keks-overlay.git

@@ -1,5 +1,6 @@

 AUX apache-noip.diff 417 RMD160 8e16f7ff130cea52449a25aafbbdeb78919d9eae SHA1 7c19a0236e4eff23bee6e69ee6708a24529a974c SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc

 AUX apache-tlsext-workaround.diff 395 RMD160 c756f0e935e4392d44c57a202fd73af173b3b9b2 SHA1 f9619250609d4bd1bddc3e28e23f61cfedb93c09 SHA256 ee0b535bc401ae6b4028d4fa238198f067cacab936d69596c4d8b4ca1ea23619

+AUX httpd-2.2.16-ecc.diff 8236 RMD160 604f1124c168805b7702a6ca4a26ee7004fbab0b SHA1 3badbccc36c21710ef1c60f47963bcc631c00917 SHA256 e7fe97852875de06372d8413248fa20419946e2ab7de5198c93bffa6b5a68461

 AUX httpd-2.2.x-sni.diff 13866 RMD160 ae21ae0ebc2c0d263b5290d67aeefd56b145ed73 SHA1 b8b8dcc56e6a7bb5c07d95fa46683db4170dd7ba SHA256 092aaa998f2b15e6b89b0785c237ce3bb40d4bf188509fcf58470ce5731380e9

 DIST gentoo-apache-2.2.10-20081025.tar.bz2 60296 RMD160 bc6d9e05a5924cf104e0a07b18ab6c9da526a1dc SHA1 f3ea7bda13b57b9f622890b2d9288cb096472a96 SHA256 e7704ac9a645bb722d8063735c7de17a4041d76cc72244fc928a0a5ad1ee1ccd

 DIST gentoo-apache-2.2.11-20090101.tar.bz2 60721 RMD160 2a2342bcff3778f44ecb148c333da49f71b5ed57 SHA1 6bb963fa73bf2c26d89dc6b808454d1541f103db SHA256 88a24a6e600024386db5cfd704b11cd7a408ba6ef067a2ffe2dc0923993149ca

@@ -10,6 +11,7 @@ DIST gentoo-apache-2.2.14-20091006.tar.bz2 63730 RMD160 0aa9d8ef866114f65e1f7d7a

 DIST gentoo-apache-2.2.14-r1-20091008.tar.bz2 62359 RMD160 0e78de9a61265be2ef797e02bce0cf89f0a5fd2a SHA1 357316581f7d7d289655992216be6c5f5342f32c SHA256 99db378884b33af1c97713f63d92f0bb1d02eef6dc1f8f47a9addd258b3f7233

 DIST gentoo-apache-2.2.15-20100307.tar.bz2 63716 RMD160 aa16c46ec930c020820293b884876946b81bd476 SHA1 20fa102d6094d00d3c874b0b1df69d0ddcf34339 SHA256 b3c4ca6eed24ea82ff37bfa331403b09c94f3b2a8b5b1058761651c6824787c1

 DIST gentoo-apache-2.2.16-20100828.tar.bz2 63742 RMD160 c001f1f55099977c41b03346e449c95629f6b9be SHA1 bcb607199244948ffbb883aa36cabe54865ccfea SHA256 2820546adc7b3b3a38ae5173c75cab7ac42cc611570f0ffd814f833ee464f608

+DIST gentoo-apache-2.2.17-20110218.tar.bz2 62615 RMD160 05b57ab08e1938e5bf41ead2ce53c71c59303d60 SHA1 2a877d8269c3df5bb11f1a3c30953b38e8a17119 SHA256 8cc3cfe47d55877eaff15d6688d9ced1e7e54c93f012f4d84561d7ef7a3118ad

 DIST gentoo-apache-2.2.8-r3-20080601.tar.bz2 60383 RMD160 f7d662ac9bce6bcc0e0506503be166fdb7a95eba SHA1 1d87d6ed727a8b7074446a472eb46d2b1a9eb532 SHA256 bc1bdc87aab4cfc377e2016e69f715495097bf37c47112ac6d52929adf0fbc40

 DIST gentoo-apache-2.2.9-20080615.tar.bz2 60183 RMD160 924b6268324aa679b5ff624ece159dad323028aa SHA1 6c8e053a33a561df2417e718803b65f7ac55b640 SHA256 c3bb95e339d7bdfdcd3bd71927287843df0d34ad2740ddc7913cbb0200fc8072

 DIST httpd-2.2.10.tar.bz2 5068069 RMD160 30f240222a775efa14b104a2b8df1e1dc65f4b8a SHA1 3a71f4904e359603c3338b07a1178ddfacfaa8c6 SHA256 681d5787288e4e527877f415acce198be96ce7de0dc6e354646b1df4aae21383

@@ -19,6 +21,7 @@ DIST httpd-2.2.13.tar.bz2 5300199 RMD160 4a6a2247cc118175a9a36f1e14344ee71da2462

 DIST httpd-2.2.14.tar.bz2 5147171 RMD160 ff5077e444ba995475202bb3b9be733384c809d1 SHA1 eacd04c87b489231ae708c84a77dc8e9ee176fd2 SHA256 b2deab8a5e797fde7a04fb4a5ebfa9c80f767d064dd19dcd2857c94838ae3ac6

 DIST httpd-2.2.15.tar.bz2 4959582 RMD160 e5c5da1fdf86a6b0501f6c8e97ccb1982e81cfdf SHA1 5f0e973839ed2e38a4d03adba109ef5ce3381bc2 SHA256 5ae0c428e7abd87eecbac8564d90a7182104325bae7086c21db7b3a1e3140ca7

 DIST httpd-2.2.16.tar.bz2 4775545 RMD160 2e6d7d1dae40905be7fdd793140f62cf58112095 SHA1 ef92f5b3124fe5e9ba6121ea7f4bab8c014068f9 SHA256 9457d57a6bea15ce5bde83c88803c030953b99bdd0fbae65854adff527ed4c52

+DIST httpd-2.2.17.tar.bz2 4951247 RMD160 4a2f16f2891094d4176565fadf0e8fcadf7dbaff SHA1 5c9b44620dee449a86ba1bcba1715033c2c26b08 SHA256 868af11e3ed8fa9aade15241ea4f51971b3ef71104292ca2625ef2065e61fb04

 DIST httpd-2.2.8.tar.bz2 4799055 RMD160 0736ea9617bafaa1c8cd34ce4fc1c7a659afea57 SHA1 5074904435d3d942ce2dc96c44b07294b8eaca77 SHA256 2ad8d0db1e478838ba88a0ddaf538c7150027d937b017739fdcb3fabb96ebd39

 DIST httpd-2.2.9.tar.bz2 4943462 RMD160 8fd62ae78271aa0ded6ba2f5bfeea8c63b79060a SHA1 71715d81e7a5ace4499803df7369c78b85251083 SHA256 d76599fbcf8b3bcff2779f880fb10e4a2bc4af60f64232083c06863e40850b61

 EBUILD apache-2.2.10.ebuild 2845 RMD160 cc94372a6c8e59b9e184458ec3a6b8ab0dae4fae SHA1 5d2cd9424f57027d4bf38ba165dd0656795aa6a4 SHA256 ffd992a0c1e2d952aa6bf710ecc1d0b751b27b30e829bf644f9949aa71c5d0a7

@@ -29,6 +32,7 @@ EBUILD apache-2.2.13.ebuild 2580 RMD160 bd9bda9465e6c81268754510585579266480f4a3

 EBUILD apache-2.2.14-r1.ebuild 2405 RMD160 07fc0f1e8cb9d1af6b1d23c4d3c74771996d1466 SHA1 d6ea08fe65cf23d6219e6e1454dec296fb635d70 SHA256 f83dccdf8881bc797cd8aaf7360fa70caf7ed133dabd2fb2d871916d3b121a0d

 EBUILD apache-2.2.14.ebuild 2579 RMD160 1eba4a19660bf9904851200c85dd66e8b0a5009e SHA1 645e56d8e1dc006fe8c6d58b887358f6e9abb670 SHA256 69909743f060158d2deef73669fc2d8472f50dc1b8a166689c9e8dacc7572a47

