www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

Forward port of changes in mod_ssl for Apache 1.3 up through mod_ssl

Browse Source 
version 2.8.7-1.3.23.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93564 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Cliff Woolley
2002-02-25 04:23:03 +00:00
parent 03001bc176
commit 0f45e62dcd
9 changed files with 55 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -1,4 +1,8 @@
Changes with Apache 2.0.33-dev Changes with Apache 2.0.33-dev
*) Merged in changes to mod_ssl up through 2.8.7-1.3.23.
[Ralf S. Engelschall, Cliff Woolley]
*) mod-include: make it handle flush'es and fix the 'false-alarm' *) mod-include: make it handle flush'es and fix the 'false-alarm'
[Justin Everkrantz, Brian Pane, Ian Holsman] [Justin Everkrantz, Brian Pane, Ian Holsman]

5
modules/ssl/mod_ssl.h
View File

@@ -513,6 +513,7 @@ typedef struct {
char *szMutexFile; char *szMutexFile;
apr_lock_t *pMutex; apr_lock_t *pMutex;
apr_array_header_t *aRandSeed; apr_array_header_t *aRandSeed;
int nScoreboardSize; /* used for builtin random seed */
ssl_ds_table *tTmpKeys; ssl_ds_table *tTmpKeys;
void *pTmpKeys[SSL_TKPIDX_MAX]; void *pTmpKeys[SSL_TKPIDX_MAX];
ssl_ds_table *tPublicCert; ssl_ds_table *tPublicCert;
@@ -675,7 +676,11 @@ int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, server_rec *);
int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *); int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *); SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *); void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
#if SSL_LIBRARY_VERSION >= 0x00907000
void ssl_callback_LogTracingState(const SSL *, int, int);
#else
void ssl_callback_LogTracingState(SSL *, int, int); void ssl_callback_LogTracingState(SSL *, int, int);
#endif
/* Session Cache Support */ /* Session Cache Support */
void ssl_scache_init(server_rec *, apr_pool_t *); void ssl_scache_init(server_rec *, apr_pool_t *);

4
modules/ssl/ssl_engine_dh.c
View File

@@ -225,10 +225,10 @@ $dhinfo = "\n\/\*\n$dhinfo\*\/\n\n";
# generate C source from DH params # generate C source from DH params
my $dhsource = ''; my $dhsource = '';
open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand -8 |") || die; open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand |") || die;
$dhsource .= $_ while (<FP>); $dhsource .= $_ while (<FP>);
close(FP); close(FP);
open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand -8 |") || die; open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand |") || die;
$dhsource .= $_ while (<FP>); $dhsource .= $_ while (<FP>);
close(FP); close(FP);
$dhsource =~ s|(DH\s+\*get_dh)|static $1|sg; $dhsource =~ s|(DH\s+\*get_dh)|static $1|sg;

7
modules/ssl/ssl_engine_init.c
View File

@@ -221,7 +221,11 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
/* /*
* Seed the Pseudo Random Number Generator (PRNG) * Seed the Pseudo Random Number Generator (PRNG)
*
* Note: scoreboard size must be fetched at init time because
* ap_calc_scoreboard_size() is not threadsafe
*/ */
mc->nScoreboardSize = ap_calc_scoreboard_size();
ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: "); ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
/* /*
@@ -713,7 +717,8 @@ void ssl_init_ConfigureServer(server_rec *s, apr_pool_t *p, SSLSrvConfigRec *sc)
} }
if (SSL_X509_getCN(p, sc->pPublicCert[i], &cp)) { if (SSL_X509_getCN(p, sc->pPublicCert[i], &cp)) {
if (apr_is_fnmatch(cp) && if (apr_is_fnmatch(cp) &&
!apr_fnmatch(cp, s->server_hostname, FNM_PERIOD|FNM_CASE_BLIND)) { apr_fnmatch(cp, s->server_hostname,
FNM_PERIOD|FNM_CASE_BLIND) == FNM_NOMATCH) {
ssl_log(s, SSL_LOG_WARN, ssl_log(s, SSL_LOG_WARN,
"Init: (%s) %s server certificate wildcard CommonName (CN) `%s' " "Init: (%s) %s server certificate wildcard CommonName (CN) `%s' "
"does NOT match server name!?", cpVHostID, "does NOT match server name!?", cpVHostID,

