git.ipfire.org Git - thirdparty/apache/httpd.git/log

]> git.ipfire.org Git - thirdparty/apache/httpd.git/log

projects / thirdparty / apache / httpd.git / log

Doug MacEachern [Sat, 30 Mar 2002 05:16:55 +0000 (05:16 +0000)]

input filter should not return failure when ssl runtime wants to read more

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94328 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Sat, 30 Mar 2002 04:52:48 +0000 (04:52 +0000)]

ssl_io_input_read needs to return something other than APR_SUCCESS
when bucket read from socket was successful,
but there was an error within the ssl runtime.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94327 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Sat, 30 Mar 2002 01:50:10 +0000 (01:50 +0000)]

load SSLProxyMachineCertificate{File,Path}

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94324 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Sat, 30 Mar 2002 01:41:35 +0000 (01:41 +0000)]

enable/cleanup SSL_X509_INFO_load_{file,path} functions for use in
proxy context

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94323 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Cliff Woolley [Sat, 30 Mar 2002 00:00:21 +0000 (00:00 +0000)]

Fix the version string. We want to end up with "mod_ssl/2.0.xx", not
"mod_ssl/Apache/2.0.xx".

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94320 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 17:56:33 +0000 (17:56 +0000)]

add SSLProxyEngine directive.  this was not required in the 1.x based
mod_ssl because the SSL_CTX was created and configured for *every*
request.  unlike in 2.0 where we configure the proxy SSL_CTX at
startup time, which is much better for performance.  but we don't want
to configure a proxy context for every vhost if it isn't going to be
used, for the same reasons we don't create a server context for every
vhost unless SSLEngine is on.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94314 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Cliff Woolley [Fri, 29 Mar 2002 08:17:26 +0000 (08:17 +0000)]

BUCKET FREELISTS

Add an allocator-passing mechanism throughout the bucket brigades API.

From Apache's standpoint, the apr_bucket_alloc_t* used throughout a given
connection is stored in the conn_rec by the create_connection hook. That
means it's the MPM's job to optimize recycling of apr_bucket_alloc_t's --
the MPM must ensure that no two threads can ever use the same one at the
same time, for instance.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94304 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 07:37:28 +0000 (07:37 +0000)]

remove ssl_engine_ext.c

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94302 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 07:36:01 +0000 (07:36 +0000)]

removing old proxy extension code

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94301 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 07:23:09 +0000 (07:23 +0000)]

need to flush output buffer before reading in proxy mode

need to call ssl_hook_process_connection in the output filter in proxy
mode, since proxy hits the output filter before the input filter

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94299 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 07:22:43 +0000 (07:22 +0000)]

in proxy mode we need to SSL_connect rather than SSL_accept in
ssl_hook_process_connection.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94298 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Cliff Woolley [Fri, 29 Mar 2002 07:12:01 +0000 (07:12 +0000)]

These two variables were left uninitialized accidentally.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94297 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 04:50:37 +0000 (04:50 +0000)]

add optional function (ssl_proxy_enable) to turn on ssl proxy

choose SSL_CTX based on SSLConnRec.is_proxy

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94293 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 04:48:01 +0000 (04:48 +0000)]

init proxy context

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94292 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 03:19:12 +0000 (03:19 +0000)]

s/id/mode/ in ssl_cmd_SSLProxyVerify

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94290 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 03:05:49 +0000 (03:05 +0000)]

use ssl_cmd_verify_parse for SSLProxyVerify directive handler

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94289 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 02:59:27 +0000 (02:59 +0000)]

cleanup the proxy context

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94288 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 02:48:20 +0000 (02:48 +0000)]

s/ctx/dcfg/g in ssl directive handlers

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94287 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 02:43:33 +0000 (02:43 +0000)]

enable proxy directives

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94286 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 02:20:58 +0000 (02:20 +0000)]

change existing ssl_init_ctx() to ssl_init_ctx_protocol()

new ssl_init_ctx() inits the lot: protocol, session_cache, callbacks,
verify, cipher suite, crl, cert_chain

new ssl_init_server_ctx function inits everything for sc->server

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94285 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 02:09:59 +0000 (02:09 +0000)]

proxy will have a different verify callback

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94283 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 02:06:57 +0000 (02:06 +0000)]

proxy needs to use client ssl method

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94282 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 02:01:49 +0000 (02:01 +0000)]

setup sc->proxy->sc

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94281 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 02:00:20 +0000 (02:00 +0000)]

add ssl_config_server_new function to fold some duplication in server
create/merge and to make sure merge config is fully inititialized

