Merge r1803392, r1803396, r1803398 from trunk: (0ef8bcd6) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		-- coding: utf-8 --
		Changes with Apache 2.4.28

		*) mod_ssl, ab: Fix compatibility with LibreSSL. PR 61184.
		[Bernard Spil <brnrd freebsd.org>, Michael Schlenker <msc contact.de>,
		Yann Ylavic]

		*) core/log: Support use of optional "tag" in syslog entries.
		PR 60525. [Ben Rubson <ben.rubson gmail.com>, Jim Jagielski]

+6 −4

Original line number	Diff line number	Diff line
		@@ -338,11 +338,13 @@ static apr_status_t ssl_cleanup_pre_config(void *data)
		ENGINE_cleanup();
		#endif
		#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
		#ifndef OPENSSL_NO_COMP
		SSL_COMP_free_compression_methods();
		#endif
		#endif

		/* Usually needed per thread, but this parent process is single-threaded */
		#if OPENSSL_VERSION_NUMBER < 0x10100000L
		#if MODSSL_USE_OPENSSL_PRE_1_1_API
		#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
		ERR_remove_thread_state(NULL);
		#else
		@@ -383,15 +385,15 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
		/* Some OpenSSL internals are allocated per-thread, make sure they
		* are associated to the/our same thread-id until cleaned up.
		*/
		#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
		#if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API
		ssl_util_thread_id_setup(pconf);
		#endif

		/* We must register the library in full, to ensure our configuration
		* code can successfully test the SSL environment.
		*/
		#if OPENSSL_VERSION_NUMBER < 0x10100000L
		CRYPTO_malloc_init();
		#if MODSSL_USE_OPENSSL_PRE_1_1_API
		(void)CRYPTO_malloc_init();
		#else
		OPENSSL_malloc_init();
		#endif

+5 −5

Original line number	Diff line number	Diff line
		@@ -47,7 +47,7 @@ APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, init_server,
		#define KEYTYPES "RSA or DSA"
		#endif

		#if OPENSSL_VERSION_NUMBER < 0x10100000L
		#if MODSSL_USE_OPENSSL_PRE_1_1_API
		/* OpenSSL Pre-1.1.0 compatibility */
		/* Taken from OpenSSL 1.1.0 snapshot 20160410 */
		static int DH_set0_pqg(DH dh, BIGNUM p, BIGNUM q, BIGNUM g)
		@@ -257,7 +257,7 @@ apr_status_t ssl_init_Module(apr_pool_t p, apr_pool_t plog,
		#endif
		}

		#if APR_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L
		#if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API
		ssl_util_thread_setup(p);
		#endif

		@@ -380,7 +380,7 @@ apr_status_t ssl_init_Module(apr_pool_t p, apr_pool_t plog,
		modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */

		init_dh_params();
		#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		#if !MODSSL_USE_OPENSSL_PRE_1_1_API
		init_bio_methods();
		#endif

		@@ -1301,7 +1301,7 @@ static apr_status_t ssl_init_server_certs(server_rec *s,
		* or configure NIST P-256 (required to enable ECDHE for earlier versions)
		* ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList
		*/
		#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
		#if MODSSL_USE_OPENSSL_PRE_1_1_API
		else {
		#if defined(SSL_CTX_set_ecdh_auto)
		SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
		@@ -2011,7 +2011,7 @@ apr_status_t ssl_init_ModuleKill(void *data)

		}

		#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		#if !MODSSL_USE_OPENSSL_PRE_1_1_API
		free_bio_methods();
		#endif
		free_dh_params();

+4 −4

Original line number	Diff line number	Diff line
		@@ -164,7 +164,7 @@ static int bio_filter_create(BIO *bio)
		{
		BIO_set_shutdown(bio, 1);
		BIO_set_init(bio, 1);
		#if OPENSSL_VERSION_NUMBER < 0x10100000L
		#if MODSSL_USE_OPENSSL_PRE_1_1_API
		/* No setter method for OpenSSL 1.1.0 available,
		* but I can't find any functional use of the
		* "num" field there either.
		@@ -549,7 +549,7 @@ static long bio_filter_in_ctrl(BIO bio, int cmd, long num, void ptr)
		return -1;
		}

		#if OPENSSL_VERSION_NUMBER < 0x10100000L
		#if MODSSL_USE_OPENSSL_PRE_1_1_API

		static BIO_METHOD bio_filter_out_method = {
		BIO_TYPE_MEM,
		@@ -2024,7 +2024,7 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t filter_ctx, conn_rec c,

		filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, r, c);

		#if OPENSSL_VERSION_NUMBER < 0x10100000L
		#if MODSSL_USE_OPENSSL_PRE_1_1_API
		filter_ctx->pbioRead = BIO_new(&bio_filter_in_method);
		#else
		filter_ctx->pbioRead = BIO_new(bio_filter_in_method);
		@@ -2059,7 +2059,7 @@ void ssl_io_filter_init(conn_rec c, request_rec r, SSL *ssl)
		filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter,
		filter_ctx, r, c);

		#if OPENSSL_VERSION_NUMBER < 0x10100000L
		#if MODSSL_USE_OPENSSL_PRE_1_1_API
		filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method);
		#else
		filter_ctx->pbioWrite = BIO_new(bio_filter_out_method);

+1 −1

Original line number	Diff line number	Diff line
		@@ -1733,7 +1733,7 @@ static void modssl_proxy_info_log(conn_rec *c,
		* so we need to increment here to prevent them from
		* being freed.
		*/
		#if OPENSSL_VERSION_NUMBER < 0x10100000L
		#if MODSSL_USE_OPENSSL_PRE_1_1_API
		#define modssl_set_cert_info(info, cert, pkey) \
		*cert = info->x509; \
		CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \