add Conflicts: with mod_nss
This commit is contained in:
parent
a2204eef19
commit
2c9507d609
@ -1,118 +0,0 @@
|
|||||||
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
|
|
||||||
index 12617b2..0fe7464 100644
|
|
||||||
--- a/modules/ssl/mod_ssl.c
|
|
||||||
+++ b/modules/ssl/mod_ssl.c
|
|
||||||
@@ -459,6 +459,10 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
|
|
||||||
return OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
+static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *othermod_engine_disable;
|
|
||||||
+static APR_OPTIONAL_FN_TYPE(ssl_engine_set) *othermod_engine_set;
|
|
||||||
+
|
|
||||||
+
|
|
||||||
static SSLConnRec *ssl_init_connection_ctx(conn_rec *c,
|
|
||||||
ap_conf_vector_t *per_dir_config,
|
|
||||||
int new_proxy)
|
|
||||||
@@ -466,6 +470,10 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c,
|
|
||||||
SSLConnRec *sslconn = myConnConfig(c);
|
|
||||||
int need_setup = 0;
|
|
||||||
|
|
||||||
+ if (othermod_engine_disable) {
|
|
||||||
+ othermod_engine_disable(c);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* mod_proxy's (r->)per_dir_config has the lifetime of the request, thus
|
|
||||||
* it uses ssl_engine_set() to reset sslconn->dc when reusing SSL backend
|
|
||||||
* connections, so we must fall through here. But in the case where we are
|
|
||||||
@@ -544,6 +552,10 @@ static int ssl_engine_set(conn_rec *c,
|
|
||||||
{
|
|
||||||
SSLConnRec *sslconn;
|
|
||||||
int status;
|
|
||||||
+
|
|
||||||
+ if (othermod_engine_set) {
|
|
||||||
+ return othermod_engine_set(c, per_dir_config, proxy, enable);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (proxy) {
|
|
||||||
sslconn = ssl_init_connection_ctx(c, per_dir_config, 1);
|
|
||||||
@@ -572,12 +584,18 @@ static int ssl_engine_set(conn_rec *c,
|
|
||||||
|
|
||||||
static int ssl_proxy_enable(conn_rec *c)
|
|
||||||
{
|
|
||||||
- return ssl_engine_set(c, NULL, 1, 1);
|
|
||||||
+ if (othermod_engine_set)
|
|
||||||
+ return othermod_engine_set(c, NULL, 1, 1);
|
|
||||||
+ else
|
|
||||||
+ return ssl_engine_set(c, NULL, 1, 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int ssl_engine_disable(conn_rec *c)
|
|
||||||
{
|
|
||||||
- return ssl_engine_set(c, NULL, 0, 0);
|
|
||||||
+ if (othermod_engine_set)
|
|
||||||
+ return othermod_engine_set(c, NULL, 0, 0);
|
|
||||||
+ else
|
|
||||||
+ return ssl_engine_set(c, NULL, 0, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
|
|
||||||
@@ -753,6 +771,9 @@ static void ssl_register_hooks(apr_pool_t *p)
|
|
||||||
APR_HOOK_MIDDLE);
|
|
||||||
|
|
||||||
ssl_var_register(p);
|
|
||||||
+
|
|
||||||
+ othermod_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);
|
|
||||||
+ othermod_engine_set = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_set);
|
|
||||||
|
|
||||||
APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
|
|
||||||
APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
|
|
||||||
diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
|
|
||||||
index 5724f18..81c56ba 100644
|
|
||||||
--- a/modules/ssl/ssl_engine_vars.c
|
|
||||||
+++ b/modules/ssl/ssl_engine_vars.c
|
|
||||||
@@ -54,6 +54,8 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, SSLConnRec *sslconn, char
|
|
||||||
static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
|
|
||||||
static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
|
|
||||||
static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl);
|
|
||||||
+static APR_OPTIONAL_FN_TYPE(ssl_is_https) *othermod_is_https;
|
|
||||||
+static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *othermod_var_lookup;
|
|
||||||
|
|
||||||
static SSLConnRec *ssl_get_effective_config(conn_rec *c)
|
|
||||||
{
|
|
||||||
@@ -68,7 +70,9 @@ static SSLConnRec *ssl_get_effective_config(conn_rec *c)
|
|
||||||
static int ssl_is_https(conn_rec *c)
|
|
||||||
{
|
|
||||||
SSLConnRec *sslconn = ssl_get_effective_config(c);
|
|
||||||
- return sslconn && sslconn->ssl;
|
|
||||||
+
|
|
||||||
+ return (sslconn && sslconn->ssl)
|
|
||||||
+ || (othermod_is_https && othermod_is_https(c));
|
|
||||||
}
|
|
||||||
|
|
||||||
static const char var_interface[] = "mod_ssl/" AP_SERVER_BASEREVISION;
|
