Why wouldn't this be a mod_ssl header?


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99871 13f79535-47bb-0310-9956-ffa450edef68

  Assure that we block on the read BIO when we invoke the read BIO for both
  first-use cases (via ssl_io_input_add_filter) and when we are writing and
  need response from the client (via ssl_io_filter_output).  Both of these
  cases are always blocking.  [

PR: 19242
Submitted by:	David Deaves <David.Deaves@dd.id.au>, William Rowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99863 13f79535-47bb-0310-9956-ffa450edef68

version

this resolves some warnings with RH 8 (OpenSSL 0.9.6)
and some errors with AIX's native compiler (OpenSSL 0.9.6)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99678 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99279 13f79535-47bb-0310-9956-ffa450edef68

MODSSL_INFO_CB_ARG_TYPE already includes 'SSL' in its type.  Don't duplicate.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99278 13f79535-47bb-0310-9956-ffa450edef68

  Solve SSL-C breakage introduced in mod_ssl.h rev 1.129 and
  ssl_engine_kernel.c rev 1.88.  SSL* is not const under SSL-C.

  I've confirmed Jeff's comment that the original patch doesn't harm
  earlier OpenSSL versions which declared no arguments at all.

  I suspect now that we could fold
     #define MODSSL_BIO_CB_ARG_TYPE const char
     #define MODSSL_CRYPTO_CB_ARG_TYPE const char
     #define MODSSL_INFO_CB_ARG_TYPE const SSL*
  into a single MODSSL_CB_ARG_CONST define, but this works for now.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99263 13f79535-47bb-0310-9956-ffa450edef68

  Noop MS DevStudio IDE change
 to include ssl_toolkit_compat.h
  in the list of project headers.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99261 13f79535-47bb-0310-9956-ffa450edef68

  Have some consistency!  Fixes logic I introduced in 1.37.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99253 13f79535-47bb-0310-9956-ffa450edef68

  Reapply the fix *intended* by rev 1.79 in a safer manner.  Prior to
  all assignments and the final SSL_free(), free ssl_conn->client_cert
  to avoid leaks of this refcounted X509*.  Prereleasing refcounted
  objects is unsafe programming; fix applied to both branches.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99252 13f79535-47bb-0310-9956-ffa450edef68

  EVP_PKEY_free() is refcounted on OpenSSL, but NOT under RSA SSL-C.
  Eliminate a number of test failures by conditionally reverting rev 1.79
  pubkey handling in ssl_engine_kernel.c, except under OpenSSL.

  Also revert a rev 1.79 bogisity for all toolkits; it's entirely bogus
  to release a refcount after setting aside the results in a persistant
  structure, in this case sslconn->client_cert from SSL_get_peer_certificate()
  mustn't be freed while sslconn is still in play.  The proper patch (not
  written yet) is to invoke the X509_free(sslconn->client_cert) when we
  cleanup the sslconn structure.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99250 13f79535-47bb-0310-9956-ffa450edef68

  A cosmetic change to 1.79 - a real X509 *cert is in play, don't use
  that same variable to retrieve/release the quick lookup and discard
  of the peercert.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99244 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99202 13f79535-47bb-0310-9956-ffa450edef68

(e.g., OpenSSL 0.9.7a and xlc_r on AIX).

The OpenSSL info callback field changed recently from a generic
function pointer to a specific one, and ssl_callback_LogTracingState
wasn't quite right.

old:
ssl.h:        void (*info_callback)();

new:
ssl.h:        void (*info_callback)(const SSL *ssl,int type,int val);


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99201 13f79535-47bb-0310-9956-ffa450edef68

  Introduce a number of SSLC hints to mod_ssl, including the following
  type overrides;

    MODSSL_CLIENT_CERT_CB_ARG_TYPE
    MODSSL_PCHAR_CAST      (for a host of non-void/const sslc values)
    modssl_read_bio_cb_fn  (for several callbacks with same prototypes)

  Declare callback functions appropriately.

