Attachment #21172 for bug #43931

View | Details | Raw Unified | Return to bug 43931
Collapse All | Expand All




                "SSL external Crypto Device usage "
                "(`builtin', `...')")
#endif
#if OPENSSL_VERSION_NUMBER >= 0x00907001
    SSL_CMD_SRV(OPENSSLconfig, FLAG,
                "OpenSSL autoconfig enable"
                "(`on', `off')")
    SSL_CMD_SRV(OPENSSLconfigfile, TAKE1,
                "OpenSSL autoconfig file name"
                "(`/path/to/file.cnf' - OpenSSL configuration file")
    SSL_CMD_SRV(OPENSSLconfigsection, TAKE1,
                "OpenSSL autoconfig section name")
#endif
    SSL_CMD_SRV(RandomSeed, TAKE23,
                "SSL Pseudo Random Number Generator (PRNG) seeding source "
                "(`startup|connect builtin|file:/path|exec:/path [bytes]')")

Lines 76-81 Link Here

(-)/home/steve/apache/ssl.orig/ssl_engine_config.c (+59 lines)
76	mc->szCryptoDevice = NULL;	76	mc->szCryptoDevice = NULL;
77	#endif	77	#endif
78		78
		79	#if OPENSSL_VERSION_NUMBER >= 0x00907001
		80	mc->OPENSSLconfig = FALSE;
		81	mc->OPENSSLconfigfile = NULL;
		82	mc->OPENSSLconfigsection = NULL;
		83	#endif
		84
79	memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys));	85	memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys));
80		86
81	apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,	87	apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,
Lines 663-668 Link Here
663		669
664	}	670	}
665		671
		672	#if OPENSSL_VERSION_NUMBER >= 0x00907001
		673	const char ssl_cmd_SSLOPENSSLconfig(cmd_parms cmd, void *dcfg, int flag)
		674	{
		675	SSLModConfigRec *mc = myModConfig(cmd->server);
		676	const char *err;
		677
		678	if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
		679	return err;
		680	}
		681
		682	mc->OPENSSLconfig = flag ? TRUE : FALSE;
		683
		684	return NULL;
		685	}
		686
		687	const char ssl_cmd_SSLOPENSSLconfigfile(cmd_parms cmd,
		688	void *dcfg,
		689	const char *arg)
		690	{
		691	SSLModConfigRec *mc = myModConfig(cmd->server);
		692	const char *err;
		693
		694	if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
		695	return err;
		696	}
		697
		698	if ((err = ssl_cmd_check_file(cmd, &arg))) {
		699	return err;
		700	}
		701
		702	mc->OPENSSLconfigfile = arg;
		703
		704	return NULL;
		705	}
		706
		707	const char ssl_cmd_SSLOPENSSLconfigsection(cmd_parms cmd,
		708	void *dcfg,
		709	const char *arg)
		710	{
		711	SSLModConfigRec *mc = myModConfig(cmd->server);
		712	const char *err;
		713
		714	if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
		715	return err;
		716	}
		717
		718	mc->OPENSSLconfigsection = arg;
		719
		720	return NULL;
		721	}
		722
		723	#endif
		724
666	const char ssl_cmd_SSLHonorCipherOrder(cmd_parms cmd, void *dcfg, int flag)	725	const char ssl_cmd_SSLHonorCipherOrder(cmd_parms cmd, void *dcfg, int flag)
667	{	726	{
668	#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE	727	#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE

Lines 214-219 Link Here

(-)/home/steve/apache/ssl.orig/ssl_engine_init.c (+25 lines)
214	ssl_util_thread_setup(p);	214	ssl_util_thread_setup(p);
215	#endif	215	#endif
216		216
		217	#if OPENSSL_VERSION_NUMBER >= 0x00907001
		218	/*
		219	* OpenSSL auto configuration support
		220	*/
		221	ssl_openssl_config(base_server, p);
		222	#endif
		223
217	/*	224	/*
218	* SSL external crypto device ("engine") support	225	* SSL external crypto device ("engine") support
219	*/	226	*/
Lines 291-296 Link Here
291	return OK;	298	return OK;
292	}	299	}
293		300
		301	#if OPENSSL_VERSION_NUMBER >= 0x00907001
		302	void ssl_openssl_config(server_rec s, apr_pool_t p)
		303	{
		304	SSLModConfigRec *mc = myModConfig(s);
		305	if (mc->OPENSSLconfig == TRUE) {
		306	if (CONF_modules_load_file(mc->OPENSSLconfigfile,
		307	mc->OPENSSLconfigsection ?
		308	mc->OPENSSLconfigsection :
		309	"apache_conf", 0) <= 0) {
		310	ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
		311	"Init: Failed to configure OpenSSL");
		312	ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
		313	ssl_die();
		314	}
		315	}
		316	}
		317	#endif
		318
294	/*	319	/*
295	* Support for external a Crypto Device ("engine"), usually	320	* Support for external a Crypto Device ("engine"), usually
296	* a hardware accellerator card for crypto operations.	321	* a hardware accellerator card for crypto operations.

