apache ebuild update
Hanno Böck

Hanno Böck commited on 2008-12-24 11:15:33
Zeige 3 geänderte Dateien mit 497 Einfügungen und 0 Löschungen.

... ...
@@ -1,7 +1,11 @@
1 1
 AUX apache-noip.diff 417 RMD160 8e16f7ff130cea52449a25aafbbdeb78919d9eae SHA1 7c19a0236e4eff23bee6e69ee6708a24529a974c SHA256 c9ed84fec20e69f711600261a395a3d4b3ae2685318f6354c4d2ebd01c0ec4cc
2
+AUX httpd-2.2.x-sni.diff 13866 RMD160 ae21ae0ebc2c0d263b5290d67aeefd56b145ed73 SHA1 b8b8dcc56e6a7bb5c07d95fa46683db4170dd7ba SHA256 092aaa998f2b15e6b89b0785c237ce3bb40d4bf188509fcf58470ce5731380e9
3
+DIST gentoo-apache-2.2.10-20081025.tar.bz2 60296 RMD160 bc6d9e05a5924cf104e0a07b18ab6c9da526a1dc SHA1 f3ea7bda13b57b9f622890b2d9288cb096472a96 SHA256 e7704ac9a645bb722d8063735c7de17a4041d76cc72244fc928a0a5ad1ee1ccd
2 4
 DIST gentoo-apache-2.2.8-r3-20080601.tar.bz2 60383 RMD160 f7d662ac9bce6bcc0e0506503be166fdb7a95eba SHA1 1d87d6ed727a8b7074446a472eb46d2b1a9eb532 SHA256 bc1bdc87aab4cfc377e2016e69f715495097bf37c47112ac6d52929adf0fbc40
3 5
 DIST gentoo-apache-2.2.9-20080615.tar.bz2 60183 RMD160 924b6268324aa679b5ff624ece159dad323028aa SHA1 6c8e053a33a561df2417e718803b65f7ac55b640 SHA256 c3bb95e339d7bdfdcd3bd71927287843df0d34ad2740ddc7913cbb0200fc8072
6
+DIST httpd-2.2.10.tar.bz2 5068069 RMD160 30f240222a775efa14b104a2b8df1e1dc65f4b8a SHA1 3a71f4904e359603c3338b07a1178ddfacfaa8c6 SHA256 681d5787288e4e527877f415acce198be96ce7de0dc6e354646b1df4aae21383
4 7
 DIST httpd-2.2.8.tar.bz2 4799055 RMD160 0736ea9617bafaa1c8cd34ce4fc1c7a659afea57 SHA1 5074904435d3d942ce2dc96c44b07294b8eaca77 SHA256 2ad8d0db1e478838ba88a0ddaf538c7150027d937b017739fdcb3fabb96ebd39
5 8
 DIST httpd-2.2.9.tar.bz2 4943462 RMD160 8fd62ae78271aa0ded6ba2f5bfeea8c63b79060a SHA1 71715d81e7a5ace4499803df7369c78b85251083 SHA256 d76599fbcf8b3bcff2779f880fb10e4a2bc4af60f64232083c06863e40850b61
9
+EBUILD apache-2.2.10.ebuild 2846 RMD160 eb8e7cfab1c7d8b1645edc89ab06bf953154f0dc SHA1 2d803be5b1c587ac45cfd1c6a538b5054ca47520 SHA256 6132bb63d6e20a6dd67d1ca20caa558e6daf6f90f7c869f0e51eccfe6d140161
6 10
 EBUILD apache-2.2.8-r3.ebuild 5288 RMD160 096b8185d25c485fd2bd13c09de9de8b5e11dcc8 SHA1 5aff0c23059bb10346c1b2988f496becc28f3a19 SHA256 2cb835468f5968a42b86924909b50cdbd9e0c4e24f0fe30e8c547d82fe49e97a
7 11
 EBUILD apache-2.2.9.ebuild 2812 RMD160 91b5a44a2db30a6d85e3302bfe9dc16bfcbaf045 SHA1 764bb36273e23745f2ba2cb6a36184096c650f12 SHA256 1302cc772b0404fd65eb9ea7a970558ecc8b0861049a07e122dc95387d45b6e4
... ...
