Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 58292 invoked from network); 31 Oct 2006 16:13:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 31 Oct 2006 16:13:25 -0000 Received: (qmail 26948 invoked by uid 500); 31 Oct 2006 16:13:32 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 26903 invoked by uid 500); 31 Oct 2006 16:13:32 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 26892 invoked by uid 99); 31 Oct 2006 16:13:32 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 31 Oct 2006 08:13:32 -0800 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of covener@gmail.com designates 66.249.92.169 as permitted sender) Received: from [66.249.92.169] (HELO ug-out-1314.google.com) (66.249.92.169) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 31 Oct 2006 08:13:19 -0800 Received: by ug-out-1314.google.com with SMTP id z36so1352628uge for ; Tue, 31 Oct 2006 08:12:57 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=EwTYC+lIqRtW8PsZ981EPP2r9nzIglgDIFemc4H60/GOht/zvp/NqYmRhTC5eJgt4n17tJKwDLaUqaM38BtY/04Q0spdApvK2IxxTCFbbDvY05fRPhgXphb7Ai0vaU3ko1SKpD9l5aUsl4Anr4X1aD1U5uL+TElqCKSxa0Y0kYI= Received: by 10.67.103.7 with SMTP id f7mr6350708ugm; Tue, 31 Oct 2006 08:12:57 -0800 (PST) Received: by 10.67.106.7 with HTTP; Tue, 31 Oct 2006 08:12:56 -0800 (PST) Message-ID: <1404e5910610310812l2739b9car66403d37aeeae92@mail.gmail.com> Date: Tue, 31 Oct 2006 11:12:56 -0500 From: "Eric Covener" To: dev@httpd.apache.org Subject: Re: LDAPTrustedClientCert? In-Reply-To: <23735.196.8.104.27.1162280553.squirrel@www.sharp.fm> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_9444_30601447.1162311176895" References: <1404e5910610232040q6dd4137aj408ac48cc59bb9ba@mail.gmail.com> <45666.196.8.104.27.1161681537.squirrel@www.sharp.fm> <1404e5910610301233hb2d5dc9ia7b9ae50ebc344a4@mail.gmail.com> <45466CAF.8040702@sharp.fm> <1404e5910610301525m7c7f7adbl5a49f99cd037f2b1@mail.gmail.com> <23735.196.8.104.27.1162280553.squirrel@www.sharp.fm> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_9444_30601447.1162311176895 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline On 10/31/06, Graham Leggett wrote: > On Tue, October 31, 2006 1:25 am, Eric Covener wrote: > > > Looks like the openldap 2.4 series (alpha) can support this by > > requesting a new openssl CTX > > (ldap_set_option(...,APR_LDAP_OPT_X_TLS_NEWCTX,...) but I had to > > explicitly call openssl's SSL_library_init(); before ldap_set_option > > or it died creating the new context. > > > > (with the added calls, test program works as expected in per-connection > > context) > > > > May be a limitation for util_ldap to not poke around in per-connection > > settings for (earlier than 2.4) openldap, and some rework to flip the > > right switches at the right time for 2.4 and better. > > The logic to try and determine which behaviour to use with which LDAP SDK > was abstracted into apr-util, so ideally any toolkit specific fix should > go in there. > > Not having looked at the openldap SDK for a while - at what point do we > call ldap_set_option(...,APR_LDAP_OPT_X_TLS_NEWCTX,...) - is this done > just before connection? Or is it done when setting the client certificate? > > Is it possible to post a diff of the code that made it work for you? Attached is the rough patch for what it took to get the following kind of config to work when linked against the 2.4.3 (alpha) openldap. not ready for prime-time but for discussion purposes only (comments below) (when using older/current openldap I think httpd has to refuse LDAPTrustedClientCert altogether and require users code LDAPTrustedGlobalCert exclusively) ... LDAPTrustedGlobalCert CA_BASE64 /home/covener/CA.crt LDAPTrustedGlobalCert CERT_BASE64 /home/covener/globalcert.pem LDAPTrustedGlobalCert KEY_BASE64 /home/covener/globalcert.key LDAPUrl ... LDAPTrustedClientCert CERT_BASE64 /home/covener/othercert.pem LDAPTrsutedClientKey KEY_BASE64 /home/covener/othercert.key The repeating of the apr_ldap_opt_set(global_certs) is due to the "new" openssl CTX no longer having the stuff we pushed into the global environment. No idea if this is harmless for other SDKs but I couldn't figure out a way to push that aspect down into apr-util. I will test w/ the mozilla SDK sometime to see how things work out using the prescribed CERT_NICKNAME in LDAPTrustedClientCert which might give me a better idea of how to isolate the per-directory client certs SDK-dependent behavior. -- Eric Covener covener@gmail.com ------=_Part_9444_30601447.1162311176895 Content-Type: text/x-patch; name=util_ldap-clientcerts_perdir.diff; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: base64 