as the 1.x based module does, since the function is not thread-safe.
a patch has been submitted to OpenSSL to support SSL_set_cert_store
which is thread safe. this feature is enabled by default in the
current 1.x based module, we only enable it if the SSL_set_cert_store
function is available.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94179 13f79535-47bb-0310-9956-ffa450edef68
a per-server and per-dir context were configuring the per-dir context
for per-server commands. this triggered ssl_hook_Access to always
compare the per-server context against per-dir configs that were
exactly the same.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94176 13f79535-47bb-0310-9956-ffa450edef68
are generated and destroyed on every restart.
so get rid of SSLModConfigRec.tTmpKeys table and mess that was
managing it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93881 13f79535-47bb-0310-9956-ffa450edef68
function, which can also be used for SSLProxyVerify directive.
dropping support for undocumented integer form of levels (0..3)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93870 13f79535-47bb-0310-9956-ffa450edef68
were allocated using apr_palloc out of s->process->pool and pushed
into an apr_array_header_t.
solve the problem by moving from apr_array_header_t's to an apr_hash_t.
also add ssl_asn1_table_{set,unset} wrappers to use malloc/free so we
do not "leak" from s->process->pool.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93612 13f79535-47bb-0310-9956-ffa450edef68
This is the directive handling commit only, the mechanics patch will
follow. PassPhraseDialog "|/path/to/pipe" will use the bidirectional
pipe to have a 'conversation', along the lines of the tty dialog with
PassPhraseDialog 'builtin'. This is entirely different than the 'exec'
method, which simply runs once for each passphrase, and doesn't allow
for failure/retries, and certainly doesn't offer any sensible 'dialog'.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93606 13f79535-47bb-0310-9956-ffa450edef68
than hack to only read passphrase on 1st round startup. this change:
- fixes current segv on restarts (SHARED_MODULE is not defined)
- allows LoadModule ssl_module to be added to httpd.conf on restart
(was core dumping previously)
- allows certs/keys to be changed on restart provided key is not
encrypted or SSLPassPhraseDialog is exec. if key is encrypted and
SSLPassPhraseDialog is builtin, existing private keys will be reused
on restart (which happens currently for any type of key/dialog).
note: mod_ssl currently leaks on restart; leaks more with this change.
fixes to come.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93585 13f79535-47bb-0310-9956-ffa450edef68
go back to using s->process->pool userdata, but just to store the
global module config during startup so we only create _one_ SSLModConfigRec.
(didn't realize this function was called in both ssl_init_Module and
ssl_config_server_create)
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92235 13f79535-47bb-0310-9956-ffa450edef68
in the gprof profile. there's no need for the "global" SSLModConfigRec
to live in the s->process->pool userdata table. we now just point the
SSLSrvConfigRec in each server_rec.module_config to the SSLModConfigRec
so we can access it directly which is much faster.
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92234 13f79535-47bb-0310-9956-ffa450edef68
request time by calling it at startup time and saving the value in the
SSLSrvConfigRec.
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92215 13f79535-47bb-0310-9956-ffa450edef68
latest patches from Madhusudan which makes mod_ssl 95% working inside
Apache 2.0. There is still a lot of more work (both porting and cleanup)
to do be done. See modules/ssl/README for details.
Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89618 13f79535-47bb-0310-9956-ffa450edef68
later for this or we don't do it at all. But we certainly no longer want
to see any platform specific things inside a module.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89018 13f79535-47bb-0310-9956-ffa450edef68
incompatible at many places to Apache 1.3 we also don't want this stuff
anymore. Apache 2.0's mod_ssl will be mostly compatibile with Apache
1.3's mod_ssl, of course. But we really no longer want to be compatible
to Sioux and other obsolete SSL things...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89012 13f79535-47bb-0310-9956-ffa450edef68
If we want this later again, we have to do it differently anyway. So,
for now we try to strip down mod_ssl as heavy as possible and hence we
kick out this stuff at all.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89010 13f79535-47bb-0310-9956-ffa450edef68
