From 7e10e903e3c8c1f69b01dd4e2e166b7fa634ab1c Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Thu, 7 Jun 2012 11:09:21 +0100 Subject: [PATCH] mod_ssl: fix NPN patch merge --- httpd-2.4.2-r1332643+.patch | 71 +++++++++++++++++++------------------ httpd.spec | 5 ++- 2 files changed, 41 insertions(+), 35 deletions(-) diff --git a/httpd-2.4.2-r1332643+.patch b/httpd-2.4.2-r1332643+.patch index a8ff500..be9b984 100644 --- a/httpd-2.4.2-r1332643+.patch +++ b/httpd-2.4.2-r1332643+.patch @@ -6,31 +6,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1332643 http://svn.apache.org/viewvc?view=revision&revision=1345599 ---- httpd-2.4.2/modules/ssl/ssl_private.h -+++ httpd-2.4.2/modules/ssl/ssl_private.h -@@ -139,6 +139,11 @@ - #define HAVE_FIPS - #endif - -+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ -+ && !defined(OPENSSL_NO_TLSEXT) -+#define HAVE_TLS_NPN -+#endif -+ - #if (OPENSSL_VERSION_NUMBER >= 0x10000000) - #define MODSSL_SSL_CIPHER_CONST const - #define MODSSL_SSL_METHOD_CONST const -@@ -811,6 +816,7 @@ - int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, - EVP_CIPHER_CTX *, HMAC_CTX *, int); - #endif -+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); - - /** Session Cache Support */ - void ssl_scache_init(server_rec *, apr_pool_t *); ---- httpd-2.4.2/modules/ssl/mod_ssl.c +--- httpd-2.4.2/modules/ssl/mod_ssl.c.r1332643+ +++ httpd-2.4.2/modules/ssl/mod_ssl.c -@@ -260,6 +260,18 @@ +@@ -260,6 +260,18 @@ static const command_rec ssl_config_cmds AP_END_CMD }; @@ -49,9 +27,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 /* * the various processing hooks */ ---- httpd-2.4.2/modules/ssl/mod_ssl.h +--- httpd-2.4.2/modules/ssl/mod_ssl.h.r1332643+ +++ httpd-2.4.2/modules/ssl/mod_ssl.h -@@ -63,5 +63,26 @@ +@@ -63,5 +63,26 @@ APR_DECLARE_OPTIONAL_FN(int, ssl_proxy_e APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); @@ -78,9 +56,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 + #endif /* __MOD_SSL_H__ */ /** @} */ ---- httpd-2.4.2/modules/ssl/ssl_engine_init.c +--- httpd-2.4.2/modules/ssl/ssl_engine_init.c.r1332643+ +++ httpd-2.4.2/modules/ssl/ssl_engine_init.c -@@ -681,6 +681,11 @@ +@@ -681,6 +681,11 @@ static void ssl_init_ctx_callbacks(serve #endif SSL_CTX_set_info_callback(ctx, ssl_callback_Info); @@ -92,7 +70,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 } static void ssl_init_ctx_verify(server_rec *s, ---- httpd-2.4.2/modules/ssl/ssl_engine_io.c +--- httpd-2.4.2/modules/ssl/ssl_engine_io.c.r1332643+ +++ httpd-2.4.2/modules/ssl/ssl_engine_io.c @@ -28,6 +28,7 @@ core keeps dumping.'' @@ -102,7 +80,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 #include "apr_date.h" /* _________________________________________________________________ -@@ -297,6 +298,7 @@ +@@ -297,6 +298,7 @@ typedef struct { apr_pool_t *pool; char buffer[AP_IOBUFSIZE]; ssl_filter_ctx_t *filter_ctx; @@ -110,7 +88,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 } bio_filter_in_ctx_t; /* -@@ -1374,6 +1376,26 @@ +@@ -1364,6 +1366,26 @@ static apr_status_t ssl_io_filter_input( APR_BRIGADE_INSERT_TAIL(bb, bucket); } @@ -137,7 +115,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 return APR_SUCCESS; } -@@ -1855,6 +1877,7 @@ +@@ -1845,6 +1867,7 @@ static void ssl_io_input_add_filter(ssl_ inctx->block = APR_BLOCK_READ; inctx->pool = c->pool; inctx->filter_ctx = filter_ctx; @@ -145,7 +123,7 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 } /* The request_rec pointer is passed in here only to ensure that the ---- httpd-2.4.2/modules/ssl/ssl_engine_kernel.c +--- httpd-2.4.2/modules/ssl/ssl_engine_kernel.c.r1332643+ +++ httpd-2.4.2/modules/ssl/ssl_engine_kernel.c @@ -29,6 +29,7 @@ time I was too famous.'' @@ -155,7 +133,10 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 #include "util_md5.h" static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); -@@ -2145,0 +2147,83 @@ +@@ -2164,3 +2165,86 @@ int ssl_callback_SessionTicket(SSL *ssl, + return -1; + } + #endif + +#ifdef HAVE_TLS_NPN +/* @@ -239,3 +220,25 @@ http://svn.apache.org/viewvc?view=revision&revision=1345599 + return SSL_TLSEXT_ERR_OK; +} +#endif +--- httpd-2.4.2/modules/ssl/ssl_private.h.r1332643+ ++++ httpd-2.4.2/modules/ssl/ssl_private.h +@@ -139,6 +139,11 @@ + #define HAVE_FIPS + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ ++ && !defined(OPENSSL_NO_TLSEXT) ++#define HAVE_TLS_NPN ++#endif ++ + #if (OPENSSL_VERSION_NUMBER >= 0x10000000) + #define MODSSL_SSL_CIPHER_CONST const + #define MODSSL_SSL_METHOD_CONST const +@@ -807,6 +812,7 @@ int ssl_callback_ServerNameIndi + int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *, + EVP_CIPHER_CTX *, HMAC_CTX *, int); + #endif ++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); + + /** Session Cache Support */ + void ssl_scache_init(server_rec *, apr_pool_t *); diff --git a/httpd.spec b/httpd.spec index 94cf9e9..8313b3e 100644 --- a/httpd.spec +++ b/httpd.spec @@ -8,7 +8,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.2 -Release: 15%{?dist} +Release: 16%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -567,6 +567,9 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/rpm/macros.httpd %changelog +* Thu Jun 7 2012 Joe Orton - 2.4.2-16 +- mod_ssl: fix NPN patch merge + * Wed Jun 6 2012 Joe Orton - 2.4.2-15 - move tmpfiles.d fragment into /usr/lib per new guidelines - package /run/httpd not /var/run/httpd