@@ -0,0 +1,113 @@
1
+# Copyright 1999-2008 Gentoo Foundation
2
+# Distributed under the terms of the GNU General Public License v2
3
+# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.10.ebuild,v 1.1 2008/10/25 14:42:49 hollow Exp $
4
+
5
+# latest gentoo apache files
6
+GENTOO_PATCHSTAMP="20081025"
7
+GENTOO_DEVELOPER="hollow"
8
+
9
+# IUSE/USE_EXPAND magic
10
+IUSE_MPMS_FORK="itk peruser prefork"
11
+IUSE_MPMS_THREAD="event worker"
12
+
13
+IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
14
+authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
15
+authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
16
+charset_lite dav dav_fs dav_lock dbd deflate dir disk_cache dumpio env expires
17
+ext_filter file_cache filter headers ident imagemap include info log_config
18
+log_forensic logio mem_cache mime mime_magic negotiation proxy proxy_ajp
19
+proxy_balancer proxy_connect proxy_ftp proxy_http rewrite setenvif speling
20
+status substitute unique_id userdir usertrack version vhost_alias"
21
+
22
+# inter-module dependencies
23
+# TODO: this may still be incomplete
24
+MODULE_DEPENDS="
25
+	dav_fs:dav
26
+	dav_lock:dav
27
+	deflate:filter
28
+	disk_cache:cache
29
+	ext_filter:filter
30
+	file_cache:cache
31
+	log_forensic:log_config
32
+	logio:log_config
33
+	mem_cache:cache
34
+	mime_magic:mime
35
+	proxy_ajp:proxy
36
+	proxy_balancer:proxy
37
+	proxy_connect:proxy
38
+	proxy_ftp:proxy
39
+	proxy_http:proxy
40
+	substitute:filter
41
+"
42
+
43
+# module<->define mappings
44
+MODULE_DEFINES="
45
+	auth_digest:AUTH_DIGEST
46
+	authnz_ldap:AUTHNZ_LDAP
47
+	cache:CACHE
48
+	dav:DAV
49
+	dav_fs:DAV
50
+	dav_lock:DAV
51
+	disk_cache:CACHE
52
+	file_cache:CACHE
53
+	info:INFO
54
+	ldap:LDAP
55
+	mem_cache:CACHE
56
+	proxy:PROXY
57
+	proxy_ajp:PROXY
58
+	proxy_balancer:PROXY
59
+	proxy_connect:PROXY
60
+	proxy_ftp:PROXY
61
+	proxy_http:PROXY
62
+	ssl:SSL
63
+	status:STATUS
64
+	suexec:SUEXEC
65
+	userdir:USERDIR
66
+"
67
+
68
+# critical modules for the default config
69
+MODULE_CRITICAL="
70
+	authz_host
71
+	dir
72
+	mime
73
+"
74
+
75
+inherit apache-2
76
+
77
+DESCRIPTION="The Apache Web Server."
78
+HOMEPAGE="http://httpd.apache.org/"
79
+
80
+# some helper scripts are Apache-1.1, thus both are here
81
+LICENSE="Apache-2.0 Apache-1.1"
82
+SLOT="2"
83
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
84
+IUSE="sni"
85
+
86
+DEPEND="${DEPEND}
87
+	apache2_modules_deflate? ( sys-libs/zlib )"
88
+
89
+RDEPEND="${RDEPEND}
90
+	apache2_modules_mime? ( app-misc/mime-types )"
91
+
92
+src_unpack() {
93
+	EPATCH_EXCLUDE="04_all_mod_ssl_tls_sni.patch"
94
+
95
+	apache-2_src_unpack
96
+
97
+	cd "${S}"
98
+	epatch "${FILESDIR}/apache-noip.diff" || die
99
+	epatch "${FILESDIR}/httpd-2.2.x-sni.diff" || die
100
+
101
+}
102
+
103
+pkg_preinst() {
104
+	# note regarding IfDefine changes
105
+	if has_version "<${CATEGORY}/${PN}-2.2.6-r1"; then
106
+		elog
107
+		elog "When upgrading from versions 2.2.6 or earlier, please be aware"
108
+		elog "that the define for mod_authnz_ldap has changed from AUTH_LDAP"
109
+		elog "to AUTHNZ_LDAP. Additionally mod_auth_digest needs to be enabled"
110
+		elog "with AUTH_DIGEST now."
111
+		elog
112
+	fi
113
+}
... ...
@@ -0,0 +1,380 @@
1
+# httpd-2.2.x-sni.patch - server name indication support for Apache 2.2
2
+# (see RFC 4366, "Transport Layer Security (TLS) Extensions")
3
+
4
+# based on a patch from the EdelKey project
5
+# (http://www.edelweb.fr/EdelKey/files/apache-2.2.0+0.9.9+servername.patch)
6
+
7
+# Needs openssl-SNAP-20060330 / OpenSSL 0.9.8f or later
8
+# to work properly (ftp://ftp.openssl.org/snapshot/). The 0.9.8 versions
9
+# must be configured explicitly for TLS extension support at compile time
10
+# ("./config enable-tlsext").
11
+
12
+Index: httpd-2.2.x/modules/ssl/ssl_private.h
13
+===================================================================
14
+--- httpd-2.2.x/modules/ssl/ssl_private.h	(revision 663014)
15
++++ httpd-2.2.x/modules/ssl/ssl_private.h	(working copy)
16
+@@ -35,6 +35,7 @@
17
+ #include "http_connection.h"
18
+ #include "http_request.h"
19
+ #include "http_protocol.h"
20
++#include "http_vhost.h"
21
+ #include "util_script.h"
22
+ #include "util_filter.h"
23
+ #include "util_ebcdic.h"
24
+@@ -555,6 +556,9 @@ int          ssl_callback_NewSessionCach
25
+ SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
26
+ void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
27
+ void         ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int);
28
++#ifndef OPENSSL_NO_TLSEXT
29
++int          ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
30
++#endif
31
+ 
32
+ /**  Session Cache Support  */
33
+ void         ssl_scache_init(server_rec *, apr_pool_t *);
34
+Index: httpd-2.2.x/modules/ssl/ssl_engine_init.c
35
+===================================================================
36
+--- httpd-2.2.x/modules/ssl/ssl_engine_init.c	(revision 663014)
37
++++ httpd-2.2.x/modules/ssl/ssl_engine_init.c	(working copy)
38
+@@ -355,6 +355,33 @@ static void ssl_init_server_check(server
39
+     }
40
+ }
41
+ 
42
++#ifndef OPENSSL_NO_TLSEXT
43
++static void ssl_init_ctx_tls_extensions(server_rec *s,
44
++                                        apr_pool_t *p,
45
++                                        apr_pool_t *ptemp,
46
++                                        modssl_ctx_t *mctx)
47
++{
48
++    /*
49
++     * Configure TLS extensions support
50
++     */
51
++    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
52
++                 "Configuring TLS extension handling");
53
++
54
++    /*
55
++     * Server name indication (SNI)
56
++     */
57
++    if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx,
58
++                          ssl_callback_ServerNameIndication) ||
59
++        !SSL_CTX_set_tlsext_servername_arg(mctx->ssl_ctx, mctx)) {
60
++        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
61
++                     "Unable to initialize TLS servername extension "
62
++                     "callback (incompatible OpenSSL version?)");
63
++        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
64
++        ssl_die();
65
++    }
66
++}
67
++#endif
68
++
69
+ static void ssl_init_ctx_protocol(server_rec *s,
70
+                                   apr_pool_t *p,
71
+                                   apr_pool_t *ptemp,
72
+@@ -687,6 +714,9 @@ static void ssl_init_ctx(server_rec *s,
73
+     if (mctx->pks) {
74
+         /* XXX: proxy support? */
75
+         ssl_init_ctx_cert_chain(s, p, ptemp, mctx);
76
++#ifndef OPENSSL_NO_TLSEXT
77
++        ssl_init_ctx_tls_extensions(s, p, ptemp, mctx);
78
++#endif
79
+     }
80
+ }
81
+ 
82
+@@ -1036,9 +1066,19 @@ void ssl_init_CheckServers(server_rec *b
83
+         klen = strlen(key);
84
+ 
85
+         if ((ps = (server_rec *)apr_hash_get(table, key, klen))) {
86
+-            ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
87
++            ap_log_error(APLOG_MARK, 
88
++#ifdef OPENSSL_NO_TLSEXT
89
++                         APLOG_WARNING, 
90
++#else
91
++                         APLOG_DEBUG, 
92
++#endif
93
++                         0,
94
+                          base_server,
95
++#ifdef OPENSSL_NO_TLSEXT
96
+                          "Init: SSL server IP/port conflict: "
97
++#else
98
++                         "Init: SSL server IP/port overlap: "
99
++#endif
100
+                          "%s (%s:%d) vs. %s (%s:%d)",
101
+                          ssl_util_vhostid(p, s),
102
+                          (s->defn_name ? s->defn_name : "unknown"),
103
+@@ -1055,8 +1095,14 @@ void ssl_init_CheckServers(server_rec *b
104
+ 
105
+     if (conflict) {
106
+         ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server,
107
++#ifdef OPENSSL_NO_TLSEXT
108
+                      "Init: You should not use name-based "
109
+                      "virtual hosts in conjunction with SSL!!");
110
++#else
111
++                     "Init: Name-based SSL virtual hosts only "
112
++                     "work for clients with TLS server name indication "
113
++                     "support (RFC 4366)");
114
++#endif
115
+     }
116
+ }
117
+ 
118
+Index: httpd-2.2.x/modules/ssl/ssl_engine_vars.c
119
+===================================================================
120
+--- httpd-2.2.x/modules/ssl/ssl_engine_vars.c	(revision 663014)
121
++++ httpd-2.2.x/modules/ssl/ssl_engine_vars.c	(working copy)
122
+@@ -320,6 +320,12 @@ static char *ssl_var_lookup_ssl(apr_pool
123
+     else if (ssl != NULL && strcEQ(var, "COMPRESS_METHOD")) {
124
+         result = ssl_var_lookup_ssl_compress_meth(ssl);
125
+     }
126
++#ifndef OPENSSL_NO_TLSEXT
127
++    else if (ssl != NULL && strcEQ(var, "TLS_SNI")) {
128
++        result = apr_pstrdup(p, SSL_get_servername(ssl,
129
++                                                   TLSEXT_NAMETYPE_host_name));
130
++    }
131
++#endif
132
+     return result;
133
+ }
134
+ 
135
+Index: httpd-2.2.x/modules/ssl/ssl_engine_kernel.c
136
+===================================================================
137
+--- httpd-2.2.x/modules/ssl/ssl_engine_kernel.c	(revision 663014)
138
++++ httpd-2.2.x/modules/ssl/ssl_engine_kernel.c	(working copy)
139
+@@ -31,6 +31,9 @@
140
+ #include "ssl_private.h"
141
+ 
142
+ static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
143
++#ifndef OPENSSL_NO_TLSEXT
144
++static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s);
145
++#endif
146
+ 
147
+ /*
148
+  *  Post Read Request Handler
149
+@@ -39,6 +42,9 @@ int ssl_hook_ReadReq(request_rec *r)
150
+ {
151
+     SSLConnRec *sslconn = myConnConfig(r->connection);
152
+     SSL *ssl;
153
++#ifndef OPENSSL_NO_TLSEXT
154
++    const char *servername;
155
++#endif
156
+ 
157
+     if (!sslconn) {
158
+         return DECLINED;
159
+@@ -87,6 +93,14 @@ int ssl_hook_ReadReq(request_rec *r)
160
+     if (!ssl) {
161
+         return DECLINED;
162
+     }
163
++#ifndef OPENSSL_NO_TLSEXT
164
++    if (!r->hostname &&
165
++        (servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
166
++        /* Use the SNI extension as the hostname if no Host: header was sent */
167
++        r->hostname = apr_pstrdup(r->pool, servername);
168
++        ap_update_vhost_from_headers(r);
169
++    }
170
++#endif
171
+     SSL_set_app_data2(ssl, r);
172
+ 
173
+     /*
174
+@@ -353,6 +367,11 @@ int ssl_hook_Access(request_rec *r)
175
+      * currently active/remembered verify depth (because this means more
176
+      * restriction on the certificate chain).
