Hanno Böck commited on 2011-03-28 00:01:03
Zeige 4 geänderte Dateien mit 362 Einfügungen und 2 Löschungen.
... | ... |
@@ -1,5 +1,6 @@ |
1 | 1 |
AUX apache-noip.diff 417 RMD160 8e16f7ff130cea52449a25aafbbdeb78919d9eae SHA1 7c19a0236e4eff23bee6e69ee6708a24529a974c SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc |
2 | 2 |
AUX apache-tlsext-workaround.diff 395 RMD160 c756f0e935e4392d44c57a202fd73af173b3b9b2 SHA1 f9619250609d4bd1bddc3e28e23f61cfedb93c09 SHA256 ee0b535bc401ae6b4028d4fa238198f067cacab936d69596c4d8b4ca1ea23619 |
3 |
+AUX httpd-2.2.16-ecc.diff 8236 RMD160 604f1124c168805b7702a6ca4a26ee7004fbab0b SHA1 3badbccc36c21710ef1c60f47963bcc631c00917 SHA256 e7fe97852875de06372d8413248fa20419946e2ab7de5198c93bffa6b5a68461 |
|
3 | 4 |
AUX httpd-2.2.x-sni.diff 13866 RMD160 ae21ae0ebc2c0d263b5290d67aeefd56b145ed73 SHA1 b8b8dcc56e6a7bb5c07d95fa46683db4170dd7ba SHA256 092aaa998f2b15e6b89b0785c237ce3bb40d4bf188509fcf58470ce5731380e9 |
4 | 5 |
DIST gentoo-apache-2.2.10-20081025.tar.bz2 60296 RMD160 bc6d9e05a5924cf104e0a07b18ab6c9da526a1dc SHA1 f3ea7bda13b57b9f622890b2d9288cb096472a96 SHA256 e7704ac9a645bb722d8063735c7de17a4041d76cc72244fc928a0a5ad1ee1ccd |
5 | 6 |
DIST gentoo-apache-2.2.11-20090101.tar.bz2 60721 RMD160 2a2342bcff3778f44ecb148c333da49f71b5ed57 SHA1 6bb963fa73bf2c26d89dc6b808454d1541f103db SHA256 88a24a6e600024386db5cfd704b11cd7a408ba6ef067a2ffe2dc0923993149ca |
... | ... |
@@ -10,6 +11,7 @@ DIST gentoo-apache-2.2.14-20091006.tar.bz2 63730 RMD160 0aa9d8ef866114f65e1f7d7a |
10 | 11 |
DIST gentoo-apache-2.2.14-r1-20091008.tar.bz2 62359 RMD160 0e78de9a61265be2ef797e02bce0cf89f0a5fd2a SHA1 357316581f7d7d289655992216be6c5f5342f32c SHA256 99db378884b33af1c97713f63d92f0bb1d02eef6dc1f8f47a9addd258b3f7233 |
11 | 12 |
DIST gentoo-apache-2.2.15-20100307.tar.bz2 63716 RMD160 aa16c46ec930c020820293b884876946b81bd476 SHA1 20fa102d6094d00d3c874b0b1df69d0ddcf34339 SHA256 b3c4ca6eed24ea82ff37bfa331403b09c94f3b2a8b5b1058761651c6824787c1 |
12 | 13 |
DIST gentoo-apache-2.2.16-20100828.tar.bz2 63742 RMD160 c001f1f55099977c41b03346e449c95629f6b9be SHA1 bcb607199244948ffbb883aa36cabe54865ccfea SHA256 2820546adc7b3b3a38ae5173c75cab7ac42cc611570f0ffd814f833ee464f608 |
14 |
+DIST gentoo-apache-2.2.17-20110218.tar.bz2 62615 RMD160 05b57ab08e1938e5bf41ead2ce53c71c59303d60 SHA1 2a877d8269c3df5bb11f1a3c30953b38e8a17119 SHA256 8cc3cfe47d55877eaff15d6688d9ced1e7e54c93f012f4d84561d7ef7a3118ad |
|
13 | 15 |
DIST gentoo-apache-2.2.8-r3-20080601.tar.bz2 60383 RMD160 f7d662ac9bce6bcc0e0506503be166fdb7a95eba SHA1 1d87d6ed727a8b7074446a472eb46d2b1a9eb532 SHA256 bc1bdc87aab4cfc377e2016e69f715495097bf37c47112ac6d52929adf0fbc40 |
14 | 16 |
DIST gentoo-apache-2.2.9-20080615.tar.bz2 60183 RMD160 924b6268324aa679b5ff624ece159dad323028aa SHA1 6c8e053a33a561df2417e718803b65f7ac55b640 SHA256 c3bb95e339d7bdfdcd3bd71927287843df0d34ad2740ddc7913cbb0200fc8072 |
15 | 17 |
DIST httpd-2.2.10.tar.bz2 5068069 RMD160 30f240222a775efa14b104a2b8df1e1dc65f4b8a SHA1 3a71f4904e359603c3338b07a1178ddfacfaa8c6 SHA256 681d5787288e4e527877f415acce198be96ce7de0dc6e354646b1df4aae21383 |
... | ... |
@@ -19,6 +21,7 @@ DIST httpd-2.2.13.tar.bz2 5300199 RMD160 4a6a2247cc118175a9a36f1e14344ee71da2462 |
19 | 21 |
DIST httpd-2.2.14.tar.bz2 5147171 RMD160 ff5077e444ba995475202bb3b9be733384c809d1 SHA1 eacd04c87b489231ae708c84a77dc8e9ee176fd2 SHA256 b2deab8a5e797fde7a04fb4a5ebfa9c80f767d064dd19dcd2857c94838ae3ac6 |
20 | 22 |
DIST httpd-2.2.15.tar.bz2 4959582 RMD160 e5c5da1fdf86a6b0501f6c8e97ccb1982e81cfdf SHA1 5f0e973839ed2e38a4d03adba109ef5ce3381bc2 SHA256 5ae0c428e7abd87eecbac8564d90a7182104325bae7086c21db7b3a1e3140ca7 |
21 | 23 |
DIST httpd-2.2.16.tar.bz2 4775545 RMD160 2e6d7d1dae40905be7fdd793140f62cf58112095 SHA1 ef92f5b3124fe5e9ba6121ea7f4bab8c014068f9 SHA256 9457d57a6bea15ce5bde83c88803c030953b99bdd0fbae65854adff527ed4c52 |
24 |
+DIST httpd-2.2.17.tar.bz2 4951247 RMD160 4a2f16f2891094d4176565fadf0e8fcadf7dbaff SHA1 5c9b44620dee449a86ba1bcba1715033c2c26b08 SHA256 868af11e3ed8fa9aade15241ea4f51971b3ef71104292ca2625ef2065e61fb04 |
|
22 | 25 |
DIST httpd-2.2.8.tar.bz2 4799055 RMD160 0736ea9617bafaa1c8cd34ce4fc1c7a659afea57 SHA1 5074904435d3d942ce2dc96c44b07294b8eaca77 SHA256 2ad8d0db1e478838ba88a0ddaf538c7150027d937b017739fdcb3fabb96ebd39 |
23 | 26 |
DIST httpd-2.2.9.tar.bz2 4943462 RMD160 8fd62ae78271aa0ded6ba2f5bfeea8c63b79060a SHA1 71715d81e7a5ace4499803df7369c78b85251083 SHA256 d76599fbcf8b3bcff2779f880fb10e4a2bc4af60f64232083c06863e40850b61 |
24 | 27 |
EBUILD apache-2.2.10.ebuild 2845 RMD160 cc94372a6c8e59b9e184458ec3a6b8ab0dae4fae SHA1 5d2cd9424f57027d4bf38ba165dd0656795aa6a4 SHA256 ffd992a0c1e2d952aa6bf710ecc1d0b751b27b30e829bf644f9949aa71c5d0a7 |
... | ... |
@@ -29,6 +32,7 @@ EBUILD apache-2.2.13.ebuild 2580 RMD160 bd9bda9465e6c81268754510585579266480f4a3 |
29 | 32 |
EBUILD apache-2.2.14-r1.ebuild 2405 RMD160 07fc0f1e8cb9d1af6b1d23c4d3c74771996d1466 SHA1 d6ea08fe65cf23d6219e6e1454dec296fb635d70 SHA256 f83dccdf8881bc797cd8aaf7360fa70caf7ed133dabd2fb2d871916d3b121a0d |
30 | 33 |
EBUILD apache-2.2.14.ebuild 2579 RMD160 1eba4a19660bf9904851200c85dd66e8b0a5009e SHA1 645e56d8e1dc006fe8c6d58b887358f6e9abb670 SHA256 69909743f060158d2deef73669fc2d8472f50dc1b8a166689c9e8dacc7572a47 |
31 | 34 |
EBUILD apache-2.2.15.ebuild 2407 RMD160 585cccc67165f38f0eb6c30f576d61d1abd105bc SHA1 70bb1b480b71a25bc2081d7d4f3b6beacaadfd48 SHA256 819f76accae48caf4919dd3373b6fa3aac344cbfba4e3ff280e9a79723023b77 |
32 |
-EBUILD apache-2.2.16.ebuild 2416 RMD160 2cfa21f09f7c1a40a63be56b204d7c948214e9c8 SHA1 f16a0089102dace8184c839e1587c08a85a2dfb1 SHA256 5aa02250e5bc51deb9a2194fbdb101a32e6a522b2612dceecdb017c972342ac8 |
|
35 |
+EBUILD apache-2.2.16.ebuild 2474 RMD160 b5932b7fb8f535a04f3bbaf9914d762faa227376 SHA1 e128d51edff342e06454912b26b5bfae780201d7 SHA256 946feaa6a54d19e0d17acb277ab9e77173e62218a209cea4adb2f39f187fb8af |
|
36 |
+EBUILD apache-2.2.17.ebuild 2800 RMD160 c2aa5d7da738e45373e0cc7339e413bad3557e5a SHA1 c6879641f80082b8f75b4f42a846874f556aee94 SHA256 83f31753eebda1c74392e74b3520475d227ffb31da41f4b2057e10b1401f3fe1 |
|
33 | 37 |
EBUILD apache-2.2.8-r3.ebuild 5288 RMD160 096b8185d25c485fd2bd13c09de9de8b5e11dcc8 SHA1 5aff0c23059bb10346c1b2988f496becc28f3a19 SHA256 2cb835468f5968a42b86924909b50cdbd9e0c4e24f0fe30e8c547d82fe49e97a |
34 | 38 |
EBUILD apache-2.2.9.ebuild 2812 RMD160 91b5a44a2db30a6d85e3302bfe9dc16bfcbaf045 SHA1 764bb36273e23745f2ba2cb6a36184096c650f12 SHA256 1302cc772b0404fd65eb9ea7a970558ecc8b0861049a07e122dc95387d45b6e4 |
... | ... |
@@ -81,7 +81,7 @@ HOMEPAGE="http://httpd.apache.org/" |
81 | 81 |
LICENSE="Apache-2.0 Apache-1.1" |
82 | 82 |
SLOT="2" |
83 | 83 |
KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
84 |
-IUSE="" |
|
84 |
+IUSE="ecc" |
|
85 | 85 |
|
86 | 86 |
DEPEND="${DEPEND} |
87 | 87 |
>=dev-libs/openssl-0.9.8m |
... | ... |
@@ -94,4 +94,5 @@ RDEPEND="${RDEPEND} |
94 | 94 |
src_prepare() { |
95 | 95 |
apache-2_src_prepare |
96 | 96 |
epatch "${FILESDIR}/apache-noip.diff" |
97 |
+ use ecc && epatch "${FILESDIR}/httpd-2.2.16-ecc.diff" |
|
97 | 98 |
} |
... | ... |
@@ -0,0 +1,106 @@ |
1 |
+# Copyright 1999-2011 Gentoo Foundation |
|
2 |
+# Distributed under the terms of the GNU General Public License v2 |
|
3 |
+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.17.ebuild,v 1.2 2011/03/26 20:01:03 angelos Exp $ |
|
4 |
+ |
|
5 |
+# latest gentoo apache files |
|
6 |
+GENTOO_PATCHSTAMP="20110218" |
|
7 |
+GENTOO_DEVELOPER="hollow" |
|
8 |
+# We want the patch from r0 |
|
9 |
+GENTOO_PATCHNAME="gentoo-${P}" |
|
10 |
+ |
|
11 |
+# IUSE/USE_EXPAND magic |
|
12 |
+IUSE_MPMS_FORK="itk peruser prefork" |
|
13 |
+IUSE_MPMS_THREAD="event worker" |
|
14 |
+ |
|
15 |
+IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon |
|
16 |
+authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default |
|
17 |
+authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta |
|
18 |
+charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio |
|
19 |
+env expires ext_filter file_cache filter headers ident imagemap include info |
|
20 |
+log_config log_forensic logio mem_cache mime mime_magic negotiation proxy |
|
21 |
+proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite |
|
22 |
+reqtimeout setenvif speling status substitute unique_id userdir usertrack |
|
23 |
+version vhost_alias" |
|
24 |
+# The following are also in the source as of this version, but are not available |
|
25 |
+# for user selection: |
|
26 |
+# bucketeer case_filter case_filter_in echo http isapi optional_fn_export |
|
27 |
+# optional_fn_import optional_hook_export optional_hook_import |
|
28 |
+ |
|
29 |
+# inter-module dependencies |
|
30 |
+# TODO: this may still be incomplete |
|
31 |
+MODULE_DEPENDS=" |
|
32 |
+ dav_fs:dav |
|
33 |
+ dav_lock:dav |
|
34 |
+ deflate:filter |
|
35 |
+ disk_cache:cache |
|
36 |
+ ext_filter:filter |
|
37 |
+ file_cache:cache |
|
38 |
+ log_forensic:log_config |
|
39 |
+ logio:log_config |
|
40 |
+ mem_cache:cache |
|
41 |
+ mime_magic:mime |
|
42 |
+ proxy_ajp:proxy |
|
43 |
+ proxy_balancer:proxy |
|
44 |
+ proxy_connect:proxy |
|
45 |
+ proxy_ftp:proxy |
|
46 |
+ proxy_http:proxy |
|
47 |
+ proxy_scgi:proxy |
|
48 |
+ substitute:filter |
|
49 |
+" |
|
50 |
+ |
|
51 |
+# module<->define mappings |
|
52 |
+MODULE_DEFINES=" |
|
53 |
+ auth_digest:AUTH_DIGEST |
|
54 |
+ authnz_ldap:AUTHNZ_LDAP |
|
55 |
+ cache:CACHE |
|
56 |
+ dav:DAV |
|
57 |
+ dav_fs:DAV |
|
58 |
+ dav_lock:DAV |
|
59 |
+ disk_cache:CACHE |
|
60 |
+ file_cache:CACHE |
|
61 |
+ info:INFO |
|
62 |
+ ldap:LDAP |
|
63 |
+ mem_cache:CACHE |
|
64 |
+ proxy:PROXY |
|
65 |
+ proxy_ajp:PROXY |
|
66 |
+ proxy_balancer:PROXY |
|
67 |
+ proxy_connect:PROXY |
|
68 |
+ proxy_ftp:PROXY |
|
69 |
+ proxy_http:PROXY |
|
70 |
+ ssl:SSL |
|
71 |
+ status:STATUS |
|
72 |
+ suexec:SUEXEC |
|
73 |
+ userdir:USERDIR |
|
74 |
+" |
|
75 |
+ |
|
76 |
+# critical modules for the default config |
|
77 |
+MODULE_CRITICAL=" |
|
78 |
+ authz_host |
|
79 |
+ dir |
|
80 |
+ mime |
|
81 |
+" |
|
82 |
+ |
|
83 |
+inherit apache-2 |
|
84 |
+ |
|
85 |
+src_prepare() { |
|
86 |
+ epatch "${FILESDIR}"/apache-noip.diff |
|
87 |
+ epatch "${FILESDIR}"/httpd-2.2.16-ecc.diff |
|
88 |
+ apache-2_src_prepare |
|
89 |
+} |
|
90 |
+ |
|
91 |
+DESCRIPTION="The Apache Web Server." |
|
92 |
+HOMEPAGE="http://httpd.apache.org/" |
|
93 |
+ |
|
94 |
+# some helper scripts are Apache-1.1, thus both are here |
|
95 |
+LICENSE="Apache-2.0 Apache-1.1" |
|
96 |
