You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2011/04/14 15:56:17 UTC
svn commit: r1092246 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c
modules/ssl/ssl_private.h support/ab.c
Author: trawick
Date: Thu Apr 14 13:56:17 2011
New Revision: 1092246
URL: http://svn.apache.org/viewvc?rev=1092246&view=rev
Log:
mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
Submitted by: sf
Reviewed by: trawick, wrowe
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c
httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c
httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h
httpd/httpd/branches/2.2.x/support/ab.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1092246&r1=1092245&r2=1092246&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Thu Apr 14 13:56:17 2011
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.18
+ *) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
+ [Stefan Fritsch]
+
*) core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
in request URL path info but not decode them. PR 35256,
PR 46830. [Dan Poirier]
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1092246&r1=1092245&r2=1092246&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu Apr 14 13:56:17 2011
@@ -96,12 +96,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
2.2.x patch: Trunk version of patch works with fuzz
+1: sf, trawick, wrowe
- * mod_ssl/ab: Support OpenSSL compiled without SSLv2 support
- Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1090367
- 2.2.x patch: http://people.apache.org/~sf/support-openssl-without-sslv2.patch
- +1: sf, trawick, wrowe
-
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c?rev=1092246&r1=1092245&r2=1092246&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c Thu Apr 14 13:56:17 2011
@@ -1273,6 +1273,11 @@ static const char *ssl_cmd_protocol_pars
}
if (strcEQ(w, "SSLv2")) {
+#ifdef OPENSSL_NO_SSL2
+ if (action != '-') {
+ return "SSLv2 not supported by this version of OpenSSL";
+ }
+#endif
thisopt = SSL_PROTOCOL_SSLV2;
}
else if (strcEQ(w, "SSLv3")) {
Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c?rev=1092246&r1=1092245&r2=1092246&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c Thu Apr 14 13:56:17 2011
@@ -465,13 +465,16 @@ static void ssl_init_ctx_protocol(server
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Creating new SSL context (protocols: %s)", cp);
+#ifndef OPENSSL_NO_SSL2
if (protocol == SSL_PROTOCOL_SSLV2) {
method = mctx->pkp ?
SSLv2_client_method() : /* proxy */
SSLv2_server_method(); /* server */
ctx = SSL_CTX_new(method); /* only SSLv2 is left */
}
- else {
+ else
+#endif
+ {
method = mctx->pkp ?
SSLv23_client_method() : /* proxy */
SSLv23_server_method(); /* server */
Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h?rev=1092246&r1=1092245&r2=1092246&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h Thu Apr 14 13:56:17 2011
@@ -218,7 +218,11 @@ typedef int ssl_opt_t;
#define SSL_PROTOCOL_SSLV2 (1<<0)
#define SSL_PROTOCOL_SSLV3 (1<<1)
#define SSL_PROTOCOL_TLSV1 (1<<2)
+#ifndef OPENSSL_NO_SSL2
#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+#else
+#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+#endif
typedef int ssl_proto_t;
/**
Modified: httpd/httpd/branches/2.2.x/support/ab.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/ab.c?rev=1092246&r1=1092245&r2=1092246&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/support/ab.c (original)
+++ httpd/httpd/branches/2.2.x/support/ab.c Thu Apr 14 13:56:17 2011
@@ -1876,7 +1876,11 @@ static void usage(const char *progname)
fprintf(stderr, " -h Display usage information (this message)\n");
#ifdef USE_SSL
fprintf(stderr, " -Z ciphersuite Specify SSL/TLS cipher suite (See openssl ciphers)\n");
+#ifndef OPENSSL_NO_SSL2
fprintf(stderr, " -f protocol Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL)\n");
+#else
+ fprintf(stderr, " -f protocol Specify SSL/TLS protocol (SSL3, TLS1, or ALL)\n");
+#endif
#endif
exit(EINVAL);
}
@@ -2209,8 +2213,10 @@ int main(int argc, const char * const ar
case 'f':
if (strncasecmp(optarg, "ALL", 3) == 0) {
meth = SSLv23_client_method();
+#ifndef OPENSSL_NO_SSL2
} else if (strncasecmp(optarg, "SSL2", 4) == 0) {
meth = SSLv2_client_method();
+#endif
} else if (strncasecmp(optarg, "SSL3", 4) == 0) {
meth = SSLv3_client_method();
} else if (strncasecmp(optarg, "TLS1", 4) == 0) {