X-Attachment-Id: f_etyhrsy9 Content-Disposition: attachment; filename="util_ldap-clientcerts_perdir.diff" SW5kZXg6IG1vZHVsZXMvbGRhcC91dGlsX2xkYXAuYwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBtb2R1bGVzL2xk YXAvdXRpbF9sZGFwLmMJKHJldmlzaW9uIDQ2OTQ2MikKKysrIG1vZHVsZXMvbGRhcC91dGlsX2xk YXAuYwkod29ya2luZyBjb3B5KQpAQCAtMjY4LDcgKzI2OCwxOCBAQAogCiAgICAgICAgIC8qIHNl dCBjbGllbnQgY2VydGlmaWNhdGVzICovCiAgICAgICAgIGlmICghYXByX2lzX2VtcHR5X2FycmF5 KGxkYy0+Y2xpZW50X2NlcnRzKSkgeworICAgICAgICAgICAgLyogQWRkIGFueSBnbG9iYWwgc2V0 dGluZ3MgdG8gdGhpcyBsZGFwIGNvbm5lY3Rpb24sIG90aGVyd2lzZSBnbG9iYWwgQ0Egd29uJ3Qg YmUgYXZhaWxhYmxlICovCiAgICAgICAgICAgICBhcHJfbGRhcF9zZXRfb3B0aW9uKGxkYy0+cG9v bCwgbGRjLT5sZGFwLCBBUFJfTERBUF9PUFRfVExTX0NFUlQsCisgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIHN0LT5nbG9iYWxfY2VydHMsICYocmVzdWx0KSk7CisgICAgICAgICAgICBp ZiAoTERBUF9TVUNDRVNTICE9IHJlc3VsdC0+cmMpIHsKKyAgICAgICAgICAgICAgICBsZGFwX3Vu YmluZF9zKGxkYy0+bGRhcCk7CisgICAgICAgICAgICAgICAgbGRjLT5sZGFwID0gTlVMTDsKKyAg ICAgICAgICAgICAgICBsZGMtPmJvdW5kID0gMDsKKyAgICAgICAgICAgICAgICBsZGMtPnJlYXNv biA9IHJlc3VsdC0+cmVhc29uOworICAgICAgICAgICAgICAgIHJldHVybihyZXN1bHQtPnJjKTsK KyAgICAgICAgICAgIH0KKworICAgICAgICAgICAgYXByX2xkYXBfc2V0X29wdGlvbihsZGMtPnBv b2wsIGxkYy0+bGRhcCwgQVBSX0xEQVBfT1BUX1RMU19DRVJULAogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBsZGMtPmNsaWVudF9jZXJ0cywgJihyZXN1bHQpKTsKICAgICAgICAgICAg IGlmIChMREFQX1NVQ0NFU1MgIT0gcmVzdWx0LT5yYykgewogICAgICAgICAgICAgICAgIGxkYXBf dW5iaW5kX3MobGRjLT5sZGFwKTsKQEAgLTQwMiw5ICs0MTMsMTIgQEAKICAgICBkZXN0ID0gKHN0 cnVjdCBhcHJfbGRhcF9vcHRfdGxzX2NlcnRfdCAqKWRlc3RzLT5lbHRzOwogICAgIGZvciAoaSA9 IDA7IGkgPCBzcmNzLT5uZWx0czsgaSsrKSB7CiAgICAgICAgIGlmIChzdHJjbXAoc3JjW2ldLnBh dGgsIGRlc3RbaV0ucGF0aCkgfHwKLSAgICAgICAgICAgIHN0cmNtcChzcmNbaV0ucGFzc3dvcmQs IGRlc3RbaV0ucGFzc3dvcmQpIHx8Ci0gICAgICAgICAgICBzcmNbaV0udHlwZSAhPSBkZXN0W2ld LnR5cGUpIHsKLSAgICAgICAgICAgIHJldHVybiAxOworICAgICAgICAgICAoc3JjW2ldLnR5cGUg IT0gZGVzdFtpXS50eXBlKSAgfHwKKyAgICAgICAgICAgLyogT25lIGlzIHBhc3N3b3JkbGVzcz8g SWYgc28sIHRoZW4gbm90IGVxdWFsICovCisgICAgICAgICAgICgoc3JjW2ldLnBhc3N3b3JkID09 IE5VTEwpIF4gKGRlc3RbaV0ucGFzc3dvcmQgPT0gTlVMTCkpIHx8CisgICAgICAgICAgIChzcmNb aV0ucGFzc3dvcmQgIT0gTlVMTCAmJiBkZXN0W2ldLnBhc3N3b3JkICE9IE5VTEwgJiYKKyAgICAg ICAgICAgc3RyY21wKHNyY1tpXS5wYXNzd29yZCwgZGVzdFtpXS5wYXNzd29yZCkpKSB7CisgICAg