new version 2.4.49 (#2005339)

Resolves: #2005339
This commit is contained in:
Luboš Uhliarik 2021-09-17 17:54:23 +02:00
parent d826352e8c
commit 7302c9b133
4 changed files with 9 additions and 124 deletions

1
.gitignore vendored
View File

@ -39,3 +39,4 @@ x86_64
/KEYS /KEYS
/httpd-2.4.46.tar.bz2.asc /httpd-2.4.46.tar.bz2.asc
/httpd-2.4.48.tar.bz2.asc /httpd-2.4.48.tar.bz2.asc
/httpd-2.4.49.tar.bz2.asc

View File

@ -1,117 +0,0 @@
# ./pullrev.sh 1869842
http://svn.apache.org/viewvc?view=revision&revision=1869842
--- httpd-2.4.48/modules/ssl/ssl_engine_config.c.r1869842
+++ httpd-2.4.48/modules/ssl/ssl_engine_config.c
@@ -75,6 +75,10 @@
mc->stapling_refresh_mutex = NULL;
#endif
+#ifdef HAVE_OPENSSL_KEYLOG
+ mc->keylog_file = NULL;
+#endif
+
apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,
apr_pool_cleanup_null,
pool);
--- httpd-2.4.48/modules/ssl/ssl_engine_init.c.r1869842
+++ httpd-2.4.48/modules/ssl/ssl_engine_init.c
@@ -445,6 +445,28 @@
init_bio_methods();
#endif
+#ifdef HAVE_OPENSSL_KEYLOG
+ {
+ const char *logfn = getenv("SSLKEYLOGFILE");
+
+ if (logfn) {
+ rv = apr_file_open(&mc->keylog_file, logfn,
+ APR_FOPEN_CREATE|APR_FOPEN_WRITE|APR_FOPEN_APPEND|APR_FOPEN_LARGEFILE,
+ APR_FPROT_UREAD|APR_FPROT_UWRITE,
+ mc->pPool);
+ if (rv) {
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, rv, s, APLOGNO(10226)
+ "Could not open log file '%s' configured via SSLKEYLOGFILE",
+ logfn);
+ return rv;
+ }
+
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, APLOGNO(10227)
+ "Init: Logging SSL private key material to %s", logfn);
+ }
+ }
+#endif
+
return OK;
}
@@ -806,6 +828,12 @@
* https://github.com/openssl/openssl/issues/7178 */
SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
#endif
+
+#ifdef HAVE_OPENSSL_KEYLOG
+ if (mctx->sc->mc->keylog_file) {
+ SSL_CTX_set_keylog_callback(ctx, modssl_callback_keylog);
+ }
+#endif
return APR_SUCCESS;
}
--- httpd-2.4.48/modules/ssl/ssl_engine_kernel.c.r1869842
+++ httpd-2.4.48/modules/ssl/ssl_engine_kernel.c
@@ -2822,3 +2822,17 @@
}
#endif /* HAVE_SRP */
+
+
+#ifdef HAVE_OPENSSL_KEYLOG
+/* Callback used with SSL_CTX_set_keylog_callback. */
+void modssl_callback_keylog(const SSL *ssl, const char *line)
+{
+ conn_rec *conn = SSL_get_app_data(ssl);
+ SSLSrvConfigRec *sc = mySrvConfig(conn->base_server);
+
+ if (sc && sc->mc->keylog_file) {
+ apr_file_printf(sc->mc->keylog_file, "%s\n", line);
+ }
+}
+#endif
--- httpd-2.4.48/modules/ssl/ssl_private.h.r1869842
+++ httpd-2.4.48/modules/ssl/ssl_private.h
@@ -252,6 +252,10 @@
#endif
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+#define HAVE_OPENSSL_KEYLOG
+#endif
+
/* mod_ssl headers */
#include "ssl_util_ssl.h"
@@ -620,6 +624,11 @@
apr_global_mutex_t *stapling_cache_mutex;
apr_global_mutex_t *stapling_refresh_mutex;
#endif
+
+#ifdef HAVE_OPENSSL_KEYLOG
+ /* Used for logging if SSLKEYLOGFILE is set at startup. */
+ apr_file_t *keylog_file;
+#endif
} SSLModConfigRec;
/** Structure representing configured filenames for certs and keys for
@@ -979,6 +988,11 @@
int ssl_callback_SRPServerParams(SSL *, int *, void *);
#endif
+#ifdef HAVE_OPENSSL_KEYLOG
+/* Callback used with SSL_CTX_set_keylog_callback. */
+void modssl_callback_keylog(const SSL *ssl, const char *line);
+#endif
+
/** I/O */
void ssl_io_filter_init(conn_rec *, request_rec *r, SSL *);
void ssl_io_filter_register(apr_pool_t *);