6
modules/ssl/ssl_engine_kernel.c
View File

@@ -1587,7 +1587,11 @@ void ssl_callback_DelSessionCacheEntry(
* SSL handshake and does SSL record layer stuff. We use it to * SSL handshake and does SSL record layer stuff. We use it to
* trace OpenSSL's processing in out SSL logfile. * trace OpenSSL's processing in out SSL logfile.
*/ */
#if SSL_LIBRARY_VERSION >= 0x00907000
void ssl_callback_LogTracingState(const SSL *ssl, int where, int rc)
#else
void ssl_callback_LogTracingState(SSL *ssl, int where, int rc) void ssl_callback_LogTracingState(SSL *ssl, int where, int rc)
#endif
{ {
conn_rec *c; conn_rec *c;
server_rec *s; server_rec *s;
@@ -1597,7 +1601,7 @@ void ssl_callback_LogTracingState(SSL *ssl, int where, int rc)
/* /*
* find corresponding server * find corresponding server
*/ */
if ((c = (conn_rec *)SSL_get_app_data(ssl)) == NULL) if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL)
return; return;
s = c->base_server; s = c->base_server;
if ((sc = mySrvConfig(s)) == NULL) if ((sc = mySrvConfig(s)) == NULL)

20
modules/ssl/ssl_engine_rand.c
View File

@@ -81,6 +81,7 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix)
int nReq, nDone; int nReq, nDone;
apr_file_t *fp; apr_file_t *fp;
int i, n, l; int i, n, l;
int m;
mc = myModConfig(s); mc = myModConfig(s);
nReq = 0; nReq = 0;
@@ -154,18 +155,21 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix)
RAND_seed(stackdata+n, 128); RAND_seed(stackdata+n, 128);
nDone += 128; nDone += 128;
#if XXX_SBENTROPY_SOLVED
/* /*
* XXX: This is entirely borked, sizeof(scoreboard) < 1024 * seed in data extracted from the current scoreboard
* *
* seed in an 1KB extract of the current scoreboard * XXX: this assumes that the entire scoreboard is
* allocated in one big block of memory that begins at
* the location pointed to by ap_scoreboard_image->global
*/ */
if (ap_scoreboard_image != NULL) { if (ap_scoreboard_image != NULL && mc->nScoreboardSize > 16)
n = ssl_rand_choosenum(0,ap_calc_scoreboard_size()-1024-1); {
RAND_seed(((unsigned char *)ap_scoreboard_image)+n, 1024); m = ((mc->nScoreboardSize / 2) - 1);
nDone += 1024; n = ssl_rand_choosenum(0, m);
RAND_seed(
((unsigned char *)ap_scoreboard_image->global)+n, m);
nDone += m;
} }
#endif
} }
} }
} }

4
modules/ssl/ssl_scache_dbm.c
View File

@@ -142,8 +142,10 @@ BOOL ssl_scache_dbm_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SS
UCHAR *ucp; UCHAR *ucp;
/* streamline session data */ /* streamline session data */
if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
return FALSE;
ucp = ucaData; ucp = ucaData;
nData = i2d_SSL_SESSION(sess, &ucp); i2d_SSL_SESSION(sess, &ucp);
/* be careful: do not try to store too much bytes in a DBM file! */ /* be careful: do not try to store too much bytes in a DBM file! */
#ifdef PAIRMAX #ifdef PAIRMAX

