0569a2a622
moving protocol location
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94268 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 18:53:54 +00:00
1d76ab39ff
breakup SSLSrvConfigRec in preparation for proxy support:
...
+ modssl_pk_server_t - certs/keys for the server
+ modssl_pk_proxy_t - certs/keys for the proxy
+ modssl_auth_ctx_t - stuff related to authentication that can also
be per-dir, used by both server and proxy
+ modssl_ctx_t - context that can be used by both server and proxy
+ SSLSrvConfigRec - now contains original stuff specific to the
server config and modssl_ctx_t *server, *proxy
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94267 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 18:50:07 +00:00
e90c7fb27f
ripping out some proxy stuff that isn't currently in use and is going
...
to change anyhow.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94266 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 17:23:50 +00:00
388657af76
already added configure check for SSL_set_cert_store
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94265 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 17:16:41 +00:00
d5c395f0e7
de-hungarian-ize server config member names which are going to stay
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94264 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 17:11:12 +00:00
bb986b6b22
reorder a bit of the server config structure, moving items that are
...
going to stay there to the top.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94263 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 16:47:36 +00:00
249519625c
there is a heaping pile of:
...
ssl_log(s, flags, "Init: (%s) ...", sc->szVHostID)
add SSL_INIT flag to cut down some noise and end up with:
ssl_log(s, flags, "...")
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94247 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 00:34:13 +00:00
8bf48c5959
"new" is a c++ keyword; s/new/mrg/g in config merge functions
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94244 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:35:31 +00:00
f3e92e1cde
bringing back MOD_SSL_VERSION macro, define it to AP_SERVER_BASEVERSION
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94231 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 19:38:05 +00:00
b425a0f8c4
move prototype for modssl_session_get_time to ssl_util_ssl.h
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94226 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 18:20:37 +00:00
33922c86be
sslc 1.x does not have an x509v3.h
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94217 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 05:58:31 +00:00
1d2a39531c
moving OpenSSL+sslc compat foo to ssl_toolkit_compat.h
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94199 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 02:28:15 +00:00
5bfe936911
3rd arg of BIO callbacks in 'const char' in OpenSSL and 'char' in sslc,
...
make both happy.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94198 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 01:58:15 +00:00
ebe92b6f8b
add modssl_session_get_time() function to give mod_ssl what it needs
...
from SSL_SESSION_get_time() if using OpenSSL or sslc.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94195 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 01:28:20 +00:00
0fb13a8b4a
another step towards compatiblity with rsa sslc:
...
define the STACK_OF macro if not already defined.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94194 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 00:46:07 +00:00
d37bf62cd7
configure already checks OpenSSL version so dont bother here
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94193 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 00:32:07 +00:00
7c1521f253
per-dir SSLCACertificate{File,Path} cannot use SSL_CTX_set_cert_store
...
as the 1.x based module does, since the function is not thread-safe.
a patch has been submitted to OpenSSL to support SSL_set_cert_store
which is thread safe. this feature is enabled by default in the
current 1.x based module, we only enable it if the SSL_set_cert_store
function is available.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94179 13f79535-47bb-0310-9956-ffa450edef68
2002-03-26 16:57:49 +00:00
9303382216
constificationization of some char * config items
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94177 13f79535-47bb-0310-9956-ffa450edef68
2002-03-26 15:49:37 +00:00
3400f03621
the mod_ssl provided with Apache >= 2.0 no longer has an independent
...
version number
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94111 13f79535-47bb-0310-9956-ffa450edef68
2002-03-22 00:59:23 +00:00
05ae021cfd
Clear up a const warning, and recognize some arrays by changing the
...
variable names to the plural [rather than aszFoo, which I hope continues
to be cleaned up as folks have time.]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93982 13f79535-47bb-0310-9956-ffa450edef68
2002-03-17 17:32:24 +00:00
97b148c3b5
PR:
...
Obtained from:
Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com >
Reviewed by: dougm
implement SSLSessionCache shmht and shmcb based on apr_rmm and apr_shm
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93942 13f79535-47bb-0310-9956-ffa450edef68
2002-03-14 23:31:23 +00:00
845cbfd508
Update our copyright for this year.
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93918 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 20:48:07 +00:00
07965e685f
add ssl_asn1_keystr() util function that returns string representation
...
(RSA or DSA) of the key index.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93912 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 18:56:07 +00:00
cc09059d11
add ssl_asn1_table_keyfmt() function for clarity
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93909 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 18:42:05 +00:00
55294115e5
use ptemp in ssl_init_FindCAList() rather than creating a subpool.
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93895 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 04:59:19 +00:00
cc61103ca6
remove obsolete ssl_ds_{table,array} api
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93891 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 04:14:43 +00:00
d9d26c6b82
for the sake of readablity,
...
change: SSL_TKPIDX_{DH,RSA}{512,1024}
to: SSL_TMP_KEY_{DH,RSA}_{512,1024}
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93883 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 23:05:33 +00:00
52ff7b736e
split ssl_init_TmpKeysHandle function to init/free functions,
...
and make them static to ssl_engine_init.c
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93882 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:50:38 +00:00
15d581b6fe
it is not required that temporary keys survive restarts, since they
...
are generated and destroyed on every restart.
so get rid of SSLModConfigRec.tTmpKeys table and mess that was
managing it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93881 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:34:31 +00:00
bed8256dc1
remove version checks for using EGD
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93879 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:11:51 +00:00
47c4501000
we require OpenSSL 0.9.6+
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93877 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:07:12 +00:00
4e2c5954f9
making ssl_init_SSLLibrary() static
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93874 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 21:53:44 +00:00
2e7c1f17cc
add SSL_VERIFY_PEER_STRICT shortcut for often used flags
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93846 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 00:06:06 +00:00
e359ecfc06
remove unused ap_server_ctx member from SSLSrvConfigRec
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93785 13f79535-47bb-0310-9956-ffa450edef68
2002-03-08 00:03:50 +00:00
f702218cea
s/const void/const char/g in ssl_asn1_table api
...
pointed out by gstein
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93653 13f79535-47bb-0310-9956-ffa450edef68
2002-03-01 05:24:06 +00:00
8097066e90
Consensus is that we should not use the scoreboard as a source of entropy.
