rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update PKCS#11 patch.

Browse Source
This commit is contained in:
Joe Orton 2019-01-23 13:04:05 +01:00
parent 1810bd511f
commit a18552330d
2 changed files with 40 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
httpd-2.4.38-r1830819+.patch
View File

@ -11,9 +11,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index d276fea..5467d23 100644 index d276fea..5467d23 100644
--- a/modules/ssl/ssl_engine_config.c --- httpd-2.4.38/modules/ssl/ssl_engine_config.c.r1830819+
+++ b/modules/ssl/ssl_engine_config.c +++ httpd-2.4.38/modules/ssl/ssl_engine_config.c
@@ -919,7 +919,9 @@ const char *ssl_cmd_SSLCertificateFile(cmd_parms *cmd, @@ -916,7 +916,9 @@
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
const char *err; const char *err;
@ -24,7 +24,7 @@ index d276fea..5467d23 100644
return err; return err;
} }
@@ -935,7 +937,9 @@ const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd, @@ -932,7 +934,9 @@
SSLSrvConfigRec *sc = mySrvConfig(cmd->server); SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
const char *err; const char *err;
@ -35,11 +35,9 @@ index d276fea..5467d23 100644
return err; return err;
} }
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c --- httpd-2.4.38/modules/ssl/ssl_engine_init.c.r1830819+
index 8ba3486..e1b0844 100644 +++ httpd-2.4.38/modules/ssl/ssl_engine_init.c
--- a/modules/ssl/ssl_engine_init.c @@ -1228,12 +1228,18 @@
+++ b/modules/ssl/ssl_engine_init.c
@@ -1264,12 +1264,18 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
(certfile = APR_ARRAY_IDX(mctx->pks->cert_files, i, (certfile = APR_ARRAY_IDX(mctx->pks->cert_files, i,
const char *)); const char *));
i++) { i++) {
@ -59,7 +57,7 @@ index 8ba3486..e1b0844 100644
if ((SSL_CTX_use_certificate_file(mctx->ssl_ctx, certfile, if ((SSL_CTX_use_certificate_file(mctx->ssl_ctx, certfile,
SSL_FILETYPE_PEM) < 1)) { SSL_FILETYPE_PEM) < 1)) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02561) ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02561)
@@ -1298,12 +1304,46 @@ static apr_status_t ssl_init_server_certs(server_rec *s, @@ -1262,12 +1268,46 @@
ERR_clear_error(); ERR_clear_error();
@ -111,7 +109,7 @@ index 8ba3486..e1b0844 100644
const unsigned char *ptr; const unsigned char *ptr;
ERR_clear_error(); ERR_clear_error();
@@ -1390,8 +1430,9 @@ static apr_status_t ssl_init_server_certs(server_rec *s, @@ -1354,8 +1394,9 @@
/* /*
* Try to read DH parameters from the (first) SSLCertificateFile * Try to read DH parameters from the (first) SSLCertificateFile
*/ */
@ -123,7 +121,7 @@ index 8ba3486..e1b0844 100644
SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams); SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540) ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
"Custom DH parameters (%d bits) for %s loaded from %s", "Custom DH parameters (%d bits) for %s loaded from %s",
@@ -1403,10 +1444,10 @@ static apr_status_t ssl_init_server_certs(server_rec *s, @@ -1367,10 +1408,10 @@
/* /*
* Similarly, try to read the ECDH curve name from SSLCertificateFile... * Similarly, try to read the ECDH curve name from SSLCertificateFile...
*/ */
@ -138,11 +136,9 @@ index 8ba3486..e1b0844 100644
SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey); SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541) ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541)
"ECDH curve %s for %s specified in %s", "ECDH curve %s for %s specified in %s",
diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c --- httpd-2.4.38/modules/ssl/ssl_engine_pphrase.c.r1830819+
index 8c29443..d5d33f7 100644 +++ httpd-2.4.38/modules/ssl/ssl_engine_pphrase.c
--- a/modules/ssl/ssl_engine_pphrase.c @@ -143,8 +143,6 @@
+++ b/modules/ssl/ssl_engine_pphrase.c
@@ -143,8 +143,6 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
const char *key_id = asn1_table_vhost_key(mc, p, sc->vhost_id, idx); const char *key_id = asn1_table_vhost_key(mc, p, sc->vhost_id, idx);
EVP_PKEY *pPrivateKey = NULL; EVP_PKEY *pPrivateKey = NULL;
ssl_asn1_t *asn1; ssl_asn1_t *asn1;
@ -151,7 +147,16 @@ index 8c29443..d5d33f7 100644
int nPassPhrase = (*pphrases)->nelts; int nPassPhrase = (*pphrases)->nelts;
int nPassPhraseRetry = 0; int nPassPhraseRetry = 0;
apr_time_t pkey_mtime = 0; apr_time_t pkey_mtime = 0;
@@ -351,19 +349,12 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, @@ -221,7 +219,7 @@
* is not empty. */
ERR_clear_error();
- pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file, NULL,
+ pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file,
ssl_pphrase_Handle_CB, &ppcb_arg);
/* If the private key was successfully read, nothing more to
do here. */
@@ -351,19 +349,12 @@
