www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

enable support for ECC keys and ECDH ciphers. Tested against

Browse Source 
OpenSSL 1.0.0b3.  [Vipul Gupta vipul.gupta sun.com, Sander Temme]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@834378 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Sander Temme
2009-11-10 07:55:13 +00:00
parent 953abd3453
commit b90aee19b9
8 changed files with 119 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
modules/ssl/ssl_engine_init.c
View File

@@ -356,7 +356,11 @@ static void ssl_init_server_check(server_rec *s,
* Check for problematic re-initializations
*/
if (mctx->pks->certs[SSL_AIDX_RSA] ||
mctx->pks->certs[SSL_AIDX_DSA])
mctx->pks->certs[SSL_AIDX_DSA]
#ifndef OPENSSL_NO_EC
|| mctx->pks->certs[SSL_AIDX_ECC]
#endif
)
{
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Illegal attempt to re-initialise SSL for server "
@@ -519,6 +523,9 @@ static void ssl_init_ctx_callbacks(server_rec *s,
SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH);
#ifndef OPENSSL_NO_EC
SSL_CTX_set_tmp_ecdh_callback(ctx,ssl_callback_TmpECDH);
#endif
SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
}
@@ -810,9 +817,16 @@ static int ssl_server_import_key(server_rec *s,
ssl_asn1_t *asn1;
MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;
const char *type = ssl_asn1_keystr(idx);
int pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
int pkey_type;
EVP_PKEY *pkey;
#ifndef OPENSSL_NO_EC
if (idx == SSL_AIDX_ECC)
pkey_type = EVP_PKEY_EC;
else
#endif /* SSL_LIBRARY_VERSION */
pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) {
return FALSE;
}
@@ -922,20 +936,34 @@ static void ssl_init_server_certs(server_rec *s,
apr_pool_t *ptemp,
modssl_ctx_t *mctx)
{
const char *rsa_id, *dsa_id;
const char *rsa_id, *dsa_id, *ecc_id;
const char *vhost_id = mctx->sc->vhost_id;
int i;
int have_rsa, have_dsa;
int have_rsa, have_dsa, have_ecc;
rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
#ifndef OPENSSL_NO_EC
ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC);
#endif
have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
#ifndef OPENSSL_NO_EC
have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC);
#endif
if (!(have_rsa || have_dsa)) {
if (!(have_rsa || have_dsa
#ifndef OPENSSL_NO_EC
|| have_ecc
#endif
)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
#ifndef OPENSSL_NO_EC
"Oops, no RSA, DSA or ECC server certificate found "
#else
"Oops, no RSA or DSA server certificate found "
#endif
"for '%s:%d'?!", s->server_hostname, s->port);
ssl_die();
}
@@ -946,10 +974,21 @@ static void ssl_init_server_certs(server_rec *s,
have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
#if SSL_LIBRARY_VERSION >= 0x00908000
have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC);
#endif
if (!(have_rsa || have_dsa)) {
if (!(have_rsa || have_dsa
#if SSL_LIBRARY_VERSION >= 0x00908000
|| have_ecc
#endif
)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
#if SSL_LIBRARY_VERSION >= 0x00908000
"Oops, no RSA, DSA or ECC server private key found?!");
#else
"Oops, no RSA or DSA server private key found?!");
#endif
ssl_die();
}
}