httpd's status line using sd_notifyf */
151 
++    ap_hook_monitor(systemd_monitor, NULL, NULL, APR_HOOK_MIDDLE);
152 
++}
153 
++
154 
++module AP_MODULE_DECLARE_DATA systemd_module =
155 
++{
156 
++    STANDARD20_MODULE_STUFF,
157 
++    NULL,
158 
++    NULL,
159 
++    NULL,
160 
++    NULL,
161 
++    NULL,
162 
++    systemd_register_hooks,
163 
++};
0 164