177
+      */
178
++    if ((sc->server->auth.verify_depth != UNSET) &&
179
++        (dc->nVerifyDepth == UNSET)) {
180
++        /* apply per-vhost setting, if per-directory config is not set */
181
++        dc->nVerifyDepth = sc->server->auth.verify_depth;
182
++    }
183
+     if (dc->nVerifyDepth != UNSET) {
184
+         /* XXX: doesnt look like sslconn->verify_depth is actually used */
185
+         if (!(n = sslconn->verify_depth)) {
186
+@@ -382,6 +401,11 @@ int ssl_hook_Access(request_rec *r)
187
+      * verification but at least skip the I/O-intensive renegotation
188
+      * handshake.
189
+      */
190
++    if ((sc->server->auth.verify_mode != SSL_CVERIFY_UNSET) &&
191
++        (dc->nVerifyClient == SSL_CVERIFY_UNSET)) {
192
++        /* apply per-vhost setting, if per-directory config is not set */
193
++        dc->nVerifyClient = sc->server->auth.verify_mode;
194
++    }
195
+     if (dc->nVerifyClient != SSL_CVERIFY_UNSET) {
196
+         /* remember old state */
197
+         verify_old = SSL_get_verify_mode(ssl);
198
+@@ -997,6 +1021,9 @@ int ssl_hook_Fixup(request_rec *r)
199
+     SSLDirConfigRec *dc = myDirConfig(r);
200
+     apr_table_t *env = r->subprocess_env;
201
+     char *var, *val = "";
202
++#ifndef OPENSSL_NO_TLSEXT
203
++    const char *servername;
204
++#endif
205
+     STACK_OF(X509) *peer_certs;
206
+     SSL *ssl;
207
+     int i;
208
+@@ -1018,6 +1045,13 @@ int ssl_hook_Fixup(request_rec *r)
209
+     /* the always present HTTPS (=HTTP over SSL) flag! */
210
+     apr_table_setn(env, "HTTPS", "on");
211
+ 
212
++#ifndef OPENSSL_NO_TLSEXT
213
++    /* add content of SNI TLS extension (if supplied with ClientHello) */
214
++    if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
215
++        apr_table_set(env, "SSL_TLS_SNI", servername);
216
++    }
217
++#endif
218
++
219
+     /* standard SSL environment variables */
220
+     if (dc->nOptions & SSL_OPT_STDENVVARS) {
221
+         for (i = 0; ssl_hook_Fixup_vars[i]; i++) {
222
+@@ -1810,3 +1844,141 @@ void ssl_callback_LogTracingState(MODSSL
223
+     }
224
+ }
225
+ 
226
++#ifndef OPENSSL_NO_TLSEXT
227
++/*
228
++ * This callback function is executed when OpenSSL encounters an extended
229
++ * client hello with a server name indication extension ("SNI", cf. RFC 4366).