Lines 371-376 Link Here

(-)/home/steve/apache/ssl.orig/ssl_private.h (+10 lines)
371	#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)	371	#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
372	const char *szCryptoDevice;	372	const char *szCryptoDevice;
373	#endif	373	#endif
		374	#if OPENSSL_VERSION_NUMBER >= 0x00907001
		375	/** OpenSSL auto config support */
		376	BOOL OPENSSLconfig;
		377	const char *OPENSSLconfigfile;
		378	const char *OPENSSLconfigsection;
		379	#endif
		380
374	struct {	381	struct {
375	void pV1, pV2, pV3, pV4, pV5, pV6, pV7, pV8, pV9, pV10;	382	void pV1, pV2, pV3, pV4, pV5, pV6, pV7, pV8, pV9, pV10;
376	} rCtx;	383	} rCtx;
Lines 493-498 Link Here
493	const char ssl_cmd_SSLCryptoDevice(cmd_parms , void , const char );	500	const char ssl_cmd_SSLCryptoDevice(cmd_parms , void , const char );
494	const char ssl_cmd_SSLRandomSeed(cmd_parms , void , const char , const char , const char );	501	const char ssl_cmd_SSLRandomSeed(cmd_parms , void , const char , const char , const char );
495	const char ssl_cmd_SSLEngine(cmd_parms , void , const char );	502	const char ssl_cmd_SSLEngine(cmd_parms , void , const char );
		503	const char ssl_cmd_SSLOPENSSLconfig(cmd_parms , void *, int);
		504	const char ssl_cmd_SSLOPENSSLconfigfile(cmd_parms , void , const char );
		505	const char ssl_cmd_SSLOPENSSLconfigsection(cmd_parms , void , const char );
496	const char ssl_cmd_SSLCipherSuite(cmd_parms , void , const char );	506	const char ssl_cmd_SSLCipherSuite(cmd_parms , void , const char );
497	const char ssl_cmd_SSLCertificateFile(cmd_parms , void , const char );	507	const char ssl_cmd_SSLCertificateFile(cmd_parms , void , const char );
498	const char ssl_cmd_SSLCertificateKeyFile(cmd_parms , void , const char );	508	const char ssl_cmd_SSLCertificateKeyFile(cmd_parms , void , const char );

Return to bug 43931

Lines 89-94 Link Here

(-)/home/steve/apache/ssl.orig/mod_ssl.c (+10 lines)
89	"SSL external Crypto Device usage "	89	"SSL external Crypto Device usage "
90	"(`builtin', `...')")	90	"(`builtin', `...')")
91	#endif	91	#endif
		92	#if OPENSSL_VERSION_NUMBER >= 0x00907001
		93	SSL_CMD_SRV(OPENSSLconfig, FLAG,
		94	"OpenSSL autoconfig enable"
		95	"(`on', `off')")
		96	SSL_CMD_SRV(OPENSSLconfigfile, TAKE1,
		97	"OpenSSL autoconfig file name"
		98	"(`/path/to/file.cnf' - OpenSSL configuration file")
		99	SSL_CMD_SRV(OPENSSLconfigsection, TAKE1,
		100	"OpenSSL autoconfig section name")
		101	#endif
92	SSL_CMD_SRV(RandomSeed, TAKE23,	102	SSL_CMD_SRV(RandomSeed, TAKE23,
93	"SSL Pseudo Random Number Generator (PRNG) seeding source "	103	"SSL Pseudo Random Number Generator (PRNG) seeding source "
94	"(`startup\|connect builtin\|file:/path\|exec:/path [bytes]')")	104	"(`startup\|connect builtin\|file:/path\|exec:/path [bytes]')")