diff options
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/httpd/conf/httpd.conf | 2 | ||||
| -rw-r--r-- | usr.sbin/httpd/conf/httpd.conf-dist | 2 | ||||
| -rw-r--r-- | usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html | 2 | ||||
| -rw-r--r-- | usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml | 2 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/CHANGES.SSL | 34 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/include/httpd.h | 4 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/main/http_request.c | 7 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/libssl.module | 6 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/libssl.version | 2 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/mod_ssl.c | 4 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/mod_ssl.h | 5 | ||||
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c | 11 |
12 files changed, 60 insertions, 21 deletions
diff --git a/usr.sbin/httpd/conf/httpd.conf b/usr.sbin/httpd/conf/httpd.conf index bb2f1449a7a..254907e0d2f 100644 --- a/usr.sbin/httpd/conf/httpd.conf +++ b/usr.sbin/httpd/conf/httpd.conf @@ -889,7 +889,7 @@ SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 # Semaphore: -# Configure the path to the mutual explusion semaphore the +# Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex file:logs/ssl_mutex diff --git a/usr.sbin/httpd/conf/httpd.conf-dist b/usr.sbin/httpd/conf/httpd.conf-dist index 53fa5ff1d30..c30e1511260 100644 --- a/usr.sbin/httpd/conf/httpd.conf-dist +++ b/usr.sbin/httpd/conf/httpd.conf-dist @@ -992,7 +992,7 @@ SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 # Semaphore: -# Configure the path to the mutual explusion semaphore the +# Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex file:logs/ssl_mutex diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html index 5b6edb6a510..e3d3aa8f26d 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html @@ -922,7 +922,7 @@ server Certificate for it. How do I do it? <p> <li>You now have to send this Certificate Signing Request (CSR) to a Certifying Authority (CA) for signing. The result is then a real - Certificate which can be used for Apache. Here you have to options: + Certificate which can be used for Apache. Here you have two options: First you can let the CSR sign by a commercial CA like Verisign or Thawte. Then you usually have to post the CSR into a web form, pay for the signing and await the signed Certificate you then can store into a diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml index e3d169317d2..b6ab234b263 100644 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml +++ b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.wml @@ -613,7 +613,7 @@ server Certificate for it. How do I do it? <p> <li>You now have to send this Certificate Signing Request (CSR) to a Certifying Authority (CA) for signing. The result is then a real - Certificate which can be used for Apache. Here you have to options: + Certificate which can be used for Apache. Here you have two options: First you can let the CSR sign by a commercial CA like Verisign or Thawte. Then you usually have to post the CSR into a web form, pay for diff --git a/usr.sbin/httpd/src/CHANGES.SSL b/usr.sbin/httpd/src/CHANGES.SSL index f58bcb6f345..46ddef7c59b 100644 --- a/usr.sbin/httpd/src/CHANGES.SSL +++ b/usr.sbin/httpd/src/CHANGES.SSL @@ -23,6 +23,40 @@ / __/ | (_) | __ |_____(_)___/ ___________________________________________ + Changes with mod_ssl 2.8.4 (04-May-2001 to 20-May-2001) + + *) Removed old db1/ndbm.h kludge from mod_ssl.h, because it should be + not needed at all, because mod_ssl downgrades to SDBM anyway on all + Linux platforms. Additionally made the Linux check more accurate + by using src/Configure's $PLAT variable instead of $OS. + + *) Upgraded to Apache 1.3.20 + + *) +------------------------------------------------------------------+ + | Officially moved mod_ssl to Apache 2.0: | + | The mod_ssl 2.8.x source tree is now frozen for development | + | and will only be updated for bugfixes and Apache 1.3.x version | + | upgrades. The last release (2.8.3) was imported to the ASF CVS | + | repository under httpd-2.0/modules/ssl/. All development efforts | + | are now directed to the Apache 2.0 area. Nevertheless, mod_ssl | + | 2.8.x releases will occur as long as Apache 1.3.x releases occur.| + +------------------------------------------------------------------+ + + Changes with mod_ssl 2.8.3 (30-Mar-2001 to 04-May-2001) + + *) Allow loadcacert.cgi script to work inside mod_perl. + + *) Fixed typo in the directive descriptions in mod_ssl.c + + *) Fixed EAPI context usage in http_request.c: a context pointer + potentially can be NULL requests and can cause a segfault if + dereferenced. + + *) Fixed ENGINE support: the engine support is are now already + loaded at configure time. Else mod_ssl fails to find them. + + *) Fixed typo in httpd.conf-dist. + Changes with mod_ssl 2.8.2 (03-Mar-2001 to 30-Mar-2001) *) Moved the Shared Memory Cyclic Buffer (SHMCB) session cache diff --git a/usr.sbin/httpd/src/include/httpd.h b/usr.sbin/httpd/src/include/httpd.h index d3db6de29ec..c7726f10494 100644 --- a/usr.sbin/httpd/src/include/httpd.h +++ b/usr.sbin/httpd/src/include/httpd.h @@ -154,8 +154,8 @@ extern "C" { #define DEFAULT_HTTPS_PORT 443 #define ap_is_default_port(port,r) ((port) == ap_default_port(r)) #ifdef EAPI -#define ap_http_method(r) (ap_ctx_get((r)->ctx, "ap::http::method") != NULL ? ((char *)ap_ctx_get((r)->ctx, "ap::http::method")) : "http") -#define ap_default_port(r) (ap_ctx_get((r)->ctx, "ap::default::port") != NULL ? atoi((char *)ap_ctx_get((r)->ctx, "ap::default::port")) : DEFAULT_HTTP_PORT) +#define ap_http_method(r) (((r)->ctx != NULL && ap_ctx_get((r)->ctx, "ap::http::method") != NULL) ? ((char *)ap_ctx_get((r)->ctx, "ap::http::method")) : "http") +#define ap_default_port(r) (((r)->ctx != NULL && ap_ctx_get((r)->ctx, "ap::default::port") != NULL) ? atoi((char *)ap_ctx_get((r)->ctx, "ap::default::port")) : DEFAULT_HTTP_PORT) #else /* EAPI */ #define ap_http_method(r) "http" #define ap_default_port(r) DEFAULT_HTTP_PORT diff --git a/usr.sbin/httpd/src/main/http_request.c b/usr.sbin/httpd/src/main/http_request.c index 09b6ebf0c05..37834846f46 100644 --- a/usr.sbin/httpd/src/main/http_request.c +++ b/usr.sbin/httpd/src/main/http_request.c @@ -1370,6 +1370,10 @@ static request_rec *internal_internal_redirect(const char *new_uri, request_rec new->method = r->method; new->method_number = r->method_number; +#ifdef EAPI + /* initialize context _BEFORE_ ap_parse_uri() call */ + new->ctx = r->ctx; +#endif /* EAPI */ ap_parse_uri(new, new_uri); new->request_config = ap_create_request_config(r->pool); new->per_dir_config = r->server->lookup_defaults; @@ -1404,9 +1408,6 @@ static request_rec *internal_internal_redirect(const char *new_uri, request_rec new->no_local_copy = r->no_local_copy; new->read_length = r->read_length; /* We