git.ipfire.org Git - thirdparty/apache/httpd.git/commit

author	Joe Orton <jorton@apache.org>
	Tue, 5 Dec 2023 15:26:22 +0000 (15:26 +0000)
committer	Joe Orton <jorton@apache.org>
	Tue, 5 Dec 2023 15:26:22 +0000 (15:26 +0000)
commit	cc796e269d7c4f8d105fa46b590c9301c2a55329
tree	7b7b44eb2e557b7e97e8c610324ed0c1e4b685b7	tree
parent	0123a2b0ede05a9fd08b288c624ac76604f80dd4	commit \| diff

mod_ssl: Add support for loading keys from OpenSSL 3.x providers via
the STORE API. Separates compile-time support for the STORE API
(supported in 3.x) from support for the ENGINE API (deprecated in
3.x).

* modules/ssl/ssl_private.h: Define MODSSL_HAVE_OPENSSL_STORE for
  OpenSSL 3.0+.

* modules/ssl/ssl_engine_pphrase.c (modssl_load_store_uri,
  modssl_load_keypair_store): New functions.
  (modssl_load_keypair_engine): Renamed from modssl_load_keypair_engine.
  (modssl_load_engine_keypair): Reimplement to use new STORE-based
  functions if SSLCryptoDevice was not configured, or else old
  ENGINE implementation.

* modules/ssl/ssl_util.c (modssl_is_engine_id): Match pkcs11: URIs
  also for the OpenSSL 3.x STORE API.

* modules/ssl/ssl_engine_init.c (ssl_init_server_certs): Tweak log
  message on error paths for the provider/STORE case.

Signed-off-by: Ingo Franzki <ifranzki linux.ibm.com>
Submitted by: Ingo Franzki <ifranzki linux.ibm.com>
Github: closes #397, closes #398

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1914365 13f79535-47bb-0310-9956-ffa450edef68

changes-entries/ssl-providers.txt	[new file with mode: 0644]	blob
docs/log-message-tags/next-number		diff \| blob \| blame \| history
docs/manual/mod/mod_ssl.xml		diff \| blob \| blame \| history
modules/ssl/ssl_engine_init.c		diff \| blob \| blame \| history
modules/ssl/ssl_engine_pphrase.c		diff \| blob \| blame \| history
modules/ssl/ssl_private.h		diff \| blob \| blame \| history
modules/ssl/ssl_util.c		diff \| blob \| blame \| history