Skip to content
  1. Aug 08, 2003
  2. Aug 07, 2003
  3. Aug 05, 2003
  4. Jul 24, 2003
  5. Jul 21, 2003
  6. Jul 14, 2003
  7. Jul 09, 2003
  8. Jun 24, 2003
  9. Jun 20, 2003
  10. Jun 17, 2003
    • William A. Rowe Jr's avatar
      · 425651c3
      William A. Rowe Jr authored
        Reaction to Jeff Trawick's observations that we are double-initializing
        dynalinked OpenSSL Engines and Configs.  Move the library teardown code
        so that it is torn down in the proper order, corresponding to when the
        library itself was initialized.  And leave a little reminder that some
        memory diagnostics would be good if OpenSSL is built for malloc debugging.
      
      Suggested by: Geoff Thorpe
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100288 13f79535-47bb-0310-9956-ffa450edef68
      425651c3
  11. Jun 11, 2003
  12. Jun 07, 2003
    • Jeff Trawick's avatar
      Unix: Handle permissions settings for flock-based mutexes in · b149b152
      Jeff Trawick authored
      unixd_set_global|proc_mutex_perms().  Allow the functions to be
      called for any type of mutex.
      
      This resolves a fatal problem with mod_rewrite on systems where
      APR uses flock-based mutex.
      
      It simplifies mod_ssl as well, which had special logic to perform
      the chown().  It fixed an init error with mod_ssl on systems where
      flock is used when the user had no SSLMutex directive.
      
      The Unix MPMs continue to call unixd_set_global|proc_mutex_perms()
      only for SysV sems.  There is no permission problem with flock-based
      accept mutexes since the child init logic for the MPMs is done
      prior to switching identity.
      
      PR:              20312
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100189 13f79535-47bb-0310-9956-ffa450edef68
      b149b152
  13. Jun 02, 2003
    • William A. Rowe Jr's avatar
      · 5e3df0e9
      William A. Rowe Jr authored
        The right patch (thanks to Eric for identifying the wrong patch) to move
        SSL_library_init() into the register hooks phase.  OpenSSL_add_ssl_algorithms
        devolves to SSL_library_init, which is the same for most toolkits (and would
        be accomodated in ssl_toolkit_config.h if not.)
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100136 13f79535-47bb-0310-9956-ffa450edef68
      5e3df0e9
  14. May 31, 2003
  15. May 30, 2003
    • William A. Rowe Jr's avatar
      · c36eab60
      William A. Rowe Jr authored
        OpenSSL_add_all_algorithms is simply an alias for SSL_load_library.
      
        Note that the entire schema of what-we-load-how follows from
        OpenSSL 0.9.7's own apps/ example applications.  More review
        is greatly desired, but that's where I believed I should
        start looking for the 'correct' order of operations.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100110 13f79535-47bb-0310-9956-ffa450edef68
      c36eab60
    • William A. Rowe Jr's avatar
      · bcf13856
      William A. Rowe Jr authored
        Provide a far more useful explanation when SSLCryptoDevice fails to
        find a device.  Still would be nice to implement dynamic:{options}
        but this gets us to display the usual, builtin devices.
      
        We now load builtin engines up front, in the pre_config phase, because
        this and any other config cmd processor must have an already valid
        library config.  So loading builtin engines becomes redundant in this
        cmd handler.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100108 13f79535-47bb-0310-9956-ffa450edef68
      bcf13856
    • William A. Rowe Jr's avatar
      · 511e7ce1
      William A. Rowe Jr authored
        Solve a pretty horrific bug in SSLCryptoDevice and other places where
        the config cmd processors should be examining the SSL context.  We must
        initialize the SSL library before we can actually obtain any useful
        information from the SSL library.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100107 13f79535-47bb-0310-9956-ffa450edef68
      511e7ce1
    • William A. Rowe Jr's avatar
      · dfcc4c1a
      William A. Rowe Jr authored
        Based on list discussion between myself and Geoff, it seems prudent
        to check for both the existence of the openssl/engine.h header file
        and some 'expected function' such as ENGINE_init() (better suggestions
        are welcome.)  Also clear up some confusion; so long as we have
        ENGINE_load_builtin_engines() we should attempt to preload those.
      
        This patch protects all ENGINE-based code within the tests for the
        engine header and function, and changes a version test into a
        function test.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100104 13f79535-47bb-0310-9956-ffa450edef68
      dfcc4c1a
  16. May 27, 2003
  17. May 22, 2003
    • William A. Rowe Jr's avatar
      · 7b196d24
      William A. Rowe Jr authored
        The patch below reverts the prior commit to eliminate SSL_set_state().
        Some additional work or research is required in order to pass the
        perl-framework regressions, but I don't have the cycles and don't
        care to leave the broken code in cvs HEAD.
      
      REVERTING: wrowe 2003/05/19 08:13:19
      
        Modified:    modules/ssl config.m4 ssl_engine_io.c ssl_engine_kernel.c
                              ssl_toolkit_compat.h
        Log:
          Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin
          rehandshaking the SSL connection, vis-a-vis ApacheSSL.
      
        Revision  Changes    Path
        1.15      +0 -1      httpd-2.0/modules/ssl/config.m4
        1.108     +1 -1      httpd-2.0/modules/ssl/ssl_engine_io.c
        1.93      +1 -1      httpd-2.0/modules/ssl/ssl_engine_kernel.c
        1.34      +0 -6      httpd-2.0/modules/ssl/ssl_toolkit_compat.h
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100004 13f79535-47bb-0310-9956-ffa450edef68
      7b196d24
  18. May 19, 2003
  19. May 16, 2003
  20. May 01, 2003
  21. Apr 06, 2003
  22. Apr 05, 2003
    • William A. Rowe Jr's avatar
      · 430e6606
      William A. Rowe Jr authored
        Solve SSL-C breakage introduced in mod_ssl.h rev 1.129 and
        ssl_engine_kernel.c rev 1.88.  SSL* is not const under SSL-C.
      
        I've confirmed Jeff's comment that the original patch doesn't harm
        earlier OpenSSL versions which declared no arguments at all.
      
        I suspect now that we could fold
           #define MODSSL_BIO_CB_ARG_TYPE const char
           #define MODSSL_CRYPTO_CB_ARG_TYPE const char
           #define MODSSL_INFO_CB_ARG_TYPE const SSL*
        into a single MODSSL_CB_ARG_CONST define, but this works for now.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99263 13f79535-47bb-0310-9956-ffa450edef68
      430e6606
    • William A. Rowe Jr's avatar
      · f0f89dbf
      William A. Rowe Jr authored
        Noop MS DevStudio IDE change
       to include ssl_toolkit_compat.h
        in the list of project headers.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99261 13f79535-47bb-0310-9956-ffa450edef68
      f0f89dbf
    • William A. Rowe Jr's avatar
      · 8f413882
      William A. Rowe Jr authored
        Have some consistency!  Fixes logic I introduced in 1.37.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99253 13f79535-47bb-0310-9956-ffa450edef68
      8f413882
    • William A. Rowe Jr's avatar
      · fb574408
      William A. Rowe Jr authored
        Reapply the fix *intended* by rev 1.79 in a safer manner.  Prior to
        all assignments and the final SSL_free(), free ssl_conn->client_cert
        to avoid leaks of this refcounted X509*.  Prereleasing refcounted
        objects is unsafe programming; fix applied to both branches.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99252 13f79535-47bb-0310-9956-ffa450edef68
      fb574408
    • William A. Rowe Jr's avatar
      · fbf92085
      William A. Rowe Jr authored
        EVP_PKEY_free() is refcounted on OpenSSL, but NOT under RSA SSL-C.
        Eliminate a number of test failures by conditionally reverting rev 1.79
        pubkey handling in ssl_engine_kernel.c, except under OpenSSL.
      
        Also revert a rev 1.79 bogisity for all toolkits; it's entirely bogus
        to release a refcount after setting aside the results in a persistant
        structure, in this case sslconn->client_cert from SSL_get_peer_certificate()
        mustn't be freed while sslconn is still in play.  The proper patch (not
        written yet) is to invoke the X509_free(sslconn->client_cert) when we
        cleanup the sslconn structure.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99250 13f79535-47bb-0310-9956-ffa450edef68
      fbf92085
    • William A. Rowe Jr's avatar
      · b97742be
      William A. Rowe Jr authored
        A cosmetic change to 1.79 - a real X509 *cert is in play, don't use
        that same variable to retrieve/release the quick lookup and discard
        of the peercert.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99244 13f79535-47bb-0310-9956-ffa450edef68
      b97742be
  23. Apr 04, 2003