You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2014/01/06 15:09:18 UTC
svn commit: r1555787 - in /httpd/httpd/branches/2.4.x: ./ STATUS
modules/ssl/ssl_engine_init.c modules/ssl/ssl_util_ssl.c
modules/ssl/ssl_util_ssl.h
Author: covener
Date: Mon Jan 6 14:09:18 2014
New Revision: 1555787
URL: http://svn.apache.org/r1555787
Log:
Merge r1546805 from trunk:
SGC became dead in January 2000, effectively
(http://www.gpo.gov/fdsys/pkg/FR-2000-01-14/pdf/00-983.pdf)
Almost 14 years later, there's certainly no longer any need
to spit out some fancy log message.
Submitted by: kbrand
Reviewed by: covener, trawick
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ssl.c
httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ssl.h
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1546805
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1555787&r1=1555786&r2=1555787&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Mon Jan 6 14:09:18 2014
@@ -98,11 +98,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_ssl: drop obsolete SGC log message (strong crypto for the 1990ies)
- trunk patch: https://svn.apache.org/r1546805
- 2.4.x patch: trunk patch works
- +1: kbrand, trawick, covener
-
* configure: Look for config*.m4 files only in the correct directories.
trunk patch: https://svn.apache.org/r1542615
2.4.x patch: trunk patch works
Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c?rev=1555787&r1=1555786&r2=1555787&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c Mon Jan 6 14:09:18 2014
@@ -942,13 +942,6 @@ static void ssl_check_public_cert(server
* Some information about the certificate(s)
*/
- if (SSL_X509_isSGC(cert)) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01905)
- "%s server certificate enables "
- "Server Gated Cryptography (SGC)",
- ssl_asn1_keystr(type));
- }
-
if (SSL_X509_getBC(cert, &is_ca, &pathlen)) {
if (is_ca) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(01906)
Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ssl.c?rev=1555787&r1=1555786&r2=1555787&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ssl.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ssl.c Mon Jan 6 14:09:18 2014
@@ -188,29 +188,6 @@ int SSL_smart_shutdown(SSL *ssl)
** _________________________________________________________________
*/
-/* check whether cert contains extended key usage with a SGC tag */
-BOOL SSL_X509_isSGC(X509 *cert)
-{
- int ext_nid;
- EXTENDED_KEY_USAGE *sk;
- BOOL is_sgc;
- int i;
-
- is_sgc = FALSE;
- sk = X509_get_ext_d2i(cert, NID_ext_key_usage, NULL, NULL);
- if (sk) {
- for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
- ext_nid = OBJ_obj2nid(sk_ASN1_OBJECT_value(sk, i));
- if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
- is_sgc = TRUE;
- break;
- }
- }
- EXTENDED_KEY_USAGE_free(sk);
- }
- return is_sgc;
-}
-
/* retrieve basic constraints ingredients */
BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
{
Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ssl.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ssl.h?rev=1555787&r1=1555786&r2=1555787&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ssl.h (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ssl.h Mon Jan 6 14:09:18 2014
@@ -63,7 +63,6 @@ void SSL_set_app_data2(SSL *, voi
X509 *SSL_read_X509(char *, X509 **, pem_password_cb *);
EVP_PKEY *SSL_read_PrivateKey(char *, EVP_PKEY **, pem_password_cb *, void *);
int SSL_smart_shutdown(SSL *ssl);
-BOOL SSL_X509_isSGC(X509 *);
BOOL SSL_X509_getBC(X509 *, int *, int *);
char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne);
char *SSL_X509_NAME_to_string(apr_pool_t *, X509_NAME *, int);