Update PKCS#11 patch.

httpd-2.4.38-r1830819+.patch

@@ -11,9 +11,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
 
 diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
 index d276fea..5467d23 100644
---- a/modules/ssl/ssl_engine_config.c
-+++ b/modules/ssl/ssl_engine_config.c
-@@ -919,7 +919,9 @@ const char *ssl_cmd_SSLCertificateFile(cmd_parms *cmd,
+--- httpd-2.4.38/modules/ssl/ssl_engine_config.c.r1830819+
++++ httpd-2.4.38/modules/ssl/ssl_engine_config.c
+@@ -916,7 +916,9 @@
      SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
      const char *err;
  
@@ -24,7 +24,7 @@ index d276fea..5467d23 100644
          return err;
      }
  
-@@ -935,7 +937,9 @@ const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd,
+@@ -932,7 +934,9 @@
      SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
      const char *err;
  
@@ -35,11 +35,9 @@ index d276fea..5467d23 100644
          return err;
      }
  
-diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
-index 8ba3486..e1b0844 100644
---- a/modules/ssl/ssl_engine_init.c
-+++ b/modules/ssl/ssl_engine_init.c
-@@ -1264,12 +1264,18 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
+--- httpd-2.4.38/modules/ssl/ssl_engine_init.c.r1830819+
++++ httpd-2.4.38/modules/ssl/ssl_engine_init.c
+@@ -1228,12 +1228,18 @@
                  (certfile = APR_ARRAY_IDX(mctx->pks->cert_files, i,
                                            const char *));
           i++) {
@@ -59,7 +57,7 @@ index 8ba3486..e1b0844 100644
              if ((SSL_CTX_use_certificate_file(mctx->ssl_ctx, certfile,
                                                SSL_FILETYPE_PEM) < 1)) {
                  ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02561)
-@@ -1298,12 +1304,46 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
+@@ -1262,12 +1268,46 @@
  
          ERR_clear_error();
  
@@ -111,7 +109,7 @@ index 8ba3486..e1b0844 100644
              const unsigned char *ptr;
  
              ERR_clear_error();
-@@ -1390,8 +1430,9 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
+@@ -1354,8 +1394,9 @@
      /*
       * Try to read DH parameters from the (first) SSLCertificateFile
       */
@@ -123,7 +121,7 @@ index 8ba3486..e1b0844 100644
          SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams);
          ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
                       "Custom DH parameters (%d bits) for %s loaded from %s",
-@@ -1403,10 +1444,10 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
+@@ -1367,10 +1408,10 @@
      /*
       * Similarly, try to read the ECDH curve name from SSLCertificateFile...
       */
@@ -138,11 +136,9 @@ index 8ba3486..e1b0844 100644
          SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
          ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541)
                       "ECDH curve %s for %s specified in %s",
-diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
-index 8c29443..d5d33f7 100644
---- a/modules/ssl/ssl_engine_pphrase.c
-+++ b/modules/ssl/ssl_engine_pphrase.c
-@@ -143,8 +143,6 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
+--- httpd-2.4.38/modules/ssl/ssl_engine_pphrase.c.r1830819+
++++ httpd-2.4.38/modules/ssl/ssl_engine_pphrase.c
+@@ -143,8 +143,6 @@
      const char *key_id = asn1_table_vhost_key(mc, p, sc->vhost_id, idx);
      EVP_PKEY *pPrivateKey = NULL;
      ssl_asn1_t *asn1;
@@ -151,7 +147,16 @@ index 8c29443..d5d33f7 100644
      int nPassPhrase = (*pphrases)->nelts;
      int nPassPhraseRetry = 0;
      apr_time_t pkey_mtime = 0;
-@@ -351,19 +349,12 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
+@@ -221,7 +219,7 @@
+          * is not empty. */
+         ERR_clear_error();
+ 
+-        pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file, NULL,
++        pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file,
+                                              ssl_pphrase_Handle_CB, &ppcb_arg);
+         /* If the private key was successfully read, nothing more to
+            do here. */
+@@ -351,19 +349,12 @@
          nPassPhrase++;
      }
  
@@ -174,7 +179,7 @@ index 8c29443..d5d33f7 100644
          asn1->source_mtime = pkey_mtime;
      }
  
