ASF Bugzilla – Attachment 21172 Details for
Bug 43931
OpenSSL autoconfig support for mod_ssl
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
OpenSSL autoconfig support patch
config.diff (text/plain), 5.85 KB, created by
Dr Stephen Henson
on 2007-11-21 09:56:32 UTC
(
hide
)
Description:
OpenSSL autoconfig support patch
Filename:
MIME Type:
Creator:
Dr Stephen Henson
Created:
2007-11-21 09:56:32 UTC
Size:
5.85 KB
patch
obsolete
>diff --exclude dodiff --exclude '*.l*' --exclude Makefile --exclude modules.mk --exclude stapling.diff -urN /home/steve/apache/ssl.orig/mod_ssl.c ./mod_ssl.c >--- /home/steve/apache/ssl.orig/mod_ssl.c 2006-07-23 12:11:58.000000000 +0100 >+++ ./mod_ssl.c 2007-11-19 18:54:05.000000000 +0000 >@@ -89,6 +89,16 @@ > "SSL external Crypto Device usage " > "(`builtin', `...')") > #endif >+#if OPENSSL_VERSION_NUMBER >= 0x00907001 >+ SSL_CMD_SRV(OPENSSLconfig, FLAG, >+ "OpenSSL autoconfig enable" >+ "(`on', `off')") >+ SSL_CMD_SRV(OPENSSLconfigfile, TAKE1, >+ "OpenSSL autoconfig file name" >+ "(`/path/to/file.cnf' - OpenSSL configuration file") >+ SSL_CMD_SRV(OPENSSLconfigsection, TAKE1, >+ "OpenSSL autoconfig section name") >+#endif > SSL_CMD_SRV(RandomSeed, TAKE23, > "SSL Pseudo Random Number Generator (PRNG) seeding source " > "(`startup|connect builtin|file:/path|exec:/path [bytes]')") >diff --exclude dodiff --exclude '*.l*' --exclude Makefile --exclude modules.mk --exclude stapling.diff -urN /home/steve/apache/ssl.orig/ssl_engine_config.c ./ssl_engine_config.c >--- /home/steve/apache/ssl.orig/ssl_engine_config.c 2006-07-23 12:11:58.000000000 +0100 >+++ ./ssl_engine_config.c 2007-11-20 01:32:37.000000000 +0000 >@@ -76,6 +76,12 @@ > mc->szCryptoDevice = NULL; > #endif > >+#if OPENSSL_VERSION_NUMBER >= 0x00907001 >+ mc->OPENSSLconfig = FALSE; >+ mc->OPENSSLconfigfile = NULL; >+ mc->OPENSSLconfigsection = NULL; >+#endif >+ > memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys)); > > apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY, >@@ -663,6 +669,59 @@ > > } > >+#if OPENSSL_VERSION_NUMBER >= 0x00907001 >+const char *ssl_cmd_SSLOPENSSLconfig(cmd_parms *cmd, void *dcfg, int flag) >+{ >+ SSLModConfigRec *mc = myModConfig(cmd->server); >+ const char *err; >+ >+ if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { >+ return err; >+ } >+ >+ mc->OPENSSLconfig = flag ? TRUE : FALSE; >+ >+ return NULL; >+} >+ >+const char *ssl_cmd_SSLOPENSSLconfigfile(cmd_parms *cmd, >+ void *dcfg, >+ const char *arg) >+{ >+ SSLModConfigRec *mc = myModConfig(cmd->server); >+ const char *err; >+ >+ if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { >+ return err; >+ } >+ >+ if ((err = ssl_cmd_check_file(cmd, &arg))) { >+ return err; >+ } >+ >+ mc->OPENSSLconfigfile = arg; >+ >+ return NULL; >+} >+ >+const char *ssl_cmd_SSLOPENSSLconfigsection(cmd_parms *cmd, >+ void *dcfg, >+ const char *arg) >+{ >+ SSLModConfigRec *mc = myModConfig(cmd->server); >+ const char *err; >+ >+ if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { >+ return err; >+ } >+ >+ mc->OPENSSLconfigsection = arg; >+ >+ return NULL; >+} >+ >+#endif >+ > const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag) > { > #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE >diff --exclude dodiff --exclude '*.l*' --exclude Makefile --exclude modules.mk --exclude stapling.diff -urN /home/steve/apache/ssl.orig/ssl_engine_init.c ./ssl_engine_init.c >--- /home/steve/apache/ssl.orig/ssl_engine_init.c 2007-09-04 12:44:14.000000000 +0100 >+++ ./ssl_engine_init.c 2007-11-20 01:30:15.000000000 +0000 >@@ -214,6 +214,13 @@ > ssl_util_thread_setup(p); > #endif > >+#if OPENSSL_VERSION_NUMBER >= 0x00907001 >+ /* >+ * OpenSSL auto configuration support >+ */ >+ ssl_openssl_config(base_server, p); >+#endif >+ > /* > * SSL external crypto device ("engine") support > */ >@@ -291,6 +298,24 @@ > return OK; > } > >+#if OPENSSL_VERSION_NUMBER >= 0x00907001 >+void ssl_openssl_config(server_rec *s, apr_pool_t *p) >+{ >+ SSLModConfigRec *mc = myModConfig(s); >+ if (mc->OPENSSLconfig == TRUE) { >+ if (CONF_modules_load_file(mc->OPENSSLconfigfile, >+ mc->OPENSSLconfigsection ? >+ mc->OPENSSLconfigsection : >+ "apache_conf", 0) <= 0) { >+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, >+ "Init: Failed to configure OpenSSL"); >+ ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); >+ ssl_die(); >+ } >+ } >+} >+#endif >+ > /* > * Support for external a Crypto Device ("engine"), usually > * a hardware accellerator card for crypto operations. >diff --exclude dodiff --exclude '*.l*' --exclude Makefile --exclude modules.mk --exclude stapling.diff -urN /home/steve/apache/ssl.orig/ssl_private.h ./ssl_private.h >--- /home/steve/apache/ssl.orig/ssl_private.h 2006-07-23 12:11:58.000000000 +0100 >+++ ./ssl_private.h 2007-11-19 19:10:27.000000000 +0000 >@@ -371,6 +371,13 @@ > #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) > const char *szCryptoDevice; > #endif >+#if OPENSSL_VERSION_NUMBER >= 0x00907001 >+ /** OpenSSL auto config support */ >+ BOOL OPENSSLconfig; >+ const char *OPENSSLconfigfile; >+ const char *OPENSSLconfigsection; >+#endif >+ > struct { > void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10; > } rCtx; >@@ -493,6 +500,9 @@ > const char *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *); > const char *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *); > const char *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *); >+const char *ssl_cmd_SSLOPENSSLconfig(cmd_parms *, void *, int); >+const char *ssl_cmd_SSLOPENSSLconfigfile(cmd_parms *, void *, const char *); >+const char *ssl_cmd_SSLOPENSSLconfigsection(cmd_parms *, void *, const char *); > const char *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *); > const char *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *); > const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=21172">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 43931
: 21172