View File

@ -12,8 +12,8 @@
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.48 Version: 2.4.49
Release: 18%{?dist} Release: 1%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@ -76,7 +76,6 @@ Patch25: httpd-2.4.43-selinux.patch
Patch26: httpd-2.4.43-gettid.patch Patch26: httpd-2.4.43-gettid.patch
Patch27: httpd-2.4.43-icons.patch Patch27: httpd-2.4.43-icons.patch
Patch30: httpd-2.4.43-cachehardmax.patch Patch30: httpd-2.4.43-cachehardmax.patch
Patch32: httpd-2.4.48-r1869842.patch
Patch34: httpd-2.4.43-socket-activation.patch Patch34: httpd-2.4.43-socket-activation.patch
Patch38: httpd-2.4.43-sslciphdefault.patch Patch38: httpd-2.4.43-sslciphdefault.patch
Patch39: httpd-2.4.43-sslprotdefault.patch Patch39: httpd-2.4.43-sslprotdefault.patch
@ -244,7 +243,6 @@ written in the Lua programming language.
%patch26 -p1 -b .gettid %patch26 -p1 -b .gettid
%patch27 -p1 -b .icons %patch27 -p1 -b .icons
%patch30 -p1 -b .cachehardmax %patch30 -p1 -b .cachehardmax
%patch32 -p1 -b .r1869842
%patch34 -p1 -b .socketactivation %patch34 -p1 -b .socketactivation
%patch38 -p1 -b .sslciphdefault %patch38 -p1 -b .sslciphdefault
%patch39 -p1 -b .sslprotdefault %patch39 -p1 -b .sslprotdefault
@ -809,6 +807,9 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Fri Sep 17 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.49-1
- new version 2.4.49 (#2005339)
* Wed Sep 15 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-18 * Wed Sep 15 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.48-18
- Resolves: #2004143 - RFE: mod_ssl: allow sending multiple CA names which - Resolves: #2004143 - RFE: mod_ssl: allow sending multiple CA names which
differ only in case differ only in case

View File

@ -1,3 +1,3 @@
SHA512 (httpd-2.4.48.tar.bz2) = 6c250626f1e7d10428a92d984fd48ff841effcc8705f7816ab71b681bbd51d0012ad158dcd13763fe7d630311f2de258b27574603140d648be42796ab8326724 SHA512 (httpd-2.4.49.tar.bz2) = 418e277232cf30a81d02b8554e31aaae6433bbea842bdb81e47a609469395cc4891183fb6ee02bd669edb2392c2007869b19da29f5998b8fd5c7d3142db310dd
SHA512 (httpd-2.4.48.tar.bz2.asc) = 9f125de75107b04dd01f71e9e233b1602658b49e38371931b98dc1092be8df05cf7243b5564fa2f56f46544bef61a54a721dee5ca17ce823a2302a7c3698a195 SHA512 (httpd-2.4.49.tar.bz2.asc) = f3d31cea838c2f965c6f7bea85afb85e4a12fbbcc5162fb8eebf2ba1e808326f99401e0c7f36bd4cb2f32bbac3c206d0bcb5f5b1b15237cb651c3b43d39f4cf4
SHA512 (KEYS) = 7ab66c64eaa4a152e88a913993c8ea0d9c46fd5865788e7b32a9619784d245cef8bddd9700368e3d63ce88ed94df8933e5892878523dc0fce697331136bb829e SHA512 (KEYS) = 88c848b7ab9e4915d6625dcad3e8328673b0448f2ce76f2c44eecc612cf6afbce3287a4ee7219a44c6fcc61d5ecb2a1a8545456a4a16b90400263d7249cbf192