You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2018/10/10 09:10:15 UTC
svn commit: r1843411 - in /httpd/httpd/branches/2.4.x: CHANGES STATUS
support/ab.c
Author: minfrin
Date: Wed Oct 10 09:10:15 2018
New Revision: 1843411
URL: http://svn.apache.org/viewvc?rev=1843411&view=rev
Log:
ab: print Server Temp Key information.
trunk patch: http://svn.apache.org/r1738415
http://svn.apache.org/r1826930
2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/httpd-2.4-ab.patch
+1: minfrin, jim, ylavic
Modified:
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/support/ab.c
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1843411&r1=1843410&r2=1843411&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Wed Oct 10 09:10:15 2018
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.4.36
+ *) ab: Disable printing temp key for OpenSSL before
+ version 1.0.2. SSL_get_server_tmp_key is not available
+ there. [Rainer Jung]
+
*) mod_ssl: Fix a regression that the configuration settings for verify mode
and verify depth were taken from the frontend connection in case of
connections by the proxy to the backend. PR 62769. [Ruediger Pluem]
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1843411&r1=1843410&r2=1843411&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Wed Oct 10 09:10:15 2018
@@ -124,12 +124,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) ab: print Server Temp Key information.
- trunk patch: http://svn.apache.org/r1738415
- http://svn.apache.org/r1826930
- 2.4.x patch: https://svn.apache.org/repos/asf/httpd/httpd/patches/2.4.x/httpd-2.4-ab.patch
- +1: minfrin, jim, ylavic
-
*) ab: Add client certificate support.
trunk: http://svn.apache.org/r1841784
2.4.x: svn merge -c r1841784 ^/httpd/httpd/trunk .
Modified: httpd/httpd/branches/2.4.x/support/ab.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/support/ab.c?rev=1843411&r1=1843410&r2=1843411&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/support/ab.c (original)
+++ httpd/httpd/branches/2.4.x/support/ab.c Wed Oct 10 09:10:15 2018
@@ -353,6 +353,9 @@ int is_ssl;
SSL_CTX *ssl_ctx;
char *ssl_cipher = NULL;
char *ssl_info = NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+char *ssl_tmp_key = NULL;
+#endif
BIO *bio_out,*bio_err;
#ifdef HAVE_TLSEXT
int tls_use_sni = 1; /* used by default, -I disables it */
@@ -732,6 +735,46 @@ static void ssl_proceed_handshake(struct
SSL_CIPHER_get_name(ci),
pk_bits, sk_bits);
}
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ if (ssl_tmp_key == NULL) {
+ EVP_PKEY *key;
+ if (SSL_get_server_tmp_key(c->ssl, &key)) {
+ ssl_tmp_key = xmalloc(128);
+ switch (EVP_PKEY_id(key)) {
+ case EVP_PKEY_RSA:
+ apr_snprintf(ssl_tmp_key, 128, "RSA %d bits",
+ EVP_PKEY_bits(key));
+ break;
+ case EVP_PKEY_DH:
+ apr_snprintf(ssl_tmp_key, 128, "DH %d bits",
+ EVP_PKEY_bits(key));
+ break;
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC: {
+ const char *cname = NULL;
+ EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+ int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+ EC_KEY_free(ec);
+ cname = EC_curve_nid2nist(nid);
+ if (!cname)
+ cname = OBJ_nid2sn(nid);
+
+ apr_snprintf(ssl_tmp_key, 128, "ECDH %s %d bits",
+ cname,
+ EVP_PKEY_bits(key));
+ break;
+ }
+#endif
+ default:
+ apr_snprintf(ssl_tmp_key, 128, "%s %d bits",
+ OBJ_nid2sn(EVP_PKEY_id(key)),
+ EVP_PKEY_bits(key));
+ break;
+ }
+ EVP_PKEY_free(key);
+ }
+ }
+#endif
write_request(c);
do_next = 0;
break;
@@ -895,6 +938,11 @@ static void output_results(int sig)
if (is_ssl && ssl_info) {
printf("SSL/TLS Protocol: %s\n", ssl_info);
}
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ if (is_ssl && ssl_tmp_key) {
+ printf("Server Temp Key: %s\n", ssl_tmp_key);
+ }
+#endif
#ifdef HAVE_TLSEXT
if (is_ssl && tls_sni) {
printf("TLS Server Name: %s\n", tls_sni);