 EBUILD apache-2.2.15.ebuild 2407 RMD160 585cccc67165f38f0eb6c30f576d61d1abd105bc SHA1 70bb1b480b71a25bc2081d7d4f3b6beacaadfd48 SHA256 819f76accae48caf4919dd3373b6fa3aac344cbfba4e3ff280e9a79723023b77

-EBUILD apache-2.2.16.ebuild 2416 RMD160 2cfa21f09f7c1a40a63be56b204d7c948214e9c8 SHA1 f16a0089102dace8184c839e1587c08a85a2dfb1 SHA256 5aa02250e5bc51deb9a2194fbdb101a32e6a522b2612dceecdb017c972342ac8

+EBUILD apache-2.2.16.ebuild 2474 RMD160 b5932b7fb8f535a04f3bbaf9914d762faa227376 SHA1 e128d51edff342e06454912b26b5bfae780201d7 SHA256 946feaa6a54d19e0d17acb277ab9e77173e62218a209cea4adb2f39f187fb8af

+EBUILD apache-2.2.17.ebuild 2800 RMD160 c2aa5d7da738e45373e0cc7339e413bad3557e5a SHA1 c6879641f80082b8f75b4f42a846874f556aee94 SHA256 83f31753eebda1c74392e74b3520475d227ffb31da41f4b2057e10b1401f3fe1

 EBUILD apache-2.2.8-r3.ebuild 5288 RMD160 096b8185d25c485fd2bd13c09de9de8b5e11dcc8 SHA1 5aff0c23059bb10346c1b2988f496becc28f3a19 SHA256 2cb835468f5968a42b86924909b50cdbd9e0c4e24f0fe30e8c547d82fe49e97a

 EBUILD apache-2.2.9.ebuild 2812 RMD160 91b5a44a2db30a6d85e3302bfe9dc16bfcbaf045 SHA1 764bb36273e23745f2ba2cb6a36184096c650f12 SHA256 1302cc772b0404fd65eb9ea7a970558ecc8b0861049a07e122dc95387d45b6e4

@@ -81,7 +81,7 @@ HOMEPAGE="http://httpd.apache.org/"

 LICENSE="Apache-2.0 Apache-1.1"

 SLOT="2"

 KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"

-IUSE=""

+IUSE="ecc"

 DEPEND="${DEPEND}

 	>=dev-libs/openssl-0.9.8m

@@ -94,4 +94,5 @@ RDEPEND="${RDEPEND}

 src_prepare() {

 	apache-2_src_prepare

 	epatch "${FILESDIR}/apache-noip.diff"

+	use ecc && epatch "${FILESDIR}/httpd-2.2.16-ecc.diff"

 }

@@ -0,0 +1,106 @@

+# Copyright 1999-2011 Gentoo Foundation

+# Distributed under the terms of the GNU General Public License v2

+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.17.ebuild,v 1.2 2011/03/26 20:01:03 angelos Exp $

+

+# latest gentoo apache files

+GENTOO_PATCHSTAMP="20110218"

+GENTOO_DEVELOPER="hollow"

+# We want the patch from r0

+GENTOO_PATCHNAME="gentoo-${P}"

+

+# IUSE/USE_EXPAND magic

+IUSE_MPMS_FORK="itk peruser prefork"

+IUSE_MPMS_THREAD="event worker"

+

+IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon

+authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default

+authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta

+charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio

+env expires ext_filter file_cache filter headers ident imagemap include info

+log_config log_forensic logio mem_cache mime mime_magic negotiation proxy

+proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite

+reqtimeout setenvif speling status substitute unique_id userdir usertrack

+version vhost_alias"

+# The following are also in the source as of this version, but are not available

+# for user selection:

+# bucketeer case_filter case_filter_in echo http isapi optional_fn_export

+# optional_fn_import optional_hook_export optional_hook_import

+

+# inter-module dependencies

+# TODO: this may still be incomplete

+MODULE_DEPENDS="