ICAgICAgICAgICByZXR1cm4gMTsKICAgICAgICAgfQogICAgIH0KIApAQCAtNDM0LDggKzQ0OCw5 IEBACiAgICAgdXRpbF9sZGFwX3N0YXRlX3QgKnN0ID0KICAgICAgICAgKHV0aWxfbGRhcF9zdGF0 ZV90ICopYXBfZ2V0X21vZHVsZV9jb25maWcoci0+c2VydmVyLT5tb2R1bGVfY29uZmlnLAogICAg ICAgICAmbGRhcF9tb2R1bGUpOworICAgIHV0aWxfbGRhcF9jb25maWdfdCAqZGMgPSAKKyAgICAg ICAgKHV0aWxfbGRhcF9jb25maWdfdCAqKSBhcF9nZXRfbW9kdWxlX2NvbmZpZyhyLT5wZXJfZGly X2NvbmZpZywgJmxkYXBfbW9kdWxlKTsKIAotCiAjaWYgQVBSX0hBU19USFJFQURTCiAgICAgLyog bXV0ZXggbG9jayB0aGlzIGZ1bmN0aW9uICovCiAgICAgYXByX3RocmVhZF9tdXRleF9sb2NrKHN0 LT5tdXRleCk7CkBAIC00NTgsNyArNDczLDcgQEAKICAgICAgICAgICAgICYmICgoIWwtPmJpbmRw dyAmJiAhYmluZHB3KSB8fCAobC0+YmluZHB3ICYmIGJpbmRwdwogICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgJiYgIXN0cmNtcChsLT5iaW5kcHcsIGJpbmRwdykp KQogICAgICAgICAgICAgJiYgKGwtPmRlcmVmID09IGRlcmVmKSAmJiAobC0+c2VjdXJlID09IHNl Y3VyZWZsYWcpCi0gICAgICAgICAgICAmJiAhY29tcGFyZV9jbGllbnRfY2VydHMoc3QtPmNsaWVu dF9jZXJ0cywgbC0+Y2xpZW50X2NlcnRzKSkKKyAgICAgICAgICAgICYmICFjb21wYXJlX2NsaWVu dF9jZXJ0cyhkYy0+Y2xpZW50X2NlcnRzLCBsLT5jbGllbnRfY2VydHMpKQogICAgICAgICB7CiAg ICAgICAgICAgICBicmVhazsKICAgICAgICAgfQpAQCAtNDgzLDcgKzQ5OCw3IEBACiAjZW5kaWYK ICAgICAgICAgICAgIGlmICgobC0+cG9ydCA9PSBwb3J0KSAmJiAoc3RyY21wKGwtPmhvc3QsIGhv c3QpID09IDApICYmCiAgICAgICAgICAgICAgICAgKGwtPmRlcmVmID09IGRlcmVmKSAmJiAobC0+ c2VjdXJlID09IHNlY3VyZWZsYWcpICYmCi0gICAgICAgICAgICAgICAgIWNvbXBhcmVfY2xpZW50 X2NlcnRzKHN0LT5jbGllbnRfY2VydHMsIGwtPmNsaWVudF9jZXJ0cykpCisgICAgICAgICAgICAg ICAgIWNvbXBhcmVfY2xpZW50X2NlcnRzKGRjLT5jbGllbnRfY2VydHMsIGwtPmNsaWVudF9jZXJ0 cykpCiAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgLyogdGhlIGJpbmQgY3JlZGVudGlh bHMgaGF2ZSBjaGFuZ2VkICovCiAgICAgICAgICAgICAgICAgbC0+Ym91bmQgPSAwOwpAQCAtNTM3 LDcgKzU1Miw3IEBACiAgICAgICAgIGwtPnNlY3VyZSA9IHNlY3VyZWZsYWc7CiAKICAgICAgICAg Lyogc2F2ZSBhd2F5IGEgY29weSBvZiB0aGUgY2xpZW50IGNlcnQgbGlzdCB0aGF0IGlzIHByZXNl bnRseSB2YWxpZCAqLwotICAgICAgICBsLT5jbGllbnRfY2VydHMgPSBhcHJfYXJyYXlfY29weV9o ZHIobC0+cG9vbCwgc3QtPmNsaWVudF9jZXJ0cyk7CisgICAgICAgIGwtPmNsaWVudF9jZXJ0cyA9 IGFwcl9hcnJheV9jb3B5X2hkcihsLT5wb29sLCBkYy0+Y2xpZW50X2NlcnRzKTsKIAogICAgICAg ICAvKiBhZGQgdGhlIGNsZWFudXAgdG8gdGhlIHBvb2wgKi8KICAgICAgICAgYXByX3Bvb2xfY2xl YW51cF9yZWdpc3RlcihsLT5wb29sLCBsLApAQCAtMTU5NSw2ICsxNjEwLDggQEAKICAgICB1dGls X2xkYXBfc3RhdGVfdCAqc3QgPQogICAgICAgICAodXRpbF9sZGFwX3N0YXRlX3QgKilhcF9nZXRf bW9kdWxlX2NvbmZpZyhjbWQtPnNlcnZlci0+bW9kdWxlX2NvbmZpZywKICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJmxkYXBfbW9kdWxlKTsKKyAgICB1 dGlsX2xkYXBfY29uZmlnX3QgKmRjID0gIGNvbmZpZzsKKwogICAgIGFwcl9maW5mb190IGZpbmZv OwogICAgIGFwcl9zdGF0dXNfdCBydjsKICAgICBpbnQgY2VydF90eXBlID0gMDsKQEAgLTE2MzQs NyArMTY1MSw3IEBACiAgICAgICAgICAgICAgICAgICAgICAgIGZpbGUsIHR5cGUpOwogCiAgICAg LyogYWRkIHRoZSBjZXJ0aWZpY2F0ZSB0byB0aGUgZ2xvYmFsIGFycmF5ICovCi0gICAgY2VydCA9 IChhcHJfbGRhcF9vcHRfdGxzX2NlcnRfdCAqKWFwcl9hcnJheV9wdXNoKHN0LT5nbG9iYWxfY2Vy dHMpOworICAgIGNlcnQgPSAoYXByX2xkYXBfb3B0X3Rsc19jZXJ0X3QgKilhcHJfYXJyYXlfcHVz aChkYy0+Y2xpZW50X2NlcnRzKTsKICAgICBjZXJ0LT50eXBlID0gY2VydF90eXBlOwogICAgIGNl cnQtPnBhdGggPSBmaWxlOwogICAgIGNlcnQtPnBhc3N3b3JkID0gcGFzc3dvcmQ7CkBAIC0xNzUx LDYgKzE3NjgsMTMgQEAKIH0KIAogCitzdGF0aWMgdm9pZCAqdXRpbF9sZGFwX2NyZWF0ZV9kaXJf Y29uZmlnKGFwcl9wb29sX3QgKnAsIGNoYXIgKmQpIHsgCisgICB1dGlsX2xkYXBfY29uZmlnX3Qg KmRjID0gCisgICAgICAgKHV0aWxfbGRhcF9jb25maWdfdCAqKSBhcHJfcGNhbGxvYyhwLHNpemVv Zih1dGlsX2xkYXBfY29uZmlnX3QpKTsKKworICAgZGMtPmNsaWVudF9jZXJ0cyA9IGFwcl9hcnJh eV9tYWtlKHAsIDEwLCBzaXplb2YoYXByX2xkYXBfb3B0X3Rsc19jZXJ0X3QpKTsKKyAgIHJldHVy biBkYzsKK30KIHN0YXRpYyB2b2lkICp1dGlsX2xkYXBfY3JlYXRlX2NvbmZpZyhhcHJfcG9vbF90 ICpwLCBzZXJ2ZXJfcmVjICpzKQogewogICAgIHV0aWxfbGRhcF9zdGF0ZV90ICpzdCA9CkBAIC0x NzcyLDcgKzE3OTYsNiBAQAogICAgIHN0LT5jb25uZWN0aW9ucyA9IE5VTEw7CiAgICAgc3QtPnNz bF9zdXBwb3J0ZWQgPSAwOwogICAgIHN0LT5nbG9iYWxfY2VydHMgPSBhcHJfYXJyYXlfbWFrZShw LCAxMCwgc2l6ZW9mKGFwcl9sZGFwX29wdF90bHNfY2VydF90KSk7Ci0gICAgc3QtPmNsaWVudF9j ZXJ0cyA9IGFwcl9hcnJheV9tYWtlKHAsIDEwLCBzaXplb2YoYXByX2xkYXBfb3B0X3Rsc19jZXJ0 X3QpKTsKICAgICBzdC0+c2VjdXJlID0gQVBSX0xEQVBfTk9ORTsKICAgICBzdC0+c2VjdXJlX3Nl dCA9IDA7CiAgICAgc3QtPmNvbm5lY3Rpb25UaW1lb3V0ID0gMTA7CkBAIC0xODA2LDggKzE4Mjks NiBAQAogICAgIHN0LT5zc2xfc3VwcG9ydGVkID0gMDsKICAgICBzdC0+Z2xvYmFsX2NlcnRzID0g YXByX2FycmF5X2FwcGVuZChwLCBiYXNlLT5nbG9iYWxfY2VydHMsCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgb3ZlcnJpZGVzLT5nbG9iYWxfY2VydHMpOwotICAg IHN0LT5jbGllbnRfY2VydHMgPSBhcHJfYXJyYXlfYXBwZW5kKHAsIGJhc2UtPmNsaWVudF9jZXJ0 cywKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBvdmVycmlkZXMt PmNsaWVudF9jZXJ0cyk7CiAgICAgc3QtPnNlY3VyZSA9IChvdmVycmlkZXMtPnNlY3VyZV9zZXQg PT0gMCkgPyBiYXNlLT5zZWN1cmUKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICA6IG92ZXJyaWRlcy0+c2VjdXJlOwogCkBAIC0xODc3LDYgKzE4OTgsMTIgQEAK