+SLOT="2" |
|
97 |
+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" |
|
98 |
+IUSE="" |
|
99 |
+ |
|
100 |
+DEPEND="${DEPEND} |
|
101 |
+ >=dev-libs/openssl-0.9.8m |
|
102 |
+ apache2_modules_deflate? ( sys-libs/zlib )" |
|
103 |
+ |
|
104 |
+RDEPEND="${RDEPEND} |
|
105 |
+ >=dev-libs/openssl-0.9.8m |
|
106 |
+ apache2_modules_mime? ( app-misc/mime-types )" |
... | ... |
@@ -0,0 +1,249 @@ |
1 |
+diff -Naur httpd-2.2.16/modules/ssl/mod_ssl.c httpd-2.2.16-ecc/modules/ssl/mod_ssl.c |
|
2 |
+--- httpd-2.2.16/modules/ssl/mod_ssl.c 2010-07-12 20:47:45.000000000 +0200 |
|
3 |
++++ httpd-2.2.16-ecc/modules/ssl/mod_ssl.c 2011-01-04 21:54:17.587477515 +0100 |
|
4 |
+@@ -424,6 +424,9 @@ |
|
5 |
+ */ |
|
6 |
+ SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA); |
|
7 |
+ SSL_set_tmp_dh_callback(ssl, ssl_callback_TmpDH); |
|
8 |
++#ifndef OPENSSL_NO_EC |
|
9 |
++ SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH); |
|
10 |
++#endif |
|
11 |
+ |
|
12 |
+ SSL_set_verify_result(ssl, X509_V_OK); |
|
13 |
+ |
|
14 |
+diff -Naur httpd-2.2.16/modules/ssl/ssl_engine_init.c httpd-2.2.16-ecc/modules/ssl/ssl_engine_init.c |
|
15 |
+--- httpd-2.2.16/modules/ssl/ssl_engine_init.c 2010-07-12 20:47:45.000000000 +0200 |
|
16 |
++++ httpd-2.2.16-ecc/modules/ssl/ssl_engine_init.c 2011-01-04 21:56:05.611610901 +0100 |
|
17 |
+@@ -399,7 +399,11 @@ |
|
18 |
+ * Check for problematic re-initializations |
|
19 |
+ */ |
|
20 |
+ if (mctx->pks->certs[SSL_AIDX_RSA] || |
|
21 |
+- mctx->pks->certs[SSL_AIDX_DSA]) |
|
22 |
++ mctx->pks->certs[SSL_AIDX_DSA] |
|
23 |
++#ifndef OPENSSL_NO_EC |
|
24 |
++ || mctx->pks->certs[SSL_AIDX_ECC] |
|
25 |
++#endif |
|
26 |
++ ) |
|
27 |
+ { |
|
28 |
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
29 |
+ "Illegal attempt to re-initialise SSL for server " |
|
30 |
+@@ -554,6 +558,9 @@ |
|
31 |
+ |
|
32 |
+ SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA); |
|
33 |
+ SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); |
|
34 |
++#ifndef OPENSSL_NO_EC |
|
35 |
++ SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH); |
|
36 |
++#endif |
|
37 |
+ |
|
38 |
+ SSL_CTX_set_info_callback(ctx, ssl_callback_Info); |
|
39 |
+ } |
|
40 |
+@@ -821,9 +828,16 @@ |
|
41 |
+ ssl_asn1_t *asn1; |
|
42 |
+ MODSSL_D2I_PrivateKey_CONST unsigned char *ptr; |
|
43 |
+ const char *type = ssl_asn1_keystr(idx); |
|
44 |
+- int pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA; |
|
45 |
++ int pkey_type; |
|
46 |
+ EVP_PKEY *pkey; |
|
47 |
+ |
|
48 |
++#ifndef OPENSSL_NO_EC |
|
49 |
++ if (idx == SSL_AIDX_ECC) |
|
50 |
++ pkey_type = EVP_PKEY_EC; |