  And protect us from indetermineant toolkits with
  #error "Unrecognized SSL Toolkit!"


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99183 13f79535-47bb-0310-9956-ffa450edef68

  We presume to HAVE_OPENSSL - we were falling into the SSLC path :-(
  Win32 is non-autoconf


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99182 13f79535-47bb-0310-9956-ffa450edef68

  HAVE_SSL_SET_STATE=1 is a product of autoconf for OpenSSL, which we
  are missing on Win32.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99180 13f79535-47bb-0310-9956-ffa450edef68

chown junk, which we know is safe and works, and more directly
handles the issue with chown (agreed that a macro is needed
eventually)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99148 13f79535-47bb-0310-9956-ffa450edef68

    sysv mutexes with an APR_USE_ test... we have to look at the choice!

  Reviewed by:	Brian Pane, Justin Erenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99146 13f79535-47bb-0310-9956-ffa450edef68

NO_MD5, NO_IDEA and NO_MDC2 (won't compile otherwise with 0.9.7+ and
restricted crypto algorithms)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99107 13f79535-47bb-0310-9956-ffa450edef68

locks have the correct perms so that the child process
can access them


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99104 13f79535-47bb-0310-9956-ffa450edef68

  Per JimJ's review - we prefer posix over semv, fcntl over flock,
  and semv requires no file.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99100 13f79535-47bb-0310-9956-ffa450edef68

  Addendum to r1.74; Keep only the resulting filename in the global pool,
  toss the temporary strings away.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99097 13f79535-47bb-0310-9956-ffa450edef68

  Addendum to r1.21... I missed the fact that we blew away the init
  complete state too early in ssl_init_Module().


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99096 13f79535-47bb-0310-9956-ffa450edef68

  Fix a serious bug where the 'next' generation of the server would open
  a brand new mutex.  This patch creates a single mutex in the first config
  phase that survives for the life of the server (server->process->pool).

  Now one server generation to the next will respect the same mutex between
  one another, while the previous generation is still mopping up.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99095 13f79535-47bb-0310-9956-ffa450edef68

  Allow any mutex to accept a 'filename' ... and always root it to the
  server root unless we are using posixsem, which can't handle big paths.
  This reorganization should make the code much more readable because
  all of the common code is at the beginning and end of the function,
  simplifing the long conditional test case block.

  This patch allows SSLMutex default:logs/ssl_mutex syntax.  It also
  removes the mod_ssl historical '.pid' suffixes - that isn't how Apache2
  specifies files.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99094 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99069 13f79535-47bb-0310-9956-ffa450edef68

INCLUDE path to be defined properly)

PR: 11310
Submitted by: Geoff Thrope <geoff@geoffthrope.net>
Reviewed by: Madhusudan Mathihalli


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99008 13f79535-47bb-0310-9956-ffa450edef68

autoconf tools (AC_CHECK_HEADER, AC_CHECK_LIB etc).

Submitted by: Geoff Thorpe <geoff@geoffthorpe.net>
Reviewed by: Madhu, Justin


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98999 13f79535-47bb-0310-9956-ffa450edef68

The porting of the code from mod_ssl 1.3.x was still incomplete, and depended
upon a complete implentation of apr_shm (hence pieces of code was #if 0'ed out).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98990 13f79535-47bb-0310-9956-ffa450edef68

  After discussions at length on dev@apr/httpd, it is determined that
  the older .dbg format symbols are not worth the interference with
  generating complete .pdb symbolic debugging databases.

  This patch further eliminates pdbtype:sept flags that interfere with
  deciphering local symbols and type information.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98970 13f79535-47bb-0310-9956-ffa450edef68

  DougM confirms Madhu's suspicions, this change was inadvertent.
  Reverting to no longer skip the first cert in the chain.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98896 13f79535-47bb-0310-9956-ffa450edef68

matter what. We now allow for the full range of APR mutex
locking mechanims to be used, while maintaining backwards
compