apache 2.2.17 + ecc + noip
Hanno Böck

Hanno Böck commited on 2011-03-28 00:01:03
Zeige 4 geänderte Dateien mit 362 Einfügungen und 2 Löschungen.

... ...
@@ -1,5 +1,6 @@
1 1
 AUX apache-noip.diff 417 RMD160 8e16f7ff130cea52449a25aafbbdeb78919d9eae SHA1 7c19a0236e4eff23bee6e69ee6708a24529a974c SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc
2 2
 AUX apache-tlsext-workaround.diff 395 RMD160 c756f0e935e4392d44c57a202fd73af173b3b9b2 SHA1 f9619250609d4bd1bddc3e28e23f61cfedb93c09 SHA256 ee0b535bc401ae6b4028d4fa238198f067cacab936d69596c4d8b4ca1ea23619
3
+AUX httpd-2.2.16-ecc.diff 8236 RMD160 604f1124c168805b7702a6ca4a26ee7004fbab0b SHA1 3badbccc36c21710ef1c60f47963bcc631c00917 SHA256 e7fe97852875de06372d8413248fa20419946e2ab7de5198c93bffa6b5a68461
3 4
 AUX httpd-2.2.x-sni.diff 13866 RMD160 ae21ae0ebc2c0d263b5290d67aeefd56b145ed73 SHA1 b8b8dcc56e6a7bb5c07d95fa46683db4170dd7ba SHA256 092aaa998f2b15e6b89b0785c237ce3bb40d4bf188509fcf58470ce5731380e9
4 5
 DIST gentoo-apache-2.2.10-20081025.tar.bz2 60296 RMD160 bc6d9e05a5924cf104e0a07b18ab6c9da526a1dc SHA1 f3ea7bda13b57b9f622890b2d9288cb096472a96 SHA256 e7704ac9a645bb722d8063735c7de17a4041d76cc72244fc928a0a5ad1ee1ccd
5 6
 DIST gentoo-apache-2.2.11-20090101.tar.bz2 60721 RMD160 2a2342bcff3778f44ecb148c333da49f71b5ed57 SHA1 6bb963fa73bf2c26d89dc6b808454d1541f103db SHA256 88a24a6e600024386db5cfd704b11cd7a408ba6ef067a2ffe2dc0923993149ca
... ...
@@ -10,6 +11,7 @@ DIST gentoo-apache-2.2.14-20091006.tar.bz2 63730 RMD160 0aa9d8ef866114f65e1f7d7a
10 11
 DIST gentoo-apache-2.2.14-r1-20091008.tar.bz2 62359 RMD160 0e78de9a61265be2ef797e02bce0cf89f0a5fd2a SHA1 357316581f7d7d289655992216be6c5f5342f32c SHA256 99db378884b33af1c97713f63d92f0bb1d02eef6dc1f8f47a9addd258b3f7233
11 12
 DIST gentoo-apache-2.2.15-20100307.tar.bz2 63716 RMD160 aa16c46ec930c020820293b884876946b81bd476 SHA1 20fa102d6094d00d3c874b0b1df69d0ddcf34339 SHA256 b3c4ca6eed24ea82ff37bfa331403b09c94f3b2a8b5b1058761651c6824787c1
12 13
 DIST gentoo-apache-2.2.16-20100828.tar.bz2 63742 RMD160 c001f1f55099977c41b03346e449c95629f6b9be SHA1 bcb607199244948ffbb883aa36cabe54865ccfea SHA256 2820546adc7b3b3a38ae5173c75cab7ac42cc611570f0ffd814f833ee464f608
14
+DIST gentoo-apache-2.2.17-20110218.tar.bz2 62615 RMD160 05b57ab08e1938e5bf41ead2ce53c71c59303d60 SHA1 2a877d8269c3df5bb11f1a3c30953b38e8a17119 SHA256 8cc3cfe47d55877eaff15d6688d9ced1e7e54c93f012f4d84561d7ef7a3118ad
13 15
 DIST gentoo-apache-2.2.8-r3-20080601.tar.bz2 60383 RMD160 f7d662ac9bce6bcc0e0506503be166fdb7a95eba SHA1 1d87d6ed727a8b7074446a472eb46d2b1a9eb532 SHA256 bc1bdc87aab4cfc377e2016e69f715495097bf37c47112ac6d52929adf0fbc40
14 16
 DIST gentoo-apache-2.2.9-20080615.tar.bz2 60183 RMD160 924b6268324aa679b5ff624ece159dad323028aa SHA1 6c8e053a33a561df2417e718803b65f7ac55b640 SHA256 c3bb95e339d7bdfdcd3bd71927287843df0d34ad2740ddc7913cbb0200fc8072
15 17
 DIST httpd-2.2.10.tar.bz2 5068069 RMD160 30f240222a775efa14b104a2b8df1e1dc65f4b8a SHA1 3a71f4904e359603c3338b07a1178ddfacfaa8c6 SHA256 681d5787288e4e527877f415acce198be96ce7de0dc6e354646b1df4aae21383
... ...