|
51 |
++ else |
|
52 |
++#endif /* SSL_LIBRARY_VERSION */ |
|
53 |
++ pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA; |
|
54 |
++ |
|
55 |
+ if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) { |
|
56 |
+ return FALSE; |
|
57 |
+ } |
|
58 |
+@@ -934,19 +948,39 @@ |
|
59 |
+ modssl_ctx_t *mctx) |
|
60 |
+ { |
|
61 |
+ const char *rsa_id, *dsa_id; |
|
62 |
++#ifndef OPENSSL_NO_EC |
|
63 |
++ const char *ecc_id; |
|
64 |
++#endif |
|
65 |
+ const char *vhost_id = mctx->sc->vhost_id; |
|
66 |
+ int i; |
|
67 |
+ int have_rsa, have_dsa; |
|
68 |
++#ifndef OPENSSL_NO_EC |
|
69 |
++ int have_ecc; |
|
70 |
++#endif |
|
71 |
+ |
|
72 |
+ rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA); |
|
73 |
+ dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA); |
|
74 |
++#ifndef OPENSSL_NO_EC |
|
75 |
++ ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC); |
|
76 |
++#endif |
|
77 |
+ |
|
78 |
+ have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA); |
|
79 |
+ have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA); |
|
80 |
++#ifndef OPENSSL_NO_EC |
|
81 |
++ have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC); |
|
82 |
++#endif |
|
83 |
+ |
|
84 |
+- if (!(have_rsa || have_dsa)) { |
|
85 |
++ if (!(have_rsa || have_dsa |
|
86 |
++#ifndef OPENSSL_NO_EC |
|
87 |
++ || have_ecc |
|
88 |
++#endif |
|
89 |
++)) { |
|
90 |
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
91 |
++#ifndef OPENSSL_NO_EC |
|
92 |
++ "Oops, no RSA, DSA or ECC server certificate found " |
|
93 |
++#else |
|
94 |
+ "Oops, no RSA or DSA server certificate found " |
|
95 |
++#endif |
|
96 |
+ "for '%s:%d'?!", s->server_hostname, s->port); |
|
97 |
+ ssl_die(); |
|
98 |
+ } |
|
99 |
+@@ -957,10 +991,21 @@ |
|
100 |
+ |
|
101 |
+ have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA); |
|
102 |
+ have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA); |
|
103 |
++#ifndef OPENSSL_NO_EC |
|
104 |
++ have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC); |
|
105 |
++#endif |
|
106 |
+ |
|
107 |
+- if (!(have_rsa || have_dsa)) { |
|
108 |
++ if (!(have_rsa || have_dsa |
|
109 |
++#ifndef OPENSSL_NO_EC |
|
110 |
++ || have_ecc |
|
111 |
++#endif |
|
112 |
++ )) { |
|
113 |
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, |
|
114 |
++#ifndef OPENSSL_NO_EC |
|
115 |
++ "Oops, no RSA, DSA or ECC server private key found?!"); |
|
116 |
++#else |
|
117 |
+ "Oops, no RSA or DSA server private key found?!"); |
|
118 |
++#endif |
|
119 |
+ ssl_die(); |
|
120 |
+ } |
|
121 |
+ } |
|
122 |
+diff -Naur httpd-2.2.16/modules/ssl/ssl_engine_kernel.c httpd-2.2.16-ecc/modules/ssl/ssl_engine_kernel.c |
