httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1090367 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_private.h support/ab.c
Date Fri, 08 Apr 2011 17:56:21 GMT
Author: sf
Date: Fri Apr  8 17:56:20 2011
New Revision: 1090367

URL: http://svn.apache.org/viewvc?rev=1090367&view=rev
Log:
mod_ssl, ab: Support OpenSSL compiled without SSLv2 support

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
    httpd/httpd/trunk/modules/ssl/ssl_private.h
    httpd/httpd/trunk/support/ab.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1090367&r1=1090366&r2=1090367&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Apr  8 17:56:20 2011
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.12
 
+  *) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
+     [Stefan Fritsch]
+
   *) core: Abort if the MPM is changed across restart.  [Jeff Trawick]
 
   *) mod_proxy_ajp: Add support for 'ProxyErrorOverride on'. PR 50945.

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1090367&r1=1090366&r2=1090367&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Fri Apr  8 17:56:20 2011
@@ -1208,6 +1208,11 @@ static const char *ssl_cmd_protocol_pars
         }
 
         if (strcEQ(w, "SSLv2")) {
+#ifdef OPENSSL_NO_SSL2
+            if (action != '-') {
+                return "SSLv2 not supported by this version of OpenSSL";
+            }
+#endif
             thisopt = SSL_PROTOCOL_SSLV2;
         }
         else if (strcEQ(w, "SSLv3")) {

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=1090367&r1=1090366&r2=1090367&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Fri Apr  8 17:56:20 2011
@@ -500,16 +500,18 @@ static void ssl_init_ctx_protocol(server
     ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s,
                  "Creating new SSL context (protocols: %s)", cp);
 
-    if (protocol == SSL_PROTOCOL_SSLV2) {
-        method = mctx->pkp ?
-            SSLv2_client_method() : /* proxy */
-            SSLv2_server_method();  /* server */
-    }
-    else if (protocol == SSL_PROTOCOL_SSLV3) {
+    if (protocol == SSL_PROTOCOL_SSLV3) {
         method = mctx->pkp ?
             SSLv3_client_method() : /* proxy */
             SSLv3_server_method();  /* server */
     }
+#ifndef OPENSSL_NO_SSL2
+    else if (protocol == SSL_PROTOCOL_SSLV2) {
+        method = mctx->pkp ?
+            SSLv2_client_method() : /* proxy */
+            SSLv2_server_method();  /* server */
+    }
+#endif
     else if (protocol == SSL_PROTOCOL_TLSV1) {
         method = mctx->pkp ?
             TLSv1_client_method() : /* proxy */

Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1090367&r1=1090366&r2=1090367&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Fri Apr  8 17:56:20 2011
@@ -236,7 +236,11 @@ typedef int ssl_opt_t;
 #define SSL_PROTOCOL_SSLV2 (1<<0)
 #define SSL_PROTOCOL_SSLV3 (1<<1)
 #define SSL_PROTOCOL_TLSV1 (1<<2)
+#ifndef OPENSSL_NO_SSL2
 #define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+#else
+#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+#endif
 typedef int ssl_proto_t;
 
 /**

Modified: httpd/httpd/trunk/support/ab.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/ab.c?rev=1090367&r1=1090366&r2=1090367&view=diff
==============================================================================
--- httpd/httpd/trunk/support/ab.c (original)
+++ httpd/httpd/trunk/support/ab.c Fri Apr  8 17:56:20 2011
@@ -1890,7 +1890,11 @@ static void usage(const char *progname)
     fprintf(stderr, "    -h              Display usage information (this message)\n");
 #ifdef USE_SSL
     fprintf(stderr, "    -Z ciphersuite  Specify SSL/TLS cipher suite (See openssl ciphers)\n");
+#ifndef OPENSSL_NO_SSL2
     fprintf(stderr, "    -f protocol     Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL)\n");
+#else
+    fprintf(stderr, "    -f protocol     Specify SSL/TLS protocol (SSL3, TLS1, or ALL)\n");
+#endif
 #endif
     exit(EINVAL);
 }
@@ -2219,8 +2223,10 @@ int main(int argc, const char * const ar
             case 'f':
                 if (strncasecmp(opt_arg, "ALL", 3) == 0) {
                     meth = SSLv23_client_method();
+#ifndef OPENSSL_NO_SSL2
                 } else if (strncasecmp(opt_arg, "SSL2", 4) == 0) {
                     meth = SSLv2_client_method();
+#endif
                 } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {
                     meth = SSLv3_client_method();
                 } else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {



Mime
View raw message