Summary: | Add support for TLS-SRP (RFC 5054) | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Quinn Slack <sqs> |
Component: | mod_ssl | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | sqs |
Priority: | P2 | Keywords: | FixedInTrunk, PatchAvailable |
Version: | 2.5-HEAD | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://trustedhttp.org/wiki/TLS-SRP_in_Apache_mod_ssl | ||
Attachments: | add TLS-SRP (RFC 5054) support to mod_ssl |
Description
Quinn Slack
2011-04-17 17:29:17 UTC
Created attachment 26892 [details]
add TLS-SRP (RFC 5054) support to mod_ssl
(In reply to comment #0) > This patch was originally created by Christophe Renou and Peter Sylvester of > EdelWeb. I updated it to work with Apache 2's mod_ssl. You do have permission to submit the patch under the Apache License, don't you? Some more questions: Is there any documentation for the openssl interface available somewhere? Do you know why SRP_VBASE_init() and SRP_VBASE_new() take char* as argument and not const char*? Committed as r1347980 to trunk. Thanks for the patch. (In reply to comment #2) > (In reply to comment #0) > > This patch was originally created by Christophe Renou and Peter Sylvester of > > EdelWeb. I updated it to work with Apache 2's mod_ssl. good. > > You do have permission to submit the patch under the Apache License, don't > you? I hereby confirm that this is the case. > > Some more questions: Is there any documentation for the openssl interface > available somewhere? Do you know why SRP_VBASE_init() and SRP_VBASE_new() > take char* as argument and not const char*? The original version was made before the "const"ification attempts in openssl. IMO, the srp_vbase stuff should not be used. Instead a dynamic approach, reading from an LDAP or database can be used to retrieve a verifier. this can be done without blocking. fixed in 2.4.4 |