@@ -19,6 +21,7 @@ DIST httpd-2.2.13.tar.bz2 5300199 RMD160 4a6a2247cc118175a9a36f1e14344ee71da2462
19 21
 DIST httpd-2.2.14.tar.bz2 5147171 RMD160 ff5077e444ba995475202bb3b9be733384c809d1 SHA1 eacd04c87b489231ae708c84a77dc8e9ee176fd2 SHA256 b2deab8a5e797fde7a04fb4a5ebfa9c80f767d064dd19dcd2857c94838ae3ac6
20 22
 DIST httpd-2.2.15.tar.bz2 4959582 RMD160 e5c5da1fdf86a6b0501f6c8e97ccb1982e81cfdf SHA1 5f0e973839ed2e38a4d03adba109ef5ce3381bc2 SHA256 5ae0c428e7abd87eecbac8564d90a7182104325bae7086c21db7b3a1e3140ca7
21 23
 DIST httpd-2.2.16.tar.bz2 4775545 RMD160 2e6d7d1dae40905be7fdd793140f62cf58112095 SHA1 ef92f5b3124fe5e9ba6121ea7f4bab8c014068f9 SHA256 9457d57a6bea15ce5bde83c88803c030953b99bdd0fbae65854adff527ed4c52
24
+DIST httpd-2.2.17.tar.bz2 4951247 RMD160 4a2f16f2891094d4176565fadf0e8fcadf7dbaff SHA1 5c9b44620dee449a86ba1bcba1715033c2c26b08 SHA256 868af11e3ed8fa9aade15241ea4f51971b3ef71104292ca2625ef2065e61fb04
22 25
 DIST httpd-2.2.8.tar.bz2 4799055 RMD160 0736ea9617bafaa1c8cd34ce4fc1c7a659afea57 SHA1 5074904435d3d942ce2dc96c44b07294b8eaca77 SHA256 2ad8d0db1e478838ba88a0ddaf538c7150027d937b017739fdcb3fabb96ebd39
23 26
 DIST httpd-2.2.9.tar.bz2 4943462 RMD160 8fd62ae78271aa0ded6ba2f5bfeea8c63b79060a SHA1 71715d81e7a5ace4499803df7369c78b85251083 SHA256 d76599fbcf8b3bcff2779f880fb10e4a2bc4af60f64232083c06863e40850b61
24 27
 EBUILD apache-2.2.10.ebuild 2845 RMD160 cc94372a6c8e59b9e184458ec3a6b8ab0dae4fae SHA1 5d2cd9424f57027d4bf38ba165dd0656795aa6a4 SHA256 ffd992a0c1e2d952aa6bf710ecc1d0b751b27b30e829bf644f9949aa71c5d0a7
... ...
@@ -29,6 +32,7 @@ EBUILD apache-2.2.13.ebuild 2580 RMD160 bd9bda9465e6c81268754510585579266480f4a3
29 32
 EBUILD apache-2.2.14-r1.ebuild 2405 RMD160 07fc0f1e8cb9d1af6b1d23c4d3c74771996d1466 SHA1 d6ea08fe65cf23d6219e6e1454dec296fb635d70 SHA256 f83dccdf8881bc797cd8aaf7360fa70caf7ed133dabd2fb2d871916d3b121a0d
30 33
 EBUILD apache-2.2.14.ebuild 2579 RMD160 1eba4a19660bf9904851200c85dd66e8b0a5009e SHA1 645e56d8e1dc006fe8c6d58b887358f6e9abb670 SHA256 69909743f060158d2deef73669fc2d8472f50dc1b8a166689c9e8dacc7572a47
31 34
 EBUILD apache-2.2.15.ebuild 2407 RMD160 585cccc67165f38f0eb6c30f576d61d1abd105bc SHA1 70bb1b480b71a25bc2081d7d4f3b6beacaadfd48 SHA256 819f76accae48caf4919dd3373b6fa3aac344cbfba4e3ff280e9a79723023b77
32
-EBUILD apache-2.2.16.ebuild 2416 RMD160 2cfa21f09f7c1a40a63be56b204d7c948214e9c8 SHA1 f16a0089102dace8184c839e1587c08a85a2dfb1 SHA256 5aa02250e5bc51deb9a2194fbdb101a32e6a522b2612dceecdb017c972342ac8
35
+EBUILD apache-2.2.16.ebuild 2474 RMD160 b5932b7fb8f535a04f3bbaf9914d762faa227376 SHA1 e128d51edff342e06454912b26b5bfae780201d7 SHA256 946feaa6a54d19e0d17acb277ab9e77173e62218a209cea4adb2f39f187fb8af
36
+EBUILD apache-2.2.17.ebuild 2800 RMD160 c2aa5d7da738e45373e0cc7339e413bad3557e5a SHA1 c6879641f80082b8f75b4f42a846874f556aee94 SHA256 83f31753eebda1c74392e74b3520475d227ffb31da41f4b2057e10b1401f3fe1
33 37
 EBUILD apache-2.2.8-r3.ebuild 5288 RMD160 096b8185d25c485fd2bd13c09de9de8b5e11dcc8 SHA1 5aff0c23059bb10346c1b2988f496becc28f3a19 SHA256 2cb835468f5968a42b86924909b50cdbd9e0c4e24f0fe30e8c547d82fe49e97a
34 38
 EBUILD apache-2.2.9.ebuild 2812 RMD160 91b5a44a2db30a6d85e3302bfe9dc16bfcbaf045 SHA1 764bb36273e23745f2ba2cb6a36184096c650f12 SHA256 1302cc772b0404fd65eb9ea7a970558ecc8b0861049a07e122dc95387d45b6e4
... ...
@@ -81,7 +81,7 @@ HOMEPAGE="http://httpd.apache.org/"
81 81
 LICENSE="Apache-2.0 Apache-1.1"
82 82
 SLOT="2"
83 83
 KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
84
-IUSE=""
84
+IUSE="ecc"
85 85
 
86 86
 DEPEND="${DEPEND}
87 87
 	>=dev-libs/openssl-0.9.8m
... ...
@@ -94,4 +94,5 @@ RDEPEND="${RDEPEND}
94 94
 src_prepare() {
95 95
 	apache-2_src_prepare
96 96
 	epatch "${FILESDIR}/apache-noip.diff"
97
+	use ecc && epatch "${FILESDIR}/httpd-2.2.16-ecc.diff"
97 98
 }
... ...
@@ -0,0 +1,106 @@
1
+# Copyright 1999-2011 Gentoo Foundation
2
+# Distributed under the terms of the GNU General Public License v2
3
+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.17.ebuild,v 1.2 2011/03/26 20:01:03 angelos Exp $
4
+
5
+# latest gentoo apache files
6
+GENTOO_PATCHSTAMP="20110218"
7
+GENTOO_DEVELOPER="hollow"
8
+# We want the patch from r0
9
+GENTOO_PATCHNAME="gentoo-${P}"
10
+
11
+# IUSE/USE_EXPAND magic
12
+IUSE_MPMS_FORK="itk peruser prefork"
13
+IUSE_MPMS_THREAD="event worker"
14
+
15
+IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
16
+authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
17
+authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
18
+charset_lite cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache dumpio
19
+env expires ext_filter file_cache filter headers ident imagemap include info
20
+log_config log_forensic logio mem_cache mime mime_magic negotiation proxy
21
+proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi rewrite
22
+reqtimeout setenvif speling status substitute unique_id userdir usertrack
23
+version vhost_alias"
24
+# The following are also in the source as of this version, but are not available
25
+# for user selection:
26
+# bucketeer case_filter case_filter_in echo http isapi optional_fn_export
27
+# optional_fn_import optional_hook_export optional_hook_import
28
+
29
+# inter-module dependencies
30
+# TODO: this may still be incomplete
31
+MODULE_DEPENDS="
32
+	dav_fs:dav
33
+	dav_lock:dav
34
+	deflate:filter
35
+	disk_cache:cache
36
+	ext_filter:filter
37
+	file_cache:cache
38
+	log_forensic:log_config
39
+	logio:log_config
40
+	mem_cache:cache
41
+	mime_magic:mime
42
+	proxy_ajp:proxy
43
+	proxy_balancer:proxy
44
+	proxy_connect:proxy
45
+	proxy_ftp:proxy
46
+	proxy_http:proxy
47
+	proxy_scgi:proxy
48
+	substitute:filter
49
+"
50
+
51
+# module<->define mappings
52
+MODULE_DEFINES="
53
+	auth_digest:AUTH_DIGEST
54
+	authnz_ldap:AUTHNZ_LDAP
55
+	cache:CACHE
56
+	dav:DAV
57
+	dav_fs:DAV
58
+	dav_lock:DAV
59
+	disk_cache:CACHE
60
+	file_cache:CACHE
61
+	info:INFO
62
+	ldap:LDAP
63
+	mem_cache:CACHE
64
+	proxy:PROXY
65
+	proxy_ajp:PROXY
66
+	proxy_balancer:PROXY
67
+	proxy_connect:PROXY
68
+	proxy_ftp:PROXY
69
+	proxy_http:PROXY
70
+	ssl:SSL
71
+	status:STATUS
72
+	suexec:SUEXEC
73
+	userdir:USERDIR
74
+"
75
+
76
+# critical modules for the default config
77
+MODULE_CRITICAL="
78
+	authz_host
79
+	dir
80
+	mime
81
+"
82
+
83
+inherit apache-2
84
+
85
+src_prepare() {
86
+	epatch "${FILESDIR}"/apache-noip.diff
87
+	epatch "${FILESDIR}"/httpd-2.2.16-ecc.diff
88
+	apache-2_src_prepare
89
+}
90
+
91
+DESCRIPTION="The Apache Web Server."
92
+HOMEPAGE="http://httpd.apache.org/"
93
+
94
+# some helper scripts are Apache-1.1, thus both are here
95
+LICENSE="Apache-2.0 Apache-1.1"
96
+SLOT="2"
97
+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
98
+IUSE=""
99
+
100
+DEPEND="${DEPEND}
101
+	>=dev-libs/openssl-0.9.8m
102
+	apache2_modules_deflate? ( sys-libs/zlib )"
103
+
104
+RDEPEND="${RDEPEND}
105
+	>=dev-libs/openssl-0.9.8m
106
+	apache2_modules_mime? ( app-misc/mime-types )"
... ...
@@ -0,0 +1,249 @@
1
+diff -Naur httpd-2.2.16/modules/ssl/mod_ssl.c httpd-2.2.16-ecc/modules/ssl/mod_ssl.c
2
+--- httpd-2.2.16/modules/ssl/mod_ssl.c	2010-07-12 20:47:45.000000000 +0200
3
++++ httpd-2.2.16-ecc/modules/ssl/mod_ssl.c	2011-01-04 21:54:17.587477515 +0100
4
+@@ -424,6 +424,9 @@
5
+      */
6
+     SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
7
+     SSL_set_tmp_dh_callback(ssl,  ssl_callback_TmpDH);
8
++#ifndef OPENSSL_NO_EC
9
++    SSL_set_tmp_ecdh_callback(ssl, ssl_callback_TmpECDH);
10
++#endif
11
+ 
12
+     SSL_set_verify_result(ssl, X509_V_OK);
13
+ 
14
+diff -Naur httpd-2.2.16/modules/ssl/ssl_engine_init.c httpd-2.2.16-ecc/modules/ssl/ssl_engine_init.c
15
+--- httpd-2.2.16/modules/ssl/ssl_engine_init.c	2010-07-12 20:47:45.000000000 +0200
16
++++ httpd-2.2.16-ecc/modules/ssl/ssl_engine_init.c	2011-01-04 21:56:05.611610901 +0100
17
+@@ -399,7 +399,11 @@
18
+      *  Check for problematic re-initializations
19
+      */
20
+     if (mctx->pks->certs[SSL_AIDX_RSA] ||
21
+-        mctx->pks->certs[SSL_AIDX_DSA])
22
++        mctx->pks->certs[SSL_AIDX_DSA]
23
++#ifndef OPENSSL_NO_EC
24
++      || mctx->pks->certs[SSL_AIDX_ECC]
25
++#endif
26
++        )
27
+     {
28
+         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
29
+                 "Illegal attempt to re-initialise SSL for server "
30
+@@ -554,6 +558,9 @@
31
+ 
32
+     SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
33
+     SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
34
++#ifndef OPENSSL_NO_EC
35
++    SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH);
36
++#endif
37
+ 
38
+     SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
39
+ }
40
+@@ -821,9 +828,16 @@
41
+     ssl_asn1_t *asn1;
42
+     MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;
43
+     const char *type = ssl_asn1_keystr(idx);
44
+-    int pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
45
++    int pkey_type;
46
+     EVP_PKEY *pkey;
47
+ 
48
++#ifndef OPENSSL_NO_EC
49
++    if (idx == SSL_AIDX_ECC)
50
++      pkey_type = EVP_PKEY_EC;
51
++    else
52
++#endif /* SSL_LIBRARY_VERSION */
53