+	dav_fs:dav

+	dav_lock:dav

+	deflate:filter

+	disk_cache:cache

+	ext_filter:filter

+	file_cache:cache

+	log_forensic:log_config

+	logio:log_config

+	mem_cache:cache

+	mime_magic:mime

+	proxy_ajp:proxy

+	proxy_balancer:proxy

+	proxy_connect:proxy

+	proxy_ftp:proxy

+	proxy_http:proxy

+	proxy_scgi:proxy

+	substitute:filter

+"

+

+# module<->define mappings

+MODULE_DEFINES="

+	auth_digest:AUTH_DIGEST

+	authnz_ldap:AUTHNZ_LDAP

+	cache:CACHE

+	dav:DAV

+	dav_fs:DAV

+	dav_lock:DAV

+	disk_cache:CACHE

+	file_cache:CACHE

+	info:INFO

+	ldap:LDAP

+	mem_cache:CACHE

+	proxy:PROXY

+	proxy_ajp:PROXY

+	proxy_balancer:PROXY

+	proxy_connect:PROXY

+	proxy_ftp:PROXY

+	proxy_http:PROXY

+	ssl:SSL

+	status:STATUS

+	suexec:SUEXEC

+	userdir:USERDIR

+"

+

+# critical modules for the default config

+MODULE_CRITICAL="

+	authz_host

+	dir

+	mime

+"

+

+inherit apache-2

+

+src_prepare() {

+	epatch "${FILESDIR}"/apache-noip.diff

+	epatch "${FILESDIR}"/httpd-2.2.16-ecc.diff

+	apache-2_src_prepare

+}

+

+DESCRIPTION="The Apache Web Server."

+HOMEPAGE="http://httpd.apache.org/"

+

+# some helper scripts are Apache-1.1, thus both are here

+LICENSE="Apache-2.0 Apache-1.1"

+SLOT="2"

+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"

+IUSE=""

+

+DEPEND="${DEPEND}

+	>=dev-libs/openssl-0.9.8m

+	apache2_modules_deflate? ( sys-libs/zlib )"

+

+RDEPEND="${RDEPEND}

+	>=dev-libs/openssl-0.9.8m

+	apache2_modules_mime? ( app-misc/mime-types )"

@@ -0,0 +1,249 @@

+diff -Naur httpd-2.2.16/modules/ssl/mod_ssl.c httpd-2.2.16-ecc/modules/ssl/mod_ssl.c

+--- httpd-2.2.16/modules/ssl/mod_ssl.c	2010-07-12 20:47:45.000000000 +0200

++++ httpd-2.2.16-ecc/modules/ssl/mod_ssl.c	2011-01-04 21:54:17.587477515 +0100

+@@ -424,6 +424,9 @@

+      */

+     SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);

+     SSL_set_tmp_dh_callback(ssl,  ssl_callback_TmpDH);

++#ifndef OPENSSL_NO_EC

++    SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH);

++#endif

+ 

+     SSL_set_verify_result(ssl, X509_V_OK);

+ 

+diff -Naur httpd-2.2.16/modules/ssl/ssl_engine_init.c httpd-2.2.16-ecc/modules/ssl/ssl_engine_init.c

+--- httpd-2.2.16/modules/ssl/ssl_engine_init.c	2010-07-12 20:47:45.000000000 +0200

++++ httpd-2.2.16-ecc/modules/ssl/ssl_engine_init.c	2011-01-04 21:56:05.611610901 +0100

+@@ -399,7 +399,11 @@

+      *  Check for problematic re-initializations

+      */

+     if (mctx->pks->certs[SSL_AIDX_RSA] ||

+-        mctx->pks->certs[SSL_AIDX_DSA])

++        mctx->pks->certs[SSL_AIDX_DSA]

++#ifndef OPENSSL_NO_EC

++      || mctx->pks->certs[SSL_AIDX_ECC]

++#endif

++        )

+     {

+         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,

+                 "Illegal attempt to re-initialise SSL for server "

+@@ -554,6 +558,9 @@

+ 

+     SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);