can only read it once */ new->vlist_validator = r->vlist_validator; -#ifdef EAPI - new->ctx = r->ctx; -#endif /* EAPI */ ap_table_setn(new->subprocess_env, "REDIRECT_STATUS", ap_psprintf(r->pool, "%d", r->status)); diff --git a/usr.sbin/httpd/src/modules/ssl/libssl.module b/usr.sbin/httpd/src/modules/ssl/libssl.module index e938d7daf13..d69e390090e 100644 --- a/usr.sbin/httpd/src/modules/ssl/libssl.module +++ b/usr.sbin/httpd/src/modules/ssl/libssl.module @@ -255,8 +255,8 @@ ConfigStart fi # 4. override decision on a few brain-dead platforms if [ ".$my_rule_SSL_SDBM" = .default ]; then - case "$OS" in - Linux ) + case "$PLAT" in + *-linux* ) # force Linux boxes to use builtin SDBM per default because # of too much broken vendor DBM libraries on this platform SSL_DBM_NAME='' @@ -367,7 +367,7 @@ ConfigStart # SSL engine support # case $SSL_VERSION_ID in - *0.9.6*engine* ) + *0.9.6*engine* | *0.9.6a*engine* | *0.9.[789]* ) SSL_CFLAGS="$SSL_CFLAGS -DSSL_ENGINE" ;; esac diff --git a/usr.sbin/httpd/src/modules/ssl/libssl.version b/usr.sbin/httpd/src/modules/ssl/libssl.version index 20b9c387996..f11257b4dc7 100644 --- a/usr.sbin/httpd/src/modules/ssl/libssl.version +++ b/usr.sbin/httpd/src/modules/ssl/libssl.version @@ -1 +1 @@ -mod_ssl/2.8.2-1.3.19 +mod_ssl/2.8.4-1.3.20 diff --git a/usr.sbin/httpd/src/modules/ssl/mod_ssl.c b/usr.sbin/httpd/src/modules/ssl/mod_ssl.c index 311e77f6cbf..04995fb3ea3 100644 --- a/usr.sbin/httpd/src/modules/ssl/mod_ssl.c +++ b/usr.sbin/httpd/src/modules/ssl/mod_ssl.c @@ -74,7 +74,7 @@ * identify the module to SCCS `what' and RCS `ident' commands */ static char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >"; -static char const rcsid[] = "$Id: mod_ssl.c,v 1.7 2001/03/29 10:21:46 beck Exp $"; +static char const rcsid[] = "$Id: mod_ssl.c,v 1.8 2001/06/20 18:06:15 brad Exp $"; /* * the table of configuration directives we provide @@ -200,7 +200,7 @@ static command_rec ssl_config_cmds[] = { "(no arguments)") AP_DIR_CMD(Require, AUTHCFG, RAW_ARGS, "Require a boolean expresion to evaluate to true for granting access" - "(arbitraty complex boolean expression - see manual)") + "(arbitrary complex boolean expression - see manual)") AP_END_CMD }; diff --git a/usr.sbin/httpd/src/modules/ssl/mod_ssl.h b/usr.sbin/httpd/src/modules/ssl/mod_ssl.h index 8731ef9de48..990f0dda082 100644 --- a/usr.sbin/httpd/src/modules/ssl/mod_ssl.h +++ b/usr.sbin/httpd/src/modules/ssl/mod_ssl.h @@ -346,12 +346,7 @@ union ssl_ipc_semun { #define SSL_DBM_FILE_SUFFIX_DIR ".dir" #define SSL_DBM_FILE_SUFFIX_PAG ".pag" #else /* !SSL_USE_SDBM */ -#if defined(__GLIBC__) && defined(__GLIBC_MINOR__) \ - && __GLIBC__ >= 2 && __GLIBC_MINOR__ >= 1 -#include <db1/ndbm.h> -#else #include <ndbm.h> -#endif #define ssl_dbm_open dbm_open #define ssl_dbm_close dbm_close #define ssl_dbm_store dbm_store diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c index f460ac5f805..c47340b2232 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c @@ -450,7 +450,16 @@ const char *ssl_cmd_SSLCryptoDevice( SSLModConfigRec *mc = myModConfig(); const char *err; ENGINE *e; - +#if SSL_LIBRARY_VERSION >= 0x00907000 + static int loaded_engines = FALSE; + + /* early loading to make sure the engines are already + available for ENGINE_by_id() above... */ + if (!loaded_engines) { + ENGINE_load_builtin_engines(); + loaded_engines = TRUE; + } +#endif if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL) return err; if (strcEQ(arg, "builtin")) { |