|
123 |
+--- httpd-2.2.16/modules/ssl/ssl_engine_kernel.c 2010-02-27 22:00:58.000000000 +0100 |
|
124 |
++++ httpd-2.2.16-ecc/modules/ssl/ssl_engine_kernel.c 2011-01-04 21:54:17.578477589 +0100 |
|
125 |
+@@ -1287,6 +1287,33 @@ |
|
126 |
+ return (DH *)mc->pTmpKeys[idx]; |
|
127 |
+ } |
|
128 |
+ |
|
129 |
++#ifndef OPENSSL_NO_EC |
|
130 |
++EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen) |
|
131 |
++{ |
|
132 |
++ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); |
|
133 |
++ SSLModConfigRec *mc = myModConfig(c->base_server); |
|
134 |
++ int idx; |
|
135 |
++ static EC_KEY *ecdh = NULL; |
|
136 |
++ static init = 0; |
|
137 |
++ |
|
138 |
++ /* XXX Uses 256-bit key for now. TODO: support other sizes. */ |
|
139 |
++ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, |
|
140 |
++ "handing out temporary 256 bit ECC key"); |
|
141 |
++ |
|
142 |
++ if (init == 0) { |
|
143 |
++ ecdh = EC_KEY_new(); |
|
144 |
++ if (ecdh != NULL) { |
|
145 |
++ /* ecdh->group = EC_GROUP_new_by_nid(NID_secp160r2); */ |
|
146 |
++ EC_KEY_set_group(ecdh, |
|
147 |
++ EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); |
|
148 |
++ } |
|
149 |
++ init = 1; |
|
150 |
++ } |
|
151 |
++ |
|
152 |
++ return ecdh; |
|
153 |
++} |
|
154 |
++#endif |
|
155 |
++ |
|
156 |
+ /* |
|
157 |
+ * This OpenSSL callback function is called when OpenSSL |
|
158 |
+ * does client authentication and verifies the certificate chain. |
|
159 |
+diff -Naur httpd-2.2.16/modules/ssl/ssl_private.h httpd-2.2.16-ecc/modules/ssl/ssl_private.h |
|
160 |
+--- httpd-2.2.16/modules/ssl/ssl_private.h 2010-07-12 20:47:45.000000000 +0200 |
|
161 |
++++ httpd-2.2.16-ecc/modules/ssl/ssl_private.h 2011-01-04 21:54:17.577477597 +0100 |
|
162 |
+@@ -181,11 +181,21 @@ |
|
163 |
+ #define SSL_ALGO_UNKNOWN (0) |
|
164 |
+ #define SSL_ALGO_RSA (1<<0) |
|
165 |
+ #define SSL_ALGO_DSA (1<<1) |
|
166 |
++#ifndef OPENSSL_NO_EC |
|
167 |
++#define SSL_ALGO_ECC (1<<2) |
|
168 |
++#define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA|SSL_ALGO_ECC) |
|
169 |
++#else |
|
170 |
+ #define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA) |
|
171 |
++#endif /* SSL_LIBRARY_VERSION */ |
|
172 |
+ |
|
173 |
+ #define SSL_AIDX_RSA (0) |
|
174 |
+ #define SSL_AIDX_DSA (1) |
|
175 |
++#ifndef OPENSSL_NO_EC |
|
176 |
++#define SSL_AIDX_ECC (2) |
|
177 |
++#define SSL_AIDX_MAX (3) |
|
178 |
++#else |
|
179 |
+ #define SSL_AIDX_MAX (2) |
|
180 |
++#endif /* SSL_LIBRARY_VERSION */ |
|
181 |
+ |
|
182 |
+ |
|
183 |
+ /** |
|
184 |
+@@ -589,6 +599,9 @@ |
|
185 |