+     SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);

++#ifndef OPENSSL_NO_EC

++    SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH);

++#endif

+ 

+     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);

+ }

+@@ -821,9 +828,16 @@

+     ssl_asn1_t *asn1;

+     MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;

+     const char *type = ssl_asn1_keystr(idx);

+-    int pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;

++    int pkey_type;

+     EVP_PKEY *pkey;

+ 

++#ifndef OPENSSL_NO_EC

++    if (idx == SSL_AIDX_ECC)

++      pkey_type = EVP_PKEY_EC;

++    else

++#endif /* SSL_LIBRARY_VERSION */

++    pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;

++

+     if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) {

+         return FALSE;

+     }

+@@ -934,19 +948,39 @@

+                                   modssl_ctx_t *mctx)

+ {

+     const char *rsa_id, *dsa_id;

++#ifndef OPENSSL_NO_EC

++    const char *ecc_id;

++#endif

+     const char *vhost_id = mctx->sc->vhost_id;

+     int i;

+     int have_rsa, have_dsa;

++#ifndef OPENSSL_NO_EC

++    int have_ecc;

++#endif

+ 

+     rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);

+     dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);

++#ifndef OPENSSL_NO_EC

++    ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC);

++#endif

+ 

+     have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);

+     have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);

++#ifndef OPENSSL_NO_EC

++    have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC);

++#endif

+ 

+-    if (!(have_rsa || have_dsa)) {

++    if (!(have_rsa || have_dsa

++#ifndef OPENSSL_NO_EC

++        || have_ecc

++#endif

++)) {

+         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,

++#ifndef OPENSSL_NO_EC

++                "Oops, no RSA, DSA or ECC server certificate found "

++#else

+                 "Oops, no RSA or DSA server certificate found "

++#endif

+                 "for '%s:%d'?!", s->server_hostname, s->port);

+         ssl_die();

+     }

+@@ -957,10 +991,21 @@

+ 

+     have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);

+     have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);

++#ifndef OPENSSL_NO_EC

++    have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC);

++#endif

+ 

+-    if (!(have_rsa || have_dsa)) {

++    if (!(have_rsa || have_dsa

++#ifndef OPENSSL_NO_EC

++        || have_ecc

++#endif

++          )) {

+         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,

++#ifndef OPENSSL_NO_EC

++                "Oops, no RSA, DSA or ECC server private key found?!");

++#else

+                 "Oops, no RSA or DSA server private key found?!");

++#endif

+         ssl_die();

+     }

+ }

+diff -Naur httpd-2.2.16/modules/ssl/ssl_engine_kernel.c httpd-2.2.16-ecc/modules/ssl/ssl_engine_kernel.c

+--- httpd-2.2.16/modules/ssl/ssl_engine_kernel.c	2010-02-27 22:00:58.000000000 +0100

++++ httpd-2.2.16-ecc/modules/ssl/ssl_engine_kernel.c	2011-01-04 21:54:17.578477589 +0100

+@@ -1287,6 +1287,33 @@

+     return (DH *)mc->pTmpKeys[idx];

+ }

+ 

++#ifndef OPENSSL_NO_EC

++EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen)

++{

++    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);

++    SSLModConfigRec *mc = myModConfig(c->base_server);

++    int idx;

++    static EC_KEY *ecdh = NULL;

++    static init = 0;

++

++    /* XXX Uses 256-bit key for now. TODO: support other sizes. */

++    ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,

++                  "handing out temporary 256 bit ECC key");

++

++    if (init == 0) {

++        ecdh = EC_KEY_new();

++        if (ecdh != NULL) {

++            /* ecdh->group = EC_GROUP_new_by_nid(NID_secp160r2); */

++            EC_KEY_set_group(ecdh, 

++              EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));

++        }

++        init = 1;

++    }

++    

++    return ecdh;

++}

++#endif

++

+ /*

+  * This OpenSSL callback function is called when OpenSSL

+  * does client authentication and verifies the certificate chain.