-@@ -614,3 +605,288 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
+@@ -614,3 +605,288 @@
       */
      return (len);
  }
@@ -463,11 +468,9 @@ index 8c29443..d5d33f7 100644
 +    return APR_SUCCESS;
 +}
 +#endif
-diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
-index f46814d..1fdde13 100644
---- a/modules/ssl/ssl_private.h
-+++ b/modules/ssl/ssl_private.h
-@@ -1002,21 +1002,28 @@ BOOL         ssl_util_vhost_matches(const char *servername, server_rec *s);
+--- httpd-2.4.38/modules/ssl/ssl_private.h.r1830819+
++++ httpd-2.4.38/modules/ssl/ssl_private.h
+@@ -1002,21 +1002,28 @@
  apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int,
                                       const char *, apr_array_header_t **);
  
@@ -505,7 +508,7 @@ index f46814d..1fdde13 100644
  
  /**  Mutex Support  */
  int          ssl_mutex_init(server_rec *, apr_pool_t *);
-@@ -1109,6 +1116,10 @@ int modssl_request_is_tls(const request_rec *r, SSLConnRec **sslconn);
+@@ -1109,6 +1116,10 @@
  int ssl_is_challenge(conn_rec *c, const char *servername, 
                       X509 **pcert, EVP_PKEY **pkey);
  
@@ -516,11 +519,9 @@ index f46814d..1fdde13 100644
  #endif /* SSL_PRIVATE_H */
  /** @} */
  
-diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c
-index 0d23465..223b385 100644
---- a/modules/ssl/ssl_util.c
-+++ b/modules/ssl/ssl_util.c
-@@ -192,45 +192,37 @@ BOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p)
+--- httpd-2.4.38/modules/ssl/ssl_util.c.r1830819+
++++ httpd-2.4.38/modules/ssl/ssl_util.c
+@@ -192,45 +192,37 @@
      return TRUE;
  }
  
@@ -582,7 +583,7 @@ index 0d23465..223b385 100644
  }
  
  ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
-@@ -480,3 +472,13 @@ void ssl_util_thread_id_setup(apr_pool_t *p)
+@@ -480,3 +472,13 @@
  }
  
  #endif /* #if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API */
@@ -596,11 +597,9 @@ index 0d23465..223b385 100644
 +    return 0;
 +#endif
 +}
-diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
-index b7f0eca..4fa089b 100644
---- a/modules/ssl/ssl_util_ssl.c
-+++ b/modules/ssl/ssl_util_ssl.c
-@@ -74,7 +74,7 @@ void modssl_set_app_data2(SSL *ssl, void *arg)
+--- httpd-2.4.38/modules/ssl/ssl_util_ssl.c.r1830819+
++++ httpd-2.4.38/modules/ssl/ssl_util_ssl.c
+@@ -74,7 +74,7 @@
  **  _________________________________________________________________
  */
  
@@ -609,7 +608,7 @@ index b7f0eca..4fa089b 100644
  {
      EVP_PKEY *rc;
      BIO *bioS;
-@@ -83,7 +83,7 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw
+@@ -83,7 +83,7 @@
      /* 1. try PEM (= DER+Base64+headers) */
      if ((bioS=BIO_new_file(filename, "r")) == NULL)
          return NULL;
@@ -618,7 +617,7 @@ index b7f0eca..4fa089b 100644
      BIO_free(bioS);
  
      if (rc == NULL) {
-@@ -107,41 +107,9 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw
+@@ -107,41 +107,9 @@
              BIO_free(bioS);
          }
      }
@@ -660,10 +659,8 @@ index b7f0eca..4fa089b 100644
  /*  _________________________________________________________________
  **
  **  Smart shutdown
-diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h
-index c67dacf..d6307d9 100644
---- a/modules/ssl/ssl_util_ssl.h
-+++ b/modules/ssl/ssl_util_ssl.h
+--- httpd-2.4.38/modules/ssl/ssl_util_ssl.h.r1830819+
++++ httpd-2.4.38/modules/ssl/ssl_util_ssl.h
 @@ -64,8 +64,11 @@
  void        modssl_init_app_data2_idx(void);
  void       *modssl_get_app_data2(SSL *);

httpd.spec

@@ -235,7 +235,7 @@ interface for storing and accessing per-user session data.
 %patch30 -p1 -b .cachehardmax
 #patch31 -p1 -b .sslmultiproxy
 %patch34 -p1 -b .socketactivation
-#%patch36 -p1 -b .r1830819+
+%patch36 -p1 -b .r1830819+
 %patch38 -p1 -b .sslciphdefault
 %patch39 -p1 -b .sslprotdefault