++    pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
54
++
55
+     if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) {
56
+         return FALSE;
57
+     }
58
+@@ -934,19 +948,39 @@
59
+                                   modssl_ctx_t *mctx)
60
+ {
61
+     const char *rsa_id, *dsa_id;
62
++#ifndef OPENSSL_NO_EC
63
++    const char *ecc_id;
64
++#endif
65
+     const char *vhost_id = mctx->sc->vhost_id;
66
+     int i;
67
+     int have_rsa, have_dsa;
68
++#ifndef OPENSSL_NO_EC
69
++    int have_ecc;
70
++#endif
71
+ 
72
+     rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
73
+     dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
74
++#ifndef OPENSSL_NO_EC
75
++    ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC);
76
++#endif
77
+ 
78
+     have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
79
+     have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
80
++#ifndef OPENSSL_NO_EC
81
++    have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC);
82
++#endif
83
+ 
84
+-    if (!(have_rsa || have_dsa)) {
85
++    if (!(have_rsa || have_dsa
86
++#ifndef OPENSSL_NO_EC
87
++        || have_ecc
88
++#endif
89
++)) {
90
+         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
91
++#ifndef OPENSSL_NO_EC
92
++                "Oops, no RSA, DSA or ECC server certificate found "
93
++#else
94
+                 "Oops, no RSA or DSA server certificate found "
95
++#endif
96
+                 "for '%s:%d'?!", s->server_hostname, s->port);
97
+         ssl_die();
98
+     }
99
+@@ -957,10 +991,21 @@
100
+ 
101
+     have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
102
+     have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
103
++#ifndef OPENSSL_NO_EC
104
++    have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC);
105
++#endif
106
+ 
107
+-    if (!(have_rsa || have_dsa)) {
108
++    if (!(have_rsa || have_dsa
109
++#ifndef OPENSSL_NO_EC
110
++        || have_ecc
111
++#endif
112
++          )) {
113
+         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
114
++#ifndef OPENSSL_NO_EC
115
++                "Oops, no RSA, DSA or ECC server private key found?!");
116
++#else
117
+                 "Oops, no RSA or DSA server private key found?!");
118
++#endif
119
+         ssl_die();
120
+     }
121
+ }
122
+diff -Naur httpd-2.2.16/modules/ssl/ssl_engine_kernel.c httpd-2.2.16-ecc/modules/ssl/ssl_engine_kernel.c
123
+--- httpd-2.2.16/modules/ssl/ssl_engine_kernel.c	2010-02-27 22:00:58.000000000 +0100
124
++++ httpd-2.2.16-ecc/modules/ssl/ssl_engine_kernel.c	2011-01-04 21:54:17.578477589 +0100
125
+@@ -1287,6 +1287,33 @@
126
+     return (DH *)mc->pTmpKeys[idx];
127
+ }
128
+ 
129
++#ifndef OPENSSL_NO_EC
130
++EC_KEY *ssl_callback_TmpECDH(SSL *ssl, int export, int keylen)
131
++{
132
++    conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
133
++    SSLModConfigRec *mc = myModConfig(c->base_server);
134
++    int idx;
135
++    static EC_KEY *ecdh = NULL;
136
++    static init = 0;
137
++
138
++    /* XXX Uses 256-bit key for now. TODO: support other sizes. */
139
++    ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
140
++                  "handing out temporary 256 bit ECC key");
141
++
142
++    if (init == 0) {
143
++        ecdh = EC_KEY_new();
144
++        if (ecdh != NULL) {
145
++            /* ecdh->group = EC_GROUP_new_by_nid(NID_secp160r2); */
146
++            EC_KEY_set_group(ecdh, 
147
++              EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
148
++        }
149
++        init = 1;
150
++    }
151
++    
152
++    return ecdh;
153
++}
154
++#endif
155
++
156
+ /*
157
+  * This OpenSSL callback function is called when OpenSSL
158
+  * does client authentication and verifies the certificate chain.