|
||||||
@@ -137,6 +141,9 @@ void ssl_var_register(apr_pool_t *p)
|
|
||||||
{
|
|
||||||
char *cp, *cp2;
|
|
||||||
|
|
||||||
+ othermod_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
|
|
||||||
+ othermod_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
|
|
||||||
+
|
|
||||||
APR_REGISTER_OPTIONAL_FN(ssl_is_https);
|
|
||||||
APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
|
|
||||||
APR_REGISTER_OPTIONAL_FN(ssl_ext_list);
|
|
||||||
@@ -271,6 +278,15 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
|
|
||||||
*/
|
|
||||||
if (result == NULL && c != NULL) {
|
|
||||||
SSLConnRec *sslconn = ssl_get_effective_config(c);
|
|
||||||
+
|
|
||||||
+ if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
|
|
||||||
+ && (!sslconn || !sslconn->ssl) && othermod_var_lookup) {
|
|
||||||
+ /* For an SSL_* variable, if mod_ssl is not enabled for
|
|
||||||
+ * this connection and another SSL module is present, pass
|
|
||||||
+ * through to that module. */
|
|
||||||
+ return othermod_var_lookup(p, s, c, r, var);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
|
|
||||||
&& sslconn && sslconn->ssl)
|
|
||||||
result = ssl_var_lookup_ssl(p, sslconn, r, var+4);
|
|
@ -13,7 +13,7 @@
|
|||||||
Summary: Apache HTTP Server
|
Summary: Apache HTTP Server
|
||||||
Name: httpd
|
Name: httpd
|
||||||
Version: 2.4.46
|
Version: 2.4.46
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
URL: https://httpd.apache.org/
|
URL: https://httpd.apache.org/
|
||||||
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
|
||||||
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
|
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
|
||||||
@ -75,7 +75,6 @@ Patch25: httpd-2.4.43-selinux.patch
|
|||||||
Patch26: httpd-2.4.43-gettid.patch
|
Patch26: httpd-2.4.43-gettid.patch
|
||||||
Patch27: httpd-2.4.43-icons.patch
|
Patch27: httpd-2.4.43-icons.patch
|
||||||
Patch30: httpd-2.4.43-cachehardmax.patch
|
Patch30: httpd-2.4.43-cachehardmax.patch
|
||||||
Patch31: httpd-2.4.43-sslmultiproxy.patch
|
|
||||||
Patch34: httpd-2.4.43-socket-activation.patch
|
Patch34: httpd-2.4.43-socket-activation.patch
|
||||||
Patch38: httpd-2.4.43-sslciphdefault.patch
|
Patch38: httpd-2.4.43-sslciphdefault.patch
|
||||||
Patch39: httpd-2.4.43-sslprotdefault.patch
|
Patch39: httpd-2.4.43-sslprotdefault.patch
|
||||||
@ -169,6 +168,8 @@ Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
|
|||||||
Requires: sscg >= 2.2.0, /usr/bin/hostname
|
Requires: sscg >= 2.2.0, /usr/bin/hostname
|
||||||
# Require an OpenSSL which supports PROFILE=SYSTEM
|
# Require an OpenSSL which supports PROFILE=SYSTEM
|
||||||
Conflicts: openssl-libs < 1:1.0.1h-4
|
Conflicts: openssl-libs < 1:1.0.1h-4
|
||||||
|
# mod_ssl/mod_nss cannot both be loaded simultaneously
|
||||||
|
Conflicts: mod_nss
|
||||||
|
|
||||||
%description -n mod_ssl
|
%description -n mod_ssl
|
||||||
The mod_ssl module provides strong cryptography for the Apache HTTP
|
The mod_ssl module provides strong cryptography for the Apache HTTP
|
||||||
@ -228,7 +229,6 @@ written in the Lua programming language.
|
|||||||
%patch26 -p1 -b .gettid
|
%patch26 -p1 -b .gettid
|
||||||
%patch27 -p1 -b .icons
|
%patch27 -p1 -b .icons
|
||||||
%patch30 -p1 -b .cachehardmax
|
%patch30 -p1 -b .cachehardmax
|
||||||
#patch31 -p1 -b .sslmultiproxy
|
|
||||||
%patch34 -p1 -b .socketactivation
|
%patch34 -p1 -b .socketactivation
|
||||||
%patch38 -p1 -b .sslciphdefault
|
%patch38 -p1 -b .sslciphdefault
|
||||||
%patch39 -p1 -b .sslprotdefault
|
%patch39 -p1 -b .sslprotdefault
|
||||||
@ -779,6 +779,9 @@ exit $rv
|
|||||||
%{_rpmconfigdir}/macros.d/macros.httpd
|
%{_rpmconfigdir}/macros.d/macros.httpd
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Feb 23 2021 Joe Orton <jorton@redhat.com> - 2.4.46-10
|
||||||
|
- add Conflicts: with mod_nss
|
||||||
|
|
||||||
* Mon Feb 01 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-9
|
* Mon Feb 01 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.46-9
|
||||||
- Resolves: #1914182 - RFE: CustomLog should be able to use journald
|
- Resolves: #1914182 - RFE: CustomLog should be able to use journald
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user