after support for non-OpenSSL toolkits has been dropped.
Replace macros by their value proper where feasible, and keep
those definitions in ssl_private.h which depend on specific
OpenSSL versions.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1154687 13f79535-47bb-0310-9956-ffa450edef68
up stdlib.h.
* modules/ssl/ssl_engine_pphrase.c (ssl_pphrase_Handle),
modules/ssl/ssl_engine_vars.c: Stop pretending mod_ssl has a version
independent of the rest of the server.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1082202 13f79535-47bb-0310-9956-ffa450edef68
to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and
escape other special characters with backslashes. The old format can
still be used with the LegacyDNStringFormat argument to SSLOptions.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1054323 13f79535-47bb-0310-9956-ffa450edef68
the new parser. Rework ap_expr's public interface and provide hooks for modules
to add variables and functions.
The Netware and Windows build files still need to be adjusted
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1032073 13f79535-47bb-0310-9956-ffa450edef68
PeerExtList(); parse the value as a string primitive, or else fail,
rather than rendering the raw DER blob as a string regardless of the
type:
* modules/ssl/ssl_engine_vars.c: (dump_extn_value): New function.
(ssl_ext_list): Use it; tweak error message and free the OID object
(thanks to drh for spotting this last issue way back).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@946240 13f79535-47bb-0310-9956-ffa450edef68
SSL_SECURE_RENEG variable to indicate support for secure reneg.
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup_vars): Export
SSL_SECURE_RENEG in the default set of variable.s
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@906057 13f79535-47bb-0310-9956-ffa450edef68
the _UID variable to NID_userId, where defined by OpenSSL.
PR: 45107
Submitted by: Michael Ströder <michael stroeder.com>,
Peter Sylvester <peter.sylvester edelweb.fr>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@787683 13f79535-47bb-0310-9956-ffa450edef68
and the functions that manipulate it. Make httpd trunk compile against OpenSSL HEAD
as well as OpenSSL 0.9.8j. Also, get rid of some warnings.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@748396 13f79535-47bb-0310-9956-ffa450edef68
DNs with duplicate tags:
* modules/ssl/ssl_engine_vars.c:
Augment the ssl_var_lookup_ssl_cert_dn_rec table with a flag
to indicate whether RDNs of the given NID should be extracted
to the environment.
(extract_dn, modssl_var_extract_dns): New functions.
* modules/ssl/ssl_private.h (modssl_var_extract_dns): Add prototype.
* modules/ssl/ssl_engine_kernel.c: Remove SSL_*_DN_ from the list
of variables to insert into the environment.
(ssl_hook_Fixup): Use modssl_var_extract_dns to insert the
SSL_*_DN_ variables efficiently and accurately, handling
certs with duplicate RDN tags correctly.
PR: 45875
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@724717 13f79535-47bb-0310-9956-ffa450edef68
argument; determine library version strings once at startup.
(ssl_var_lookup_ssl_version): Drop 'pp' argument; use new global
variables rather than modifying process-global state in a function
which must be thread-safe. (all callers changed)
* modules/ssl/mod_ssl.c (ssl_register_hooks): Pass pool to
ssl_var_register.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@591384 13f79535-47bb-0310-9956-ffa450edef68
*) simplify a ton of overly-verbose legacy code
*) split the compiled-against v.s. runtime library
*) precache the results of the version string touchup
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@520701 13f79535-47bb-0310-9956-ffa450edef68
ap_get_server_description().
High-level summary:
The full server version information is now included in the error log at
startup as well as server status reports, irrespective of the setting
of the ServerTokens directive.
Third-party modules must now use ap_get_server_banner() or
ap_get_server_description() in place of ap_get_server_version().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@440337 13f79535-47bb-0310-9956-ffa450edef68
- change ssl_expr_eval_oid to use ssl_ext_list
This change provides for a singfle function that provides an array of all
values from a certificate that match a given extension and removes the
duplictaed code that was present.
Reviewed by: Joe Orton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@289444 13f79535-47bb-0310-9956-ffa450edef68
Bumped mmn, and ap module cookie, for this function rename.
It's not a deprecation, as ap_http_method would be a lovely function
name sometime in the future: to determine what the function name implies.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@123882 13f79535-47bb-0310-9956-ffa450edef68
function. (ssl_var_lookup_ssl_cert): Support _V_REMAIN suffix for
SSL_{SERVER,CLIENT} as number of days until certificate expires.
* modules/ssl_engine_kernel.c: Export SSL_CLIENT_V_REMAIN if
+StdEnvVars is configured.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104700 13f79535-47bb-0310-9956-ffa450edef68
drop a bunch of casts; use apr_table_get directly in place of
ssl_var_lookup_header.
(ssl_var_lookup_header): Remove function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102854 13f79535-47bb-0310-9956-ffa450edef68
lookup of SSL_* variables (the common case) requires 2 rather than 29
strcasecmp calls before getting to ssl_var_lookup_ssl().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102851 13f79535-47bb-0310-9956-ffa450edef68