230
++ */
231
++int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx)
232
++{
233
++    const char *servername =
234
++                SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
235
++
236
++    if (servername) {
237
++        conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
238
++        if (c) {
239
++            if (ap_vhost_iterate_given_conn(c, ssl_find_vhost,
240
++                                            (void *)servername)) {
241
++                ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
242
++                              "SSL virtual host for servername %s found",
243
++                              servername);
244
++                return SSL_TLSEXT_ERR_OK;
245
++            }
246
++            else {
247
++                ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
248
++                              "No matching SSL virtual host for servername "
249
++                              "%s found (using default/first virtual host)",
250
++                              servername);
251
++                return SSL_TLSEXT_ERR_ALERT_WARNING;
252
++            }
253
++        }
254
++    }
255
++
256
++    return SSL_TLSEXT_ERR_NOACK;
257
++}
258
++
259
++/*
260
++ * Find a (name-based) SSL virtual host where either the ServerName
261
++ * or one of the ServerAliases matches the supplied name (to be used
262
++ * with ap_vhost_iterate_given_conn())
263
++ */
264
++static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s) 
265
++{
266
++    SSLSrvConfigRec *sc;
267
++    SSL *ssl;
268
++    BOOL found = FALSE;
269
++    apr_array_header_t *names;
270
++    int i;
271
++
272
++    /* check ServerName */
273
++    if (!strcasecmp(servername, s->server_hostname)) {
274
++        found = TRUE;
275
++    }
276
++
277
++    /* 
278
++     * if not matched yet, check ServerAlias entries
279
++     * (adapted from vhost.c:matches_aliases())
280
++     */
281
++    if (!found) {
282
++        names = s->names;
283
++        if (names) {
284
++            char **name = (char **)names->elts;
285
++            for (i = 0; i < names->nelts; ++i) {
286
++                if (!name[i])
287
++                    continue;
288
++                if (!strcasecmp(servername, name[i])) {
289
++                    found = TRUE;
290
++                    break;
291
++                }
292
++            }
293
++        }
294
++    }
295
++
296
++    /* if still no match, check ServerAlias entries with wildcards */
297
++    if (!found) {
298
++        names = s->wild_names;
299
++        if (names) {
300
++            char **name = (char **)names->elts;
301
++            for (i = 0; i < names->nelts; ++i) {
302
++                if (!name[i])
303
++                    continue;
304
++                if (!ap_strcasecmp_match(servername, name[i])) {
305
++                    found = TRUE;
306
++                    break;
307
++                }
308
++            }
309
++        }
310
++    }
311
++
312
++    /* set SSL_CTX (if matched) */
313
++    if (found && (ssl = ((SSLConnRec *)myConnConfig(c))->ssl) &&
314
++        (sc = mySrvConfig(s))) {
315
++        SSL_set_SSL_CTX(ssl, sc->server->ssl_ctx);
316
++        /*
317
++         * SSL_set_SSL_CTX() only deals with the server cert,
318
++         * so we need to duplicate a few additional settings
319
++         * from the ctx by hand
320
++         */
321
++        SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx));
322
++        if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
323
++            (SSL_num_renegotiations(ssl) == 0)) {
324
++           /*
325
++            * Only initialize the verification settings from the ctx
326
++            * if they are not yet set, or if we're called when a new
327
++            * SSL connection is set up (num_renegotiations == 0).
328
++            * Otherwise, we would possibly reset a per-directory
329
++            * configuration which was put into effect by ssl_hook_Access.
330
++            */
331
++            SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),
332
++                           SSL_CTX_get_verify_callback(ssl->ctx));
333
++        }
334
++
335
++        /*
336
++         * We also need to make sure that the correct mctx
337
++         * (accessed through the c->base_server->module_config vector)
338
++         * is assigned to the connection - the CRL callback e.g.
339
++         * makes use of it for retrieving its store (mctx->crl).
340
++         * Since logging in callbacks uses c->base_server in many
341
++         * cases, it also ensures that these messages are routed
342
++         * to the proper log.
343
++         */
344
++        c->base_server = s;
345
++
346
++        /*
347
++         * There is one special filter callback, which is set
348
++         * very early depending on the base_server's log level.
349
++         * If this is not the first vhost we're now selecting
350
++         * (and the first vhost doesn't use APLOG_DEBUG), then
351
++         * we need to set that callback here.
352
++         */
353
++        if (c->base_server->loglevel >= APLOG_DEBUG) {
354
++            BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
355
++            BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
356
++        }
357
++
358
++        return 1;
359
++    }
360
++
361
++    return 0;
362
++}
363
++#endif
364
+Index: httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h
365
+===================================================================
366
+--- httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h	(revision 663014)
367
++++ httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h	(working copy)
368
+@@ -264,6 +264,12 @@ typedef void (*modssl_popfree_fn)(char *
369
+ #define SSL_SESS_CACHE_NO_INTERNAL  SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
370
+ #endif
371
+ 
372
++#ifndef OPENSSL_NO_TLSEXT
373
++#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
374
++#define OPENSSL_NO_TLSEXT
375
++#endif
376
++#endif
377
++
378
+ #endif /* SSL_TOOLKIT_COMPAT_H */
379
+ 
380
+ /** @} */
0 381