nPassPhrase++; nPassPhrase++;
} }
@ -174,7 +179,7 @@ index 8c29443..d5d33f7 100644
asn1->source_mtime = pkey_mtime; asn1->source_mtime = pkey_mtime;
} }
@@ -614,3 +605,288 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv) @@ -614,3 +605,288 @@
*/ */
return (len); return (len);
} }
@ -463,11 +468,9 @@ index 8c29443..d5d33f7 100644
+ return APR_SUCCESS; + return APR_SUCCESS;
+} +}
+#endif +#endif
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h --- httpd-2.4.38/modules/ssl/ssl_private.h.r1830819+
index f46814d..1fdde13 100644 +++ httpd-2.4.38/modules/ssl/ssl_private.h
--- a/modules/ssl/ssl_private.h @@ -1002,21 +1002,28 @@
+++ b/modules/ssl/ssl_private.h
@@ -1002,21 +1002,28 @@ BOOL ssl_util_vhost_matches(const char *servername, server_rec *s);
apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int, apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int,
const char *, apr_array_header_t **); const char *, apr_array_header_t **);
@ -505,7 +508,7 @@ index f46814d..1fdde13 100644
/** Mutex Support */ /** Mutex Support */
int ssl_mutex_init(server_rec *, apr_pool_t *); int ssl_mutex_init(server_rec *, apr_pool_t *);
@@ -1109,6 +1116,10 @@ int modssl_request_is_tls(const request_rec *r, SSLConnRec **sslconn); @@ -1109,6 +1116,10 @@
int ssl_is_challenge(conn_rec *c, const char *servername, int ssl_is_challenge(conn_rec *c, const char *servername,
X509 **pcert, EVP_PKEY **pkey); X509 **pcert, EVP_PKEY **pkey);
@ -516,11 +519,9 @@ index f46814d..1fdde13 100644
#endif /* SSL_PRIVATE_H */ #endif /* SSL_PRIVATE_H */
/** @} */ /** @} */
diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c --- httpd-2.4.38/modules/ssl/ssl_util.c.r1830819+
index 0d23465..223b385 100644 +++ httpd-2.4.38/modules/ssl/ssl_util.c
--- a/modules/ssl/ssl_util.c @@ -192,45 +192,37 @@
+++ b/modules/ssl/ssl_util.c
@@ -192,45 +192,37 @@ BOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p)
return TRUE; return TRUE;
} }
@ -582,7 +583,7 @@ index 0d23465..223b385 100644
} }
ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table, ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
@@ -480,3 +472,13 @@ void ssl_util_thread_id_setup(apr_pool_t *p) @@ -480,3 +472,13 @@
} }
#endif /* #if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API */ #endif /* #if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API */
@ -596,11 +597,9 @@ index 0d23465..223b385 100644
+ return 0; + return 0;
+#endif +#endif
+} +}
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c --- httpd-2.4.38/modules/ssl/ssl_util_ssl.c.r1830819+
index b7f0eca..4fa089b 100644 +++ httpd-2.4.38/modules/ssl/ssl_util_ssl.c
--- a/modules/ssl/ssl_util_ssl.c @@ -74,7 +74,7 @@
+++ b/modules/ssl/ssl_util_ssl.c
@@ -74,7 +74,7 @@ void modssl_set_app_data2(SSL *ssl, void *arg)
** _________________________________________________________________ ** _________________________________________________________________
*/ */
@ -609,7 +608,7 @@ index b7f0eca..4fa089b 100644
{ {
EVP_PKEY *rc; EVP_PKEY *rc;
BIO *bioS; BIO *bioS;
@@ -83,7 +83,7 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw @@ -83,7 +83,7 @@
/* 1. try PEM (= DER+Base64+headers) */ /* 1. try PEM (= DER+Base64+headers) */
if ((bioS=BIO_new_file(filename, "r")) == NULL) if ((bioS=BIO_new_file(filename, "r")) == NULL)
return NULL; return NULL;
@ -618,7 +617,7 @@ index b7f0eca..4fa089b 100644
BIO_free(bioS); BIO_free(bioS);
if (rc == NULL) { if (rc == NULL) {
@@ -107,41 +107,9 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw @@ -107,41 +107,9 @@
BIO_free(bioS); BIO_free(bioS);
} }
} }
@ -660,10 +659,8 @@ index b7f0eca..4fa089b 100644
/* _________________________________________________________________ /* _________________________________________________________________
** **
** Smart shutdown ** Smart shutdown
diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h --- httpd-2.4.38/modules/ssl/ssl_util_ssl.h.r1830819+
index c67dacf..d6307d9 100644 +++ httpd-2.4.38/modules/ssl/ssl_util_ssl.h
--- a/modules/ssl/ssl_util_ssl.h
+++ b/modules/ssl/ssl_util_ssl.h
@@ -64,8 +64,11 @@ @@ -64,8 +64,11 @@
void modssl_init_app_data2_idx(void); void modssl_init_app_data2_idx(void);
void *modssl_get_app_data2(SSL *); void *modssl_get_app_data2(SSL *);

2
httpd.spec
View File

@ -235,7 +235,7 @@ interface for storing and accessing per-user session data.
%patch30 -p1 -b .cachehardmax %patch30 -p1 -b .cachehardmax
#patch31 -p1 -b .sslmultiproxy #patch31 -p1 -b .sslmultiproxy
%patch34 -p1 -b .socketactivation %patch34 -p1 -b .socketactivation
#%patch36 -p1 -b .r1830819+ %patch36 -p1 -b .r1830819+
%patch38 -p1 -b .sslciphdefault %patch38 -p1 -b .sslciphdefault
%patch39 -p1 -b .sslprotdefault %patch39 -p1 -b .sslprotdefault