28
modules/ssl/ssl_scache_shmcb.c
View File

@@ -183,9 +183,9 @@ typedef struct {
unsigned int division_offset; unsigned int division_offset;
unsigned int division_size; unsigned int division_size;
unsigned int queue_size; unsigned int queue_size;
unsigned char index_num; unsigned int index_num;
unsigned char index_offset; unsigned int index_offset;
unsigned char index_size; unsigned int index_size;
unsigned int cache_data_offset; unsigned int cache_data_offset;
unsigned int cache_data_size; unsigned int cache_data_size;
unsigned long num_stores; unsigned long num_stores;
@@ -208,10 +208,10 @@ typedef struct {
unsigned int queue_size; unsigned int queue_size;
unsigned int cache_data_offset; unsigned int cache_data_offset;
unsigned int cache_data_size; unsigned int cache_data_size;
unsigned int index_num;
unsigned int index_offset;
unsigned int index_size;
unsigned char division_mask; unsigned char division_mask;
unsigned char index_num;
unsigned char index_offset;
unsigned char index_size;
#endif #endif
} SHMCBHeader; } SHMCBHeader;
@@ -456,7 +456,7 @@ void ssl_scache_shmcb_kill(server_rec *s)
return; return;
} }
BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR * id, int idlen, BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen,
time_t timeout, SSL_SESSION * pSession) time_t timeout, SSL_SESSION * pSession)
{ {
SSLModConfigRec *mc = myModConfig(); SSLModConfigRec *mc = myModConfig();
@@ -478,7 +478,7 @@ BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR * id, int idlen,
return to_return; return to_return;
} }
SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR * id, int idlen) SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR *id, int idlen)
{ {
SSLModConfigRec *mc = myModConfig(); SSLModConfigRec *mc = myModConfig();
void *shm_segment; void *shm_segment;
@@ -499,14 +499,16 @@ SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR * id, int idlen)
return pSession; return pSession;
} }
void ssl_scache_shmcb_remove(server_rec *s, UCHAR * id, int idlen) void ssl_scache_shmcb_remove(server_rec *s, UCHAR *id, int idlen)
{ {
SSLModConfigRec *mc = myModConfig(); SSLModConfigRec *mc = myModConfig();
void *shm_segment; void *shm_segment;
/* We've kludged our pointer into the other cache's member variable. */ /* We've kludged our pointer into the other cache's member variable. */
shm_segment = (void *) mc->tSessionCacheDataTable; shm_segment = (void *) mc->tSessionCacheDataTable;
ssl_mutex_on(s);
shmcb_remove_session(s, shm_segment, id, idlen); shmcb_remove_session(s, shm_segment, id, idlen);
ssl_mutex_off(s);
} }
void ssl_scache_shmcb_expire(server_rec *s) void ssl_scache_shmcb_expire(server_rec *s)
@@ -705,7 +707,7 @@ static BOOL shmcb_init_memory(
} }
static BOOL shmcb_store_session( static BOOL shmcb_store_session(
server_rec *s, void *shm_segment, UCHAR * id, server_rec *s, void *shm_segment, UCHAR *id,
int idlen, SSL_SESSION * pSession, int idlen, SSL_SESSION * pSession,
time_t timeout) time_t timeout)
{ {
@@ -755,7 +757,7 @@ static BOOL shmcb_store_session(
static SSL_SESSION *shmcb_retrieve_session( static SSL_SESSION *shmcb_retrieve_session(
server_rec *s, void *shm_segment, server_rec *s, void *shm_segment,
UCHAR * id, int idlen) UCHAR *id, int idlen)
{ {
SHMCBHeader *header; SHMCBHeader *header;
SHMCBQueue queue; SHMCBQueue queue;
@@ -795,7 +797,7 @@ static SSL_SESSION *shmcb_retrieve_session(
static BOOL shmcb_remove_session( static BOOL shmcb_remove_session(
server_rec *s, void *shm_segment, server_rec *s, void *shm_segment,
UCHAR * id, int idlen) UCHAR *id, int idlen)
{ {
SHMCBHeader *header; SHMCBHeader *header;
SHMCBQueue queue; SHMCBQueue queue;
@@ -992,7 +994,7 @@ static SHMCBIndex *shmcb_get_index(
const SHMCBQueue *queue, unsigned int idx) const SHMCBQueue *queue, unsigned int idx)
{ {
/* bounds check */ /* bounds check */
if (idx > (unsigned int) queue->header->index_num) if (idx > queue->header->index_num)
return NULL; return NULL;
/* Return a pointer to the index. NB: I am being horribly pendantic /* Return a pointer to the index. NB: I am being horribly pendantic

4
modules/ssl/ssl_scache_shmht.c
View File

@@ -175,8 +175,10 @@ BOOL ssl_scache_shmht_store(server_rec *s, UCHAR *id, int idlen, time_t expiry,
UCHAR *ucp; UCHAR *ucp;
/* streamline session data */ /* streamline session data */
if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
return FALSE;
ucp = ucaData; ucp = ucaData;
nData = i2d_SSL_SESSION(sess, &ucp); i2d_SSL_SESSION(sess, &ucp);
ssl_mutex_on(s); ssl_mutex_on(s);
if (table_insert_kd(mc->tSessionCacheDataTable, if (table_insert_kd(mc->tSessionCacheDataTable,