...
Reviewed by: OtherBill, Justin, Madhu
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93652 13f79535-47bb-0310-9956-ffa450edef68
2002-03-01 04:35:17 +00:00
0d2e1d0893
reuse vhost keys for asn1 tables where keys are allocated out
...
of s->process->pool to prevent "leaking" each time we format
a vhost key.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93616 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 01:30:18 +00:00
b4f77dcf27
switch SSLModConfigRec.tPublicCert to ssl_asn1_table api to prevent
...
leakage on restarts.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93615 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 00:28:05 +00:00
e778179d1f
switch SSLModConfigRec.tPrivateKey to ssl_asn1_table api to prevent
...
leakage on restarts.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93614 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 00:23:32 +00:00
01b903dfc4
add ssl_asn1_table_get() wrapper and change ssl_init_TmpKeysHandle()
...
to use it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93613 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 00:10:52 +00:00
d6a76369d5
mod_ssl was "leaking" on restart since mc->tTmpKeys table entries
...
were allocated using apr_palloc out of s->process->pool and pushed
into an apr_array_header_t.
solve the problem by moving from apr_array_header_t's to an apr_hash_t.
also add ssl_asn1_table_{set,unset} wrappers to use malloc/free so we
do not "leak" from s->process->pool.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93612 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 00:01:57 +00:00
7b21fb2549
Introduce the PassPhraseDialog 'pipe' mechanism.
...
This is the directive handling commit only, the mechanics patch will
follow. PassPhraseDialog "|/path/to/pipe" will use the bidirectional
pipe to have a 'conversation', along the lines of the tty dialog with
PassPhraseDialog 'builtin'. This is entirely different than the 'exec'
method, which simply runs once for each passphrase, and doesn't allow
for failure/retries, and certainly doesn't offer any sensible 'dialog'.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93606 13f79535-47bb-0310-9956-ffa450edef68
2002-02-27 19:51:33 +00:00
0ba62becc5
changing mod_ssl to do a full startup/teardown on each restart rather
...
than hack to only read passphrase on 1st round startup. this change:
- fixes current segv on restarts (SHARED_MODULE is not defined)
- allows LoadModule ssl_module to be added to httpd.conf on restart
(was core dumping previously)
- allows certs/keys to be changed on restart provided key is not
encrypted or SSLPassPhraseDialog is exec. if key is encrypted and
SSLPassPhraseDialog is builtin, existing private keys will be reused
on restart (which happens currently for any type of key/dialog).
note: mod_ssl currently leaks on restart; leaks more with this change.
fixes to come.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93585 13f79535-47bb-0310-9956-ffa450edef68
2002-02-27 03:21:09 +00:00
b8c76eed10
Grrrrr..... We should really use the correct line endings on all
...
platforms.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93582 13f79535-47bb-0310-9956-ffa450edef68
2002-02-27 00:39:01 +00:00
0f45e62dcd
Forward port of changes in mod_ssl for Apache 1.3 up through mod_ssl
...
version 2.8.7-1.3.23.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93564 13f79535-47bb-0310-9956-ffa450edef68
2002-02-25 04:23:03 +00:00
cdea8a5477
move OpenSSL specific SSL_{get,set}_state macros to the #ifdef'd group of
...
macros for OpenSSL in mod_ssl.h
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92918 13f79535-47bb-0310-9956-ffa450edef68
2002-01-18 23:26:46 +00:00
f2e97102ce
rewrite of mod_ssl input filter for better performance and less memory usage
...
PR:
Obtained from:
Submitted by:
Reviewed by: Justin Erenkrantz
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92873 13f79535-47bb-0310-9956-ffa450edef68
2002-01-17 00:54:33 +00:00
ffeb2bbe16
The mutex must be pool-managed, not ssl managed. We are encountering
...
segfaults on Win32 when the cleanup of the mutex occurs after the pool
was destroyed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92818 13f79535-47bb-0310-9956-ffa450edef68
2002-01-11 06:05:18 +00:00
c53456b4c1
mod_ssl adjustments to help with using toolkits other than OpenSSL:
...
Use SSL functions/macros instead of directly dereferencing SSL
structures wherever possible.
Add type-casts for the cases where functions return a generic pointer.
Add $SSL/include to configure search path.
PR:
Obtained from:
Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com >
Reviewed by: dougm
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92800 13f79535-47bb-0310-9956-ffa450edef68
2002-01-10 04:55:19 +00:00
7712c61146
get SSLPassPhraseDialog exec: working by passing the proper arguments
...
to apr_proc_create()
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92786 13f79535-47bb-0310-9956-ffa450edef68
2002-01-09 19:24:32 +00:00
