Update PKCS#11 patch.
This commit is contained in:
parent
1810bd511f
commit
a18552330d
@ -11,9 +11,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242
|
||||
|
||||
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
|
||||
index d276fea..5467d23 100644
|
||||
--- a/modules/ssl/ssl_engine_config.c
|
||||
+++ b/modules/ssl/ssl_engine_config.c
|
||||
@@ -919,7 +919,9 @@ const char *ssl_cmd_SSLCertificateFile(cmd_parms *cmd,
|
||||
--- httpd-2.4.38/modules/ssl/ssl_engine_config.c.r1830819+
|
||||
+++ httpd-2.4.38/modules/ssl/ssl_engine_config.c
|
||||
@@ -916,7 +916,9 @@
|
||||
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
|
||||
const char *err;
|
||||
|
||||
@ -24,7 +24,7 @@ index d276fea..5467d23 100644
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -935,7 +937,9 @@ const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd,
|
||||
@@ -932,7 +934,9 @@
|
||||
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
|
||||
const char *err;
|
||||
|
||||
@ -35,11 +35,9 @@ index d276fea..5467d23 100644
|
||||
return err;
|
||||
}
|
||||
|
||||
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
|
||||
index 8ba3486..e1b0844 100644
|
||||
--- a/modules/ssl/ssl_engine_init.c
|
||||
+++ b/modules/ssl/ssl_engine_init.c
|
||||
@@ -1264,12 +1264,18 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
|
||||
--- httpd-2.4.38/modules/ssl/ssl_engine_init.c.r1830819+
|
||||
+++ httpd-2.4.38/modules/ssl/ssl_engine_init.c
|
||||
@@ -1228,12 +1228,18 @@
|
||||
(certfile = APR_ARRAY_IDX(mctx->pks->cert_files, i,
|
||||
const char *));
|
||||
i++) {
|
||||
@ -59,7 +57,7 @@ index 8ba3486..e1b0844 100644
|
||||
if ((SSL_CTX_use_certificate_file(mctx->ssl_ctx, certfile,
|
||||
SSL_FILETYPE_PEM) < 1)) {
|
||||
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02561)
|
||||
@@ -1298,12 +1304,46 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
|
||||
@@ -1262,12 +1268,46 @@
|
||||
|
||||
ERR_clear_error();
|
||||
|
||||
@ -111,7 +109,7 @@ index 8ba3486..e1b0844 100644
|
||||
const unsigned char *ptr;
|
||||
|
||||
ERR_clear_error();
|
||||
@@ -1390,8 +1430,9 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
|
||||
@@ -1354,8 +1394,9 @@
|
||||
/*
|
||||
* Try to read DH parameters from the (first) SSLCertificateFile
|
||||
*/
|
||||
@ -123,7 +121,7 @@ index 8ba3486..e1b0844 100644
|
||||
SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams);
|
||||
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540)
|
||||
"Custom DH parameters (%d bits) for %s loaded from %s",
|
||||
@@ -1403,10 +1444,10 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
|
||||
@@ -1367,10 +1408,10 @@
|
||||
/*
|
||||
* Similarly, try to read the ECDH curve name from SSLCertificateFile...
|
||||
*/
|
||||
@ -138,11 +136,9 @@ index 8ba3486..e1b0844 100644
|
||||
SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
|
||||
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541)
|
||||
"ECDH curve %s for %s specified in %s",
|
||||
diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
|
||||
index 8c29443..d5d33f7 100644
|
||||
--- a/modules/ssl/ssl_engine_pphrase.c
|
||||
+++ b/modules/ssl/ssl_engine_pphrase.c
|
||||
@@ -143,8 +143,6 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
|
||||
--- httpd-2.4.38/modules/ssl/ssl_engine_pphrase.c.r1830819+
|
||||
+++ httpd-2.4.38/modules/ssl/ssl_engine_pphrase.c
|
||||
@@ -143,8 +143,6 @@
|
||||
const char *key_id = asn1_table_vhost_key(mc, p, sc->vhost_id, idx);
|
||||
EVP_PKEY *pPrivateKey = NULL;
|
||||
ssl_asn1_t *asn1;
|
||||
@ -151,7 +147,16 @@ index 8c29443..d5d33f7 100644
|
||||
int nPassPhrase = (*pphrases)->nelts;
|
||||
int nPassPhraseRetry = 0;
|
||||
apr_time_t pkey_mtime = 0;
|
||||
@@ -351,19 +349,12 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx,
|
||||
@@ -221,7 +219,7 @@
|
||||
* is not empty. */
|
||||
ERR_clear_error();
|
||||
|
||||
- pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file, NULL,
|
||||
+ pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file,
|
||||
ssl_pphrase_Handle_CB, &ppcb_arg);
|
||||
/* If the private key was successfully read, nothing more to
|
||||
do here. */
|
||||
@@ -351,19 +349,12 @@
|
||||
nPassPhrase++;
|
||||
}
|
||||
|
||||
@ -174,7 +179,7 @@ index 8c29443..d5d33f7 100644
|
||||
asn1->source_mtime = pkey_mtime;
|
||||
}
|
||||
|
||||
@@ -614,3 +605,288 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
|
||||
@@ -614,3 +605,288 @@
|
||||
*/
|
||||
return (len);
|
||||
}
|
||||
@ -463,11 +468,9 @@ index 8c29443..d5d33f7 100644
|
||||
+ return APR_SUCCESS;
|
||||
+}
|
||||
+#endif
|
||||
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
|
||||
index f46814d..1fdde13 100644
|
||||
--- a/modules/ssl/ssl_private.h
|
||||
+++ b/modules/ssl/ssl_private.h
|
||||
@@ -1002,21 +1002,28 @@ BOOL ssl_util_vhost_matches(const char *servername, server_rec *s);
|
||||
--- httpd-2.4.38/modules/ssl/ssl_private.h.r1830819+
|
||||
+++ httpd-2.4.38/modules/ssl/ssl_private.h
|
||||
@@ -1002,21 +1002,28 @@
|
||||
apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int,
|
||||
const char *, apr_array_header_t **);
|
||||
|
||||
@ -505,7 +508,7 @@ index f46814d..1fdde13 100644
|
||||
|
||||
/** Mutex Support */
|
||||
int ssl_mutex_init(server_rec *, apr_pool_t *);
|
||||
@@ -1109,6 +1116,10 @@ int modssl_request_is_tls(const request_rec *r, SSLConnRec **sslconn);
|
||||
@@ -1109,6 +1116,10 @@
|
||||
int ssl_is_challenge(conn_rec *c, const char *servername,
|
||||
X509 **pcert, EVP_PKEY **pkey);
|
||||
|
||||
@ -516,11 +519,9 @@ index f46814d..1fdde13 100644
|
||||
#endif /* SSL_PRIVATE_H */
|
||||
/** @} */
|
||||
|
||||
diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c
|
||||
index 0d23465..223b385 100644
|
||||
--- a/modules/ssl/ssl_util.c
|
||||
+++ b/modules/ssl/ssl_util.c
|
||||
@@ -192,45 +192,37 @@ BOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p)
|
||||
--- httpd-2.4.38/modules/ssl/ssl_util.c.r1830819+
|
||||
+++ httpd-2.4.38/modules/ssl/ssl_util.c
|
||||
@@ -192,45 +192,37 @@
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@ -582,7 +583,7 @@ index 0d23465..223b385 100644
|
||||
}
|
||||
|
||||
ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table,
|
||||
@@ -480,3 +472,13 @@ void ssl_util_thread_id_setup(apr_pool_t *p)
|
||||
@@ -480,3 +472,13 @@
|
||||
}
|
||||
|
||||
#endif /* #if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API */
|
||||
@ -596,11 +597,9 @@ index 0d23465..223b385 100644
|
||||
+ return 0;
|
||||
+#endif
|
||||
+}
|
||||
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
|
||||
index b7f0eca..4fa089b 100644
|
||||
--- a/modules/ssl/ssl_util_ssl.c
|
||||
+++ b/modules/ssl/ssl_util_ssl.c
|
||||
@@ -74,7 +74,7 @@ void modssl_set_app_data2(SSL *ssl, void *arg)
|
||||
--- httpd-2.4.38/modules/ssl/ssl_util_ssl.c.r1830819+
|
||||
+++ httpd-2.4.38/modules/ssl/ssl_util_ssl.c
|
||||
@@ -74,7 +74,7 @@
|
||||
** _________________________________________________________________
|
||||
*/
|
||||
|
||||
@ -609,7 +608,7 @@ index b7f0eca..4fa089b 100644
|
||||
{
|
||||
EVP_PKEY *rc;
|
||||
BIO *bioS;
|
||||
@@ -83,7 +83,7 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw
|
||||
@@ -83,7 +83,7 @@
|
||||
/* 1. try PEM (= DER+Base64+headers) */
|
||||
if ((bioS=BIO_new_file(filename, "r")) == NULL)
|
||||
return NULL;
|
||||
@ -618,7 +617,7 @@ index b7f0eca..4fa089b 100644
|
||||
BIO_free(bioS);
|
||||
|
||||
if (rc == NULL) {
|
||||
@@ -107,41 +107,9 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw
|
||||
@@ -107,41 +107,9 @@
|
||||
BIO_free(bioS);
|
||||
}
|
||||
}
|
||||
@ -660,10 +659,8 @@ index b7f0eca..4fa089b 100644
|
||||
/* _________________________________________________________________
|
||||
**
|
||||
** Smart shutdown
|
||||
diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h
|
||||
index c67dacf..d6307d9 100644
|
||||
--- a/modules/ssl/ssl_util_ssl.h
|
||||
+++ b/modules/ssl/ssl_util_ssl.h
|
||||
--- httpd-2.4.38/modules/ssl/ssl_util_ssl.h.r1830819+
|
||||
+++ httpd-2.4.38/modules/ssl/ssl_util_ssl.h
|
||||
@@ -64,8 +64,11 @@
|
||||
void modssl_init_app_data2_idx(void);
|
||||
void *modssl_get_app_data2(SSL *);
|
||||
|
@ -235,7 +235,7 @@ interface for storing and accessing per-user session data.
|
||||
%patch30 -p1 -b .cachehardmax
|
||||
#patch31 -p1 -b .sslmultiproxy
|
||||
%patch34 -p1 -b .socketactivation
|
||||
#%patch36 -p1 -b .r1830819+
|
||||
%patch36 -p1 -b .r1830819+
|
||||
%patch38 -p1 -b .sslciphdefault
|
||||
%patch39 -p1 -b .sslprotdefault
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user