159
+diff -Naur httpd-2.2.16/modules/ssl/ssl_private.h httpd-2.2.16-ecc/modules/ssl/ssl_private.h
160
+--- httpd-2.2.16/modules/ssl/ssl_private.h	2010-07-12 20:47:45.000000000 +0200
161
++++ httpd-2.2.16-ecc/modules/ssl/ssl_private.h	2011-01-04 21:54:17.577477597 +0100
162
+@@ -181,11 +181,21 @@
163
+ #define SSL_ALGO_UNKNOWN (0)
164
+ #define SSL_ALGO_RSA     (1<<0)
165
+ #define SSL_ALGO_DSA     (1<<1)
166
++#ifndef OPENSSL_NO_EC
167
++#define SSL_ALGO_ECC     (1<<2)
168
++#define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA|SSL_ALGO_ECC)
169
++#else
170
+ #define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA)
171
++#endif /* SSL_LIBRARY_VERSION */
172
+ 
173
+ #define SSL_AIDX_RSA     (0)
174
+ #define SSL_AIDX_DSA     (1)
175
++#ifndef OPENSSL_NO_EC
176
++#define SSL_AIDX_ECC     (2)
177
++#define SSL_AIDX_MAX     (3)
178
++#else
179
+ #define SSL_AIDX_MAX     (2)
180
++#endif /* SSL_LIBRARY_VERSION */
181
+ 
182
+ 
183
+ /**
184
+@@ -589,6 +599,9 @@
185
+ /**  OpenSSL callbacks */
186
+ RSA         *ssl_callback_TmpRSA(SSL *, int, int);
187
+ DH          *ssl_callback_TmpDH(SSL *, int, int);
188
++#ifndef OPENSSL_NO_EC
189
++EC_KEY      *ssl_callback_TmpECDH(SSL *, int, int);
190
++#endif /* SSL_LIBRARY_VERSION */
191
+ int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
192
+ int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
193
+ int          ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);
194
+diff -Naur httpd-2.2.16/modules/ssl/ssl_toolkit_compat.h httpd-2.2.16-ecc/modules/ssl/ssl_toolkit_compat.h
195
+--- httpd-2.2.16/modules/ssl/ssl_toolkit_compat.h	2010-07-12 20:47:45.000000000 +0200
196
++++ httpd-2.2.16-ecc/modules/ssl/ssl_toolkit_compat.h	2011-01-04 21:55:26.583924797 +0100
197
+@@ -38,6 +38,13 @@
198
+ #include <openssl/evp.h>
199
+ #include <openssl/rand.h>
200
+ #include <openssl/x509v3.h>
201
++
202
++
203
++/* ECC support came along in OpenSSL 1.0.0 */
204
++#if (OPENSSL_VERSION_NUMBER < 0x10000000)
205
++#define OPENSSL_NO_EC
206
++#endif
207
++
208
+ /** Avoid tripping over an engine build installed globally and detected
209
+  * when the user points at an explicit non-engine flavor of OpenSSL
210
+  */
211
+diff -Naur httpd-2.2.16/modules/ssl/ssl_util.c httpd-2.2.16-ecc/modules/ssl/ssl_util.c
212
+--- httpd-2.2.16/modules/ssl/ssl_util.c	2008-09-18 16:34:51.000000000 +0200
213
++++ httpd-2.2.16-ecc/modules/ssl/ssl_util.c	2011-01-04 21:54:17.578477589 +0100
214
+@@ -150,6 +150,11 @@
215
+             case EVP_PKEY_DSA:
216
+                 t = SSL_ALGO_DSA;
217
+                 break;
218
++#ifndef OPENSSL_NO_EC
219
++            case EVP_PKEY_EC:
220
++                t = SSL_ALGO_ECC;
221
++                break;
222
++#endif 
223
+             default:
224
+                 break;
225
+         }
226
+@@ -174,6 +179,11 @@
227
+         case SSL_ALGO_DSA:
228
+             cp = "DSA";
229
+             break;
230
++#ifndef OPENSSL_NO_EC
231
++        case SSL_ALGO_ECC:
232
++            cp = "ECC";
233
++            break;
234
++#endif
235
+         default:
236
+             break;
237
+     }
238
+@@ -245,7 +255,11 @@
239
+     apr_hash_set(table, key, klen, NULL);
240
+ }
241
+ 
242
++#ifndef OPENSSL_NO_EC
243
++static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"};
244
++#else
245
+ static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
246
++#endif
247
+ 
248
+ const char *ssl_asn1_keystr(int keytype)
249
+ {
0 250