+diff -Naur httpd-2.2.16/modules/ssl/ssl_private.h httpd-2.2.16-ecc/modules/ssl/ssl_private.h

+--- httpd-2.2.16/modules/ssl/ssl_private.h	2010-07-12 20:47:45.000000000 +0200

++++ httpd-2.2.16-ecc/modules/ssl/ssl_private.h	2011-01-04 21:54:17.577477597 +0100

+@@ -181,11 +181,21 @@

+ #define SSL_ALGO_UNKNOWN (0)

+ #define SSL_ALGO_RSA     (1<<0)

+ #define SSL_ALGO_DSA     (1<<1)

++#ifndef OPENSSL_NO_EC

++#define SSL_ALGO_ECC     (1<<2)

++#define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA|SSL_ALGO_ECC)

++#else

+ #define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA)

++#endif /* SSL_LIBRARY_VERSION */

+ 

+ #define SSL_AIDX_RSA     (0)

+ #define SSL_AIDX_DSA     (1)

++#ifndef OPENSSL_NO_EC

++#define SSL_AIDX_ECC     (2)

++#define SSL_AIDX_MAX     (3)

++#else

+ #define SSL_AIDX_MAX     (2)

++#endif /* SSL_LIBRARY_VERSION */

+ 

+ 

+ /**

+@@ -589,6 +599,9 @@

+ /**  OpenSSL callbacks */

+ RSA         *ssl_callback_TmpRSA(SSL *, int, int);

+ DH          *ssl_callback_TmpDH(SSL *, int, int);

++#ifndef OPENSSL_NO_EC

++EC_KEY      *ssl_callback_TmpECDH(SSL *, int, int);

++#endif /* SSL_LIBRARY_VERSION */

+ int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);

+ int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);

+ int          ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);

+diff -Naur httpd-2.2.16/modules/ssl/ssl_toolkit_compat.h httpd-2.2.16-ecc/modules/ssl/ssl_toolkit_compat.h

+--- httpd-2.2.16/modules/ssl/ssl_toolkit_compat.h	2010-07-12 20:47:45.000000000 +0200

++++ httpd-2.2.16-ecc/modules/ssl/ssl_toolkit_compat.h	2011-01-04 21:55:26.583924797 +0100

+@@ -38,6 +38,13 @@

+ #include <openssl/evp.h>

+ #include <openssl/rand.h>

+ #include <openssl/x509v3.h>

++

++

++/* ECC support came along in OpenSSL 1.0.0 */

++#if (OPENSSL_VERSION_NUMBER < 0x10000000)

++#define OPENSSL_NO_EC

++#endif

++

+ /** Avoid tripping over an engine build installed globally and detected

+  * when the user points at an explicit non-engine flavor of OpenSSL

+  */

+diff -Naur httpd-2.2.16/modules/ssl/ssl_util.c httpd-2.2.16-ecc/modules/ssl/ssl_util.c

+--- httpd-2.2.16/modules/ssl/ssl_util.c	2008-09-18 16:34:51.000000000 +0200

++++ httpd-2.2.16-ecc/modules/ssl/ssl_util.c	2011-01-04 21:54:17.578477589 +0100

+@@ -150,6 +150,11 @@

+             case EVP_PKEY_DSA:

+                 t = SSL_ALGO_DSA;

+                 break;

++#ifndef OPENSSL_NO_EC

++            case EVP_PKEY_EC:

++                t = SSL_ALGO_ECC;

++                break;

++#endif 

+             default:

+                 break;

+         }

+@@ -174,6 +179,11 @@

+         case SSL_ALGO_DSA:

+             cp = "DSA";

+             break;

++#ifndef OPENSSL_NO_EC

++        case SSL_ALGO_ECC:

++            cp = "ECC";

++            break;

++#endif

+         default:

+             break;

+     }

+@@ -245,7 +255,11 @@

+     apr_hash_set(table, key, klen, NULL);

+ }

+ 

++#ifndef OPENSSL_NO_EC

++static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"};

++#else

+ static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};

++#endif

+ 

+ const char *ssl_asn1_keystr(int keytype)

+ {