httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1092246 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_private.h support/ab.c
Date Thu, 14 Apr 2011 13:56:17 GMT
Author: trawick
Date: Thu Apr 14 13:56:17 2011
New Revision: 1092246

URL: http://svn.apache.org/viewvc?rev=1092246&view=rev
Log:
mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.

Submitted by: sf
Reviewed by: trawick, wrowe

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c
    httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h
    httpd/httpd/branches/2.2.x/support/ab.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1092246&r1=1092245&r2=1092246&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Thu Apr 14 13:56:17 2011
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.18
 
+  *) mod_ssl, ab: Support OpenSSL compiled without SSLv2 support.
+     [Stefan Fritsch]
+
   *) core: AllowEncodedSlashes new option NoDecode to allow encoded slashes
      in request URL path info but not decode them. PR 35256,
      PR 46830.  [Dan Poirier]

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1092246&r1=1092245&r2=1092246&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu Apr 14 13:56:17 2011
@@ -96,12 +96,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
      2.2.x patch: Trunk version of patch works with fuzz
      +1: sf, trawick, wrowe
 
-  * mod_ssl/ab: Support OpenSSL compiled without SSLv2 support
-     Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1090367
-     2.2.x patch: http://people.apache.org/~sf/support-openssl-without-sslv2.patch
-     +1: sf, trawick, wrowe
-
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c?rev=1092246&r1=1092245&r2=1092246&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_config.c Thu Apr 14 13:56:17 2011
@@ -1273,6 +1273,11 @@ static const char *ssl_cmd_protocol_pars
         }
 
         if (strcEQ(w, "SSLv2")) {
+#ifdef OPENSSL_NO_SSL2
+            if (action != '-') {
+                return "SSLv2 not supported by this version of OpenSSL";
+            }
+#endif
             thisopt = SSL_PROTOCOL_SSLV2;
         }
         else if (strcEQ(w, "SSLv3")) {

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c?rev=1092246&r1=1092245&r2=1092246&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c Thu Apr 14 13:56:17 2011
@@ -465,13 +465,16 @@ static void ssl_init_ctx_protocol(server
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                  "Creating new SSL context (protocols: %s)", cp);
 
+#ifndef OPENSSL_NO_SSL2
     if (protocol == SSL_PROTOCOL_SSLV2) {
         method = mctx->pkp ?
             SSLv2_client_method() : /* proxy */
             SSLv2_server_method();  /* server */
         ctx = SSL_CTX_new(method);  /* only SSLv2 is left */
     }
-    else {
+    else
+#endif
+    {
         method = mctx->pkp ?
             SSLv23_client_method() : /* proxy */
             SSLv23_server_method();  /* server */

Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h?rev=1092246&r1=1092245&r2=1092246&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_private.h Thu Apr 14 13:56:17 2011
@@ -218,7 +218,11 @@ typedef int ssl_opt_t;
 #define SSL_PROTOCOL_SSLV2 (1<<0)
 #define SSL_PROTOCOL_SSLV3 (1<<1)
 #define SSL_PROTOCOL_TLSV1 (1<<2)
+#ifndef OPENSSL_NO_SSL2
 #define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+#else
+#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
+#endif
 typedef int ssl_proto_t;
 
 /**

Modified: httpd/httpd/branches/2.2.x/support/ab.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/ab.c?rev=1092246&r1=1092245&r2=1092246&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/support/ab.c (original)
+++ httpd/httpd/branches/2.2.x/support/ab.c Thu Apr 14 13:56:17 2011
@@ -1876,7 +1876,11 @@ static void usage(const char *progname)
     fprintf(stderr, "    -h              Display usage information (this message)\n");
 #ifdef USE_SSL
     fprintf(stderr, "    -Z ciphersuite  Specify SSL/TLS cipher suite (See openssl ciphers)\n");
+#ifndef OPENSSL_NO_SSL2
     fprintf(stderr, "    -f protocol     Specify SSL/TLS protocol (SSL2, SSL3, TLS1, or ALL)\n");
+#else
+    fprintf(stderr, "    -f protocol     Specify SSL/TLS protocol (SSL3, TLS1, or ALL)\n");
+#endif
 #endif
     exit(EINVAL);
 }
@@ -2209,8 +2213,10 @@ int main(int argc, const char * const ar
             case 'f':
                 if (strncasecmp(optarg, "ALL", 3) == 0) {
                     meth = SSLv23_client_method();
+#ifndef OPENSSL_NO_SSL2
                 } else if (strncasecmp(optarg, "SSL2", 4) == 0) {
                     meth = SSLv2_client_method();
+#endif
                 } else if (strncasecmp(optarg, "SSL3", 4) == 0) {
                     meth = SSLv3_client_method();
                 } else if (strncasecmp(optarg, "TLS1", 4) == 0) {



Mime
View raw message