You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2014/01/23 15:31:36 UTC

svn commit: r1560696 - in /httpd/httpd/branches/2.4.x: ./ STATUS modules/ssl/ssl_engine_init.c

Author: jim
Date: Thu Jan 23 14:31:36 2014
New Revision: 1560696

URL: http://svn.apache.org/r1560696
Log:
Merge r1546692 from trunk:

Axe dead code: It wouldn't have been needed ever since httpd 2.0.35
was released in April 2002... it was fixed in the [unreleased]
SSLeay 0.9.1b, which was the basis for the initial OpenSSL 0.9.1c
release in December 1998 (specifically, it's this change to ssl_set_pkey():
https://cvs.openssl.org/filediff?f=openssl/ssl/ssl_rsa.c&v1=1.1.1.2&v2=1.1.1.3)

Submitted by: kbrand
Reviewed/backported by: jim

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1546692

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1560696&r1=1560695&r2=1560696&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Thu Jan 23 14:31:36 2014
@@ -98,11 +98,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  * mod_ssl: drop unnecessary EVP_PKEY_copy_parameters cruft
-    trunk patch: https://svn.apache.org/r1546692
-    2.4.x patch: trunk patch works
-    +1: kbrand, trawick, jim
-
   * mod_dir: stop trying to index or redirect requests that are halfway
     through being rewritten by per-dir mod_rewrite. Old releases would skip any
     unknown r->handler. PR53929

Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c?rev=1560696&r1=1560695&r2=1560696&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c Thu Jan 23 14:31:36 2014
@@ -931,22 +931,6 @@ static apr_status_t ssl_server_import_ke
         return ssl_die(s);
     }
 
-    /*
-     * XXX: wonder if this is still needed, this is old todo doc.
-     * (see http://www.psy.uq.edu.au/~ftp/Crypto/ssleay/TODO.html)
-     */
-    if ((pkey_type == EVP_PKEY_DSA) && mctx->pks->certs[idx]) {
-        EVP_PKEY *pubkey = X509_get_pubkey(mctx->pks->certs[idx]);
-
-        if (pubkey && EVP_PKEY_missing_parameters(pubkey)) {
-            EVP_PKEY_copy_parameters(pubkey, pkey);
-            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02239)
-                    "Copying DSA parameters from private key to certificate");
-            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
-            EVP_PKEY_free(pubkey);
-        }
-    }
-
     mctx->pks->keys[idx] = pkey;
 
     return APR_SUCCESS;