rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

fix build if OpenSSL built w/o SSLv3 support

Browse Source
This commit is contained in:
Joe Orton 2018-09-25 09:43:59 +01:00
parent e6f5630905
commit 1f748ace31
2 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
httpd-2.4.34-enable-sslv3.patch
View File

@ -1,21 +1,22 @@
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 517ce30..075f7e1 100644 https://bugzilla.redhat.com/show_bug.cgi?id=1623165
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c --- httpd-2.4.34/modules/ssl/ssl_engine_config.c.enable-sslv3
@@ -1474,6 +1474,8 @@ static const char *ssl_cmd_protocol_parse(cmd_parms *parms, +++ httpd-2.4.34/modules/ssl/ssl_engine_config.c
@@ -1474,6 +1474,10 @@
#endif #endif
else if (strcEQ(w, "all")) { else if (strcEQ(w, "all")) {
thisopt = SSL_PROTOCOL_ALL; thisopt = SSL_PROTOCOL_ALL;
+ // by default, ALL kw doesn't turn on SSLv3 +#ifndef OPENSSL_NO_SSL3
+ /* by default, ALL kw doesn't turn on SSLv3 */
+ thisopt &= ~SSL_PROTOCOL_SSLV3; + thisopt &= ~SSL_PROTOCOL_SSLV3;
+#endif
} }
else { else {
return apr_pstrcat(parms->temp_pool, return apr_pstrcat(parms->temp_pool,
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c --- httpd-2.4.34/modules/ssl/ssl_engine_init.c.enable-sslv3
index 60df45f..f6645c2 100644 +++ httpd-2.4.34/modules/ssl/ssl_engine_init.c
--- a/modules/ssl/ssl_engine_init.c @@ -537,6 +537,28 @@
+++ b/modules/ssl/ssl_engine_init.c
@@ -537,6 +537,28 @@ static apr_status_t ssl_init_ctx_tls_extensions(server_rec *s,
} }
#endif #endif
@ -44,7 +45,7 @@ index 60df45f..f6645c2 100644
static apr_status_t ssl_init_ctx_protocol(server_rec *s, static apr_status_t ssl_init_ctx_protocol(server_rec *s,
apr_pool_t *p, apr_pool_t *p,
apr_pool_t *ptemp, apr_pool_t *ptemp,
@@ -695,9 +719,13 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, @@ -687,9 +709,13 @@
} }
if (prot == TLS1_1_VERSION && protocol & SSL_PROTOCOL_TLSV1) { if (prot == TLS1_1_VERSION && protocol & SSL_PROTOCOL_TLSV1) {
prot = TLS1_VERSION; prot = TLS1_VERSION;

7
httpd.spec
View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.34 Version: 2.4.34
Release: 8%{?dist} Release: 9%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: index.html Source1: index.html
@ -244,7 +244,7 @@ interface for storing and accessing per-user session data.
%patch58 -p1 -b .r1738878 %patch58 -p1 -b .r1738878
%patch59 -p1 -b .r1555631 %patch59 -p1 -b .r1555631
%patch60 -p1 -b .enablesslv3 %patch60 -p1 -b .enable-sslv3
# Patch in the vendor string # Patch in the vendor string
sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@ -733,6 +733,9 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Tue Sep 25 2018 Joe Orton <jorton@redhat.com> - 2.4.34-9
- fix build if OpenSSL built w/o SSLv3 support
* Fri Sep 21 2018 Joe Orton <jorton@redhat.com> - 2.4.34-8 * Fri Sep 21 2018 Joe Orton <jorton@redhat.com> - 2.4.34-8
- comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in - comment-out SSLProtocol, SSLProxyProtocol from ssl.conf in
default configuration; now follow OpenSSL system default (#1468322) default configuration; now follow OpenSSL system default (#1468322)