+ /** OpenSSL callbacks */ |
|
186 |
+ RSA *ssl_callback_TmpRSA(SSL *, int, int); |
|
187 |
+ DH *ssl_callback_TmpDH(SSL *, int, int); |
|
188 |
++#ifndef OPENSSL_NO_EC |
|
189 |
++EC_KEY *ssl_callback_TmpECDH(SSL *, int, int); |
|
190 |
++#endif /* SSL_LIBRARY_VERSION */ |
|
191 |
+ int ssl_callback_SSLVerify(int, X509_STORE_CTX *); |
|
192 |
+ int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *); |
|
193 |
+ int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey); |
|
194 |
+diff -Naur httpd-2.2.16/modules/ssl/ssl_toolkit_compat.h httpd-2.2.16-ecc/modules/ssl/ssl_toolkit_compat.h |
|
195 |
+--- httpd-2.2.16/modules/ssl/ssl_toolkit_compat.h 2010-07-12 20:47:45.000000000 +0200 |
|
196 |
++++ httpd-2.2.16-ecc/modules/ssl/ssl_toolkit_compat.h 2011-01-04 21:55:26.583924797 +0100 |
|
197 |
+@@ -38,6 +38,13 @@ |
|
198 |
+ #include <openssl/evp.h> |
|
199 |
+ #include <openssl/rand.h> |
|
200 |
+ #include <openssl/x509v3.h> |
|
201 |
++ |
|
202 |
++ |
|
203 |
++/* ECC support came along in OpenSSL 1.0.0 */ |
|
204 |
++#if (OPENSSL_VERSION_NUMBER < 0x10000000) |
|
205 |
++#define OPENSSL_NO_EC |
|
206 |
++#endif |
|
207 |
++ |
|
208 |
+ /** Avoid tripping over an engine build installed globally and detected |
|
209 |
+ * when the user points at an explicit non-engine flavor of OpenSSL |
|
210 |
+ */ |
|
211 |
+diff -Naur httpd-2.2.16/modules/ssl/ssl_util.c httpd-2.2.16-ecc/modules/ssl/ssl_util.c |
|
212 |
+--- httpd-2.2.16/modules/ssl/ssl_util.c 2008-09-18 16:34:51.000000000 +0200 |
|
213 |
++++ httpd-2.2.16-ecc/modules/ssl/ssl_util.c 2011-01-04 21:54:17.578477589 +0100 |
|
214 |
+@@ -150,6 +150,11 @@ |
|
215 |
+ case EVP_PKEY_DSA: |
|
216 |
+ t = SSL_ALGO_DSA; |
|
217 |
+ break; |
|
218 |
++#ifndef OPENSSL_NO_EC |
|
219 |
++ case EVP_PKEY_EC: |
|
220 |
++ t = SSL_ALGO_ECC; |
|
221 |
++ break; |
|
222 |
++#endif |
|
223 |
+ default: |
|
224 |
+ break; |
|
225 |
+ } |
|
226 |
+@@ -174,6 +179,11 @@ |
|
227 |
+ case SSL_ALGO_DSA: |
|
228 |
+ cp = "DSA"; |
|
229 |
+ break; |
|
230 |
++#ifndef OPENSSL_NO_EC |
|
231 |
++ case SSL_ALGO_ECC: |
|
232 |
++ cp = "ECC"; |
|
233 |
++ break; |
|
234 |
++#endif |
|
235 |
+ default: |
|
236 |
+ break; |
|
237 |
+ } |
|
238 |
+@@ -245,7 +255,11 @@ |
|
239 |
+ apr_hash_set(table, key, klen, NULL); |
|
240 |
+ } |
|
241 |
+ |
|
242 |
++#ifndef OPENSSL_NO_EC |
|
243 |
++static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"}; |
|
244 |
++#else |
|
245 |
+ static const char *ssl_asn1_key_types[] = {"RSA", "DSA"}; |
|
246 |
++#endif |
|
247 |
+ |
|
248 |
+ const char *ssl_asn1_keystr(int keytype) |
|
249 |
+ { |
|
0 | 250 |