ICNlbmRpZgogICAgICAgICByZXR1cm4gT0s7CiAgICAgfQorI2lmIEFQX0RFQlVHCit7ICAgIAor ICAgIGludCBMREFQX0RFQlVHX0xFVkVMID0gLTE7CisgICAgbGRhcF9zZXRfb3B0aW9uKE5VTEwg LCBMREFQX09QVF9ERUJVR19MRVZFTCwgJihMREFQX0RFQlVHX0xFVkVMKSk7Cit9CisjZW5kaWYK IAogI2lmIEFQUl9IQVNfU0hBUkVEX01FTU9SWQogICAgIC8qIGluaXRpYWxpemluZyBjYWNoZSBp ZiBzaGFyZWQgbWVtb3J5IHNpemUgaXMgbm90IHplcm8gYW5kIHdlIGFscmVhZHkKQEAgLTIwNTAs NyArMjA3Nyw3IEBACiAgICAgICAgICAgICAgICAgICAgIlRoaXJkIGFyZyBpcyBhbiBvcHRpb25h bCBwYXNzcGhyYXNlIGlmIGFwcGxpY2FibGUuIiksCiAKICAgICBBUF9JTklUX1RBS0UyMygiTERB UFRydXN0ZWRDbGllbnRDZXJ0IiwgdXRpbF9sZGFwX3NldF90cnVzdGVkX2NsaWVudF9jZXJ0LAot ICAgICAgICAgICAgICAgICAgIE5VTEwsIFJTUkNfQ09ORiwKKyAgICAgICAgICAgICAgICAgICBO VUxMLCBPUl9BVVRIQ0ZHLAogICAgICAgICAgICAgICAgICAgICJUYWtlcyB0aHJlZSBhcmdzOyB0 aGUgZmlsZSBhbmQvb3IgZGlyZWN0b3J5IGNvbnRhaW5pbmcgIgogICAgICAgICAgICAgICAgICAg ICJ0aGUgY2xpZW50IGNlcnRpZmljYXRlLCBvciBjZXJ0aWZpY2F0ZSBJRCB1c2VkIHRvICIKICAg ICAgICAgICAgICAgICAgICAidmFsaWRhdGUgdGhpcyBMREFQIGNsaWVudC4gIFNlY29uZCBhcmcg aXMgdGhlIGNlcnQgdHlwZSAiCkBAIC0yMDk3LDcgKzIxMjQsNyBAQAogCiBtb2R1bGUgQVBfTU9E VUxFX0RFQ0xBUkVfREFUQSBsZGFwX21vZHVsZSA9IHsKICAgIFNUQU5EQVJEMjBfTU9EVUxFX1NU VUZGLAotICAgTlVMTCwgICAgICAgICAgICAgICAgICAgICAgICAvKiBjcmVhdGUgZGlyIGNvbmZp ZyAqLworICAgdXRpbF9sZGFwX2NyZWF0ZV9kaXJfY29uZmlnLCAgLyogY3JlYXRlIGRpciBjb25m aWcgKi8KICAgIE5VTEwsICAgICAgICAgICAgICAgICAgICAgICAgLyogbWVyZ2UgZGlyIGNvbmZp ZyAqLwogICAgdXRpbF9sZGFwX2NyZWF0ZV9jb25maWcsICAgICAvKiBjcmVhdGUgc2VydmVyIGNv bmZpZyAqLwogICAgdXRpbF9sZGFwX21lcmdlX2NvbmZpZywgICAgICAvKiBtZXJnZSBzZXJ2ZXIg Y29uZmlnICovCkluZGV4OiBpbmNsdWRlL3V0aWxfbGRhcC5oCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGluY2x1 ZGUvdXRpbF9sZGFwLmgJKHJldmlzaW9uIDQ2OTQ2MikKKysrIGluY2x1ZGUvdXRpbF9sZGFwLmgJ KHdvcmtpbmcgY29weSkKQEAgLTEwNSw2ICsxMDUsMTAgQEAKICAgICBzdHJ1Y3QgdXRpbF9sZGFw X2Nvbm5lY3Rpb25fdCAqbmV4dDsKIH0gdXRpbF9sZGFwX2Nvbm5lY3Rpb25fdDsKIAordHlwZWRl ZiBzdHJ1Y3QgdXRpbF9sZGFwX2NvbmZpZ190IHsgCisgICAgYXByX2FycmF5X2hlYWRlcl90ICpj bGllbnRfY2VydHM7ICAgLyogQ2xpZW50IGNlcnRpZmljYXRlcyBvbiB0aGlzIGNvbm5lY3Rpb24g Ki8KK30gdXRpbF9sZGFwX2NvbmZpZ190OworCiAvKiBMREFQIGNhY2hlIHN0YXRlIGluZm9ybWF0 aW9uICovIAogdHlwZWRlZiBzdHJ1Y3QgdXRpbF9sZGFwX3N0YXRlX3QgewogICAgIGFwcl9wb29s X3QgKnBvb2w7ICAgICAgICAgICAvKiBwb29sIGZyb20gd2hpY2ggdGhpcyBzdGF0ZSBpcyBhbGxv Y2F0ZWQgKi8K ------=_Part_9444_30601447.1162311176895--