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94280 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 01:56:40 +0000 (01:56 +0000)]

inititialize and merge proxy config

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94279 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 01:42:04 +0000 (01:42 +0000)]

no point in merging things which are not set until after merge happens.
make a note of those which are set during module init.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94278 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Fri, 29 Mar 2002 01:24:10 +0000 (01:24 +0000)]

'ctx' traditionally refers to an SSL_CTX. change modssl_ctx_t
instances to 'mctx'

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94277 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 19:50:48 +0000 (19:50 +0000)]

ctx->sc is set during init

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94275 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 19:48:31 +0000 (19:48 +0000)]

switch from SSLSrvConfigRec* to modssl_ctx_t* in the ssl_init_ctx*
functions

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94274 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 19:15:03 +0000 (19:15 +0000)]

make merging of modssl_ctx_t's generic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94273 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 18:58:06 +0000 (18:58 +0000)]

moving cfgMerge macros to ssl_engine_config.c, they are not used anywhere else

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94271 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 18:54:52 +0000 (18:54 +0000)]

remove unused cfgMerge{Table,Ctx} macros

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94269 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 18:53:54 +0000 (18:53 +0000)]

moving protocol location

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94268 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 18:50:07 +0000 (18:50 +0000)]

breakup SSLSrvConfigRec in preparation for proxy support:
+ modssl_pk_server_t - certs/keys for the server
+ modssl_pk_proxy_t  - certs/keys for the proxy
+ modssl_auth_ctx_t  - stuff related to authentication that can also
                       be per-dir, used by both server and proxy
+ modssl_ctx_t       - context that can be used by both server and proxy
+ SSLSrvConfigRec    - now contains original stuff specific to the
                       server config and modssl_ctx_t *server, *proxy

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94267 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 17:23:50 +0000 (17:23 +0000)]

ripping out some proxy stuff that isn't currently in use and is going
to change anyhow.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94266 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 17:16:41 +0000 (17:16 +0000)]

already added configure check for SSL_set_cert_store

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94265 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 17:11:12 +0000 (17:11 +0000)]

de-hungarian-ize server config member names which are going to stay

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94264 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 16:47:36 +0000 (16:47 +0000)]

reorder a bit of the server config structure, moving items that are
going to stay there to the top.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94263 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 02:51:52 +0000 (02:51 +0000)]

remove error msg hint that is no longer true

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94261 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 02:46:28 +0000 (02:46 +0000)]

fixup naming:
ssl_init_ctx_* will be used for both proxy and server
ssl_init_server_* is specific to the server

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94260 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 02:40:01 +0000 (02:40 +0000)]

move context callback setting to ssl_init_ctx_callbacks function

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94259 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 02:36:05 +0000 (02:36 +0000)]

move server cert/key initialization to ssl_init_server_certs function

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94258 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 02:28:06 +0000 (02:28 +0000)]

copy DSA params to server server during key import

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94257 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 02:09:58 +0000 (02:09 +0000)]

fix logic from last commit, need to always try importing _both_ rsa
and dsa

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94256 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 02:01:03 +0000 (02:01 +0000)]

fold some duplication into generic ssl_server_import_key function

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94255 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 01:47:50 +0000 (01:47 +0000)]

fold some duplication into generic ssl_server_import_cert function

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94253 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 01:32:41 +0000 (01:32 +0000)]

move server cert checking into generic ssl_check_public_cert function.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94252 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 01:14:53 +0000 (01:14 +0000)]

move server specific init config checks into ssl_init_check_server
function (ssl_init_check_proxy will be different)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94250 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 01:07:20 +0000 (01:07 +0000)]

break out certificate chain initialization into
ssl_init_cert_chain function

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94249 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Thu, 28 Mar 2002 00:34:13 +0000 (00:34 +0000)]

there is a heaping pile of:
ssl_log(s, flags, "Init: (%s) ...", sc->szVHostID)
add SSL_INIT flag to cut down some noise and end up with:
ssl_log(s, flags, "...")

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94247 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 23:53:27 +0000 (23:53 +0000)]

break out certificate revocation list initialization into
ssl_init_crl function

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94246 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 23:49:09 +0000 (23:49 +0000)]

break out cipher suite initialization into ssl_init_cipher_suite function

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94245 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 23:35:31 +0000 (23:35 +0000)]

"new" is a c++ keyword; s/new/mrg/g in config merge functions

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94244 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 23:25:58 +0000 (23:25 +0000)]

move warning about session cache not being configured to ssl_scache_init

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94243 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 23:19:08 +0000 (23:19 +0000)]

break out SSL_CTX session initialization into
ssl_init_session_cache_ctx function

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94242 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 22:31:33 +0000 (22:31 +0000)]

add license

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94239 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Cliff Woolley [Wed, 27 Mar 2002 21:16:37 +0000 (21:16 +0000)]

"Oops" has two o's in it. :)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94235 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 21:14:49 +0000 (21:14 +0000)]

break SSL_CTX initialization into ssl_init_ctx function

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94234 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 21:07:08 +0000 (21:07 +0000)]

(starting to break apart the init code into smaller, generic functions,
preparing for proxy support)

break out verify code into ssl_init_verify function.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94233 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 19:38:05 +0000 (19:38 +0000)]

bringing back MOD_SSL_VERSION macro, define it to AP_SERVER_BASEVERSION

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94231 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 19:11:11 +0000 (19:11 +0000)]

adjustment for sslc where its PEM_read_bio_PrivateKey does not take a
callback arg.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94230 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 18:46:49 +0000 (18:46 +0000)]

static-ize {write,read}tty variables

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94227 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 18:20:37 +0000 (18:20 +0000)]

move prototype for modssl_session_get_time to ssl_util_ssl.h

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94226 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 18:19:44 +0000 (18:19 +0000)]

add modssl_dh_configure() function to fold some duplication in
get_dh{512,1024} and provide toolkit compat for sslc 2.x

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94225 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 17:02:56 +0000 (17:02 +0000)]

add configure checks for ssl functions:
-SSL_set_state: macro in OpenSSL, might be a function in a patched sslc
-SSL_set_cert_store: patch submitted to OpenSSL, might be applied to
OpenSSL or sslc

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94223 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 06:01:03 +0000 (06:01 +0000)]

fix doofo in last commit

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94218 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 05:58:31 +0000 (05:58 +0000)]

sslc 1.x does not have an x509v3.h

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94217 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 05:50:56 +0000 (05:50 +0000)]

sslc does not currently support X509V3_EXT_d2i

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94216 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 04:02:46 +0000 (04:02 +0000)]

toolkit compat for PEM_read_bio_PrivateKey

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94215 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:58:26 +0000 (03:58 +0000)]

use compat macro for another PEM_read_bio_X509

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94214 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:56:02 +0000 (03:56 +0000)]

toolkit compat for PEM_read_bio_X509

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94213 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:46:36 +0000 (03:46 +0000)]

adjust to another const char vs char mismatch between OpenSSL and sslc

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94212 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:42:21 +0000 (03:42 +0000)]

use SSL_SESSION_ api since SSL_SESSION cannot be dereferenced when using sslc

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94211 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:33:57 +0000 (03:33 +0000)]

typo fix s/EDG/EGD/g

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94210 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:31:23 +0000 (03:31 +0000)]

modssl_set_cipher_list was in the wrong place for OpenSSL

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94209 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:28:52 +0000 (03:28 +0000)]

RAND_status macro was in the wrong place

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94208 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:27:13 +0000 (03:27 +0000)]

sslc does not currently support RAND_egd or RAND_status

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94207 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:13:32 +0000 (03:13 +0000)]

in sslc PEM_F_DEF_CALLBACK == PEM_F_DEF_CB

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94206 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:11:22 +0000 (03:11 +0000)]

2nd arg to SSL_set_cipher_list in sslc is char *

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94205 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:09:11 +0000 (03:09 +0000)]

sslc 1.x SSL_set_verify only takes 2 args

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94204 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:04:24 +0000 (03:04 +0000)]

sslc does not currently implement an SSL_set_state function

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94203 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 03:02:10 +0000 (03:02 +0000)]

sslc adds a second, unused param to X509_verify_cert

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94202 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 02:53:38 +0000 (02:53 +0000)]

sslc does not have a safestack.h, implement a minimal subset required
for mod_ssl

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94201 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 02:50:43 +0000 (02:50 +0000)]

some compat macros for sslc 1.x

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94200 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 02:28:15 +0000 (02:28 +0000)]

moving OpenSSL+sslc compat foo to ssl_toolkit_compat.h

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94199 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 01:58:15 +0000 (01:58 +0000)]

3rd arg of BIO callbacks in 'const char' in OpenSSL and 'char' in sslc,
make both happy.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94198 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 01:50:43 +0000 (01:50 +0000)]

OpenSSL uses void * for callback data, sslc uses char *,
cast to void * to make both happy.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94197 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 01:28:20 +0000 (01:28 +0000)]

add modssl_session_get_time() function to give mod_ssl what it needs
from SSL_SESSION_get_time() if using OpenSSL or sslc.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94195 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 00:46:07 +0000 (00:46 +0000)]

another step towards compatiblity with rsa sslc:
define the STACK_OF macro if not already defined.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94194 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Wed, 27 Mar 2002 00:32:07 +0000 (00:32 +0000)]

configure already checks OpenSSL version so dont bother here

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94193 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Tue, 26 Mar 2002 17:29:36 +0000 (17:29 +0000)]

note about the temporary DH keys

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94181 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Tue, 26 Mar 2002 17:17:27 +0000 (17:17 +0000)]

a few updates

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94180 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Tue, 26 Mar 2002 16:57:49 +0000 (16:57 +0000)]

per-dir SSLCACertificate{File,Path} cannot use SSL_CTX_set_cert_store
as the 1.x based module does, since the function is not thread-safe.
a patch has been submitted to OpenSSL to support SSL_set_cert_store
which is thread safe. this feature is enabled by default in the
current 1.x based module, we only enable it if the SSL_set_cert_store
function is available.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94179 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Tue, 26 Mar 2002 15:49:37 +0000 (15:49 +0000)]

constificationization of some char * config items

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94177 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Tue, 26 Mar 2002 15:42:21 +0000 (15:42 +0000)]

performance enhancement: mod_ssl config directives that can have both
a per-server and per-dir context were configuring the per-dir context
for per-server commands. this triggered ssl_hook_Access to always
compare the per-server context against per-dir configs that were
exactly the same.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94176 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Tue, 26 Mar 2002 00:49:37 +0000 (00:49 +0000)]

correct comment in previous change

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94171 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Doug MacEachern [Tue, 26 Mar 2002 00:30:47 +0000 (00:30 +0000)]

PR:
Obtained from:
Submitted by:
Reviewed by:
fix bug seen on win32 with netscape client where output filter is run
triggered by lingering_close after ssl_hook_CloseConnection has been called

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94170 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Jeff Trawick [Fri, 22 Mar 2002 00:59:23 +0000 (00:59 +0000)]

the mod_ssl provided with Apache >= 2.0 no longer has an independent
version number

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94111 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Cliff Woolley [Mon, 18 Mar 2002 03:19:30 +0000 (03:19 +0000)]

Fix a possibly-uninitialized warning and a boolean logic bug

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93992 13f79535-47bb-0310-9956-ffa450edef68

commit | commitdiff | tree

Cliff Woolley [Mon, 18 Mar 2002 03:18:47 +0000 (03:18 +0000)]

Fix some possibly-uninitialized warnings and some incorrect format strings

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93991 13f79535-47bb-0310-9956-ffa450edef68

Mirror of https://github.com/apache/httpd.git

RSS Atom