httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl mod_ssl.c ssl_engine_config.c ssl_engine_init.c ssl_private.h
Date Thu, 03 Jun 2004 13:03:09 GMT
jorton      2004/06/03 06:03:09

  Modified:    .        CHANGES
               modules/ssl mod_ssl.c ssl_engine_config.c ssl_engine_init.c
                        ssl_private.h
  Log:
  Add "SSLHonorCipherOrder" directive to enable the OpenSSL 0.9.7 flag
  which uses the server's cipher preference order rather than the
  client's.
  
  * modules/ssl/ssl_private.h (struct SSLSrvConfigRec): Add
  cipher_server_pref field.
  
  * modules/ssl/ssl_engine_config.c (ssl_config_server_create,
  ssl_config_server_merge): Initialize and merge cipher_server_pref
  field.
  (ssl_cmd_SSLHonorCipherOrder): New function.
  
  * modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): Set the
  context option SSL_OP_CIPHER_SERVER_PREFERENCE when required.
  
  PR: 28665
  Submitted by: Jim Shneider <jschneid netilla.com>
  
  Revision  Changes    Path
  1.1503    +5 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1502
  retrieving revision 1.1503
  diff -d -w -u -r1.1502 -r1.1503
  --- CHANGES	3 Jun 2004 09:28:11 -0000	1.1502
  +++ CHANGES	3 Jun 2004 13:03:07 -0000	1.1503
  @@ -2,6 +2,11 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) mod_ssl: Add "SSLHonorCipherOrder" directive to enable the
  +     OpenSSL 0.9.7 flag which uses the server's cipher order rather
  +     than the client's.  
  +     PR 28665.  [Jim Shneider <jschneid netilla.com>]
  +
     *) mod_ssl: Drop support for the CompatEnvVars argument to
        SSLOptions, which was never actually implemented in 2.0.
        [Joe Orton]
  
  
  
  1.98      +2 -0      httpd-2.0/modules/ssl/mod_ssl.c
  
  Index: mod_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
  retrieving revision 1.97
  retrieving revision 1.98
  diff -d -w -u -r1.97 -r1.98
  --- mod_ssl.c	5 Mar 2004 02:41:39 -0000	1.97
  +++ mod_ssl.c	3 Jun 2004 13:03:07 -0000	1.98
  @@ -134,6 +134,8 @@
       SSL_CMD_SRV(Protocol, RAW_ARGS,
                   "Enable or disable various SSL protocols"
                   "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
  +    SSL_CMD_SRV(HonorCipherOrder, FLAG,
  +                "Use the server's cipher ordering preference")
   
       /* 
        * Proxy configuration for remote SSL connections
  
  
  
  1.93      +13 -0     httpd-2.0/modules/ssl/ssl_engine_config.c
  
  Index: ssl_engine_config.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
  retrieving revision 1.92
  retrieving revision 1.93
  diff -d -w -u -r1.92 -r1.93
  --- ssl_engine_config.c	3 Jun 2004 09:28:12 -0000	1.92
  +++ ssl_engine_config.c	3 Jun 2004 13:03:08 -0000	1.93
  @@ -175,6 +175,7 @@
       sc->vhost_id               = NULL;  /* set during module init */
       sc->vhost_id_len           = 0;     /* set during module init */
       sc->session_cache_timeout  = UNSET;
  +    sc->cipher_server_pref     = UNSET;
   
       modssl_ctx_init_proxy(sc, p);
   
  @@ -259,6 +260,7 @@
       cfgMerge(enabled, SSL_ENABLED_UNSET);
       cfgMergeBool(proxy_enabled);
       cfgMergeInt(session_cache_timeout);
  +    cfgMergeBool(cipher_server_pref);
   
       modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
   
  @@ -662,6 +664,17 @@
                          ": file '", *file, 
                          "' does not exist or is empty", NULL);
   
  +}
  +
  +const char *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag)
  +{
  +#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
  +    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
  +    sc->cipher_server_pref = flag?TRUE:FALSE;
  +    return NULL;
  +#else
  +    return "SSLHonorCiperOrder unsupported; not implemented by the SSL library";
  +#endif
   }
   
   static const char *ssl_cmd_check_dir(cmd_parms *parms,
  
  
  
  1.128     +9 -0      httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.127
  retrieving revision 1.128
  diff -d -w -u -r1.127 -r1.128
  --- ssl_engine_init.c	26 Mar 2004 23:53:35 -0000	1.127
  +++ ssl_engine_init.c	3 Jun 2004 13:03:08 -0000	1.128
  @@ -428,6 +428,15 @@
           SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
       }
   
  +#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
  +    {
  +        SSLSrvConfigRec *sc = mySrvConfig(s);
  +        if (sc->cipher_server_pref == TRUE) {
  +            SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
  +        }
  +    }
  +#endif
  +
       SSL_CTX_set_app_data(ctx, s);
   
       /*
  
  
  
  1.6       +2 -0      httpd-2.0/modules/ssl/ssl_private.h
  
  Index: ssl_private.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_private.h,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -d -w -u -r1.5 -r1.6
  --- ssl_private.h	3 Jun 2004 09:28:12 -0000	1.5
  +++ ssl_private.h	3 Jun 2004 13:03:08 -0000	1.6
  @@ -434,6 +434,7 @@
       const char      *vhost_id;
       int              vhost_id_len;
       int              session_cache_timeout;
  +    BOOL             cipher_server_pref;
       modssl_ctx_t    *server;
       modssl_ctx_t    *proxy;
   };
  @@ -487,6 +488,7 @@
   const char  *ssl_cmd_SSLCACertificateFile(cmd_parms *, void *, const char *);
   const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, void *, const char *);
   const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, void *, const char *);
  +const char  *ssl_cmd_SSLHonorCipherOrder(cmd_parms *cmd, void *dcfg, int flag);
   const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
   const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
   const char  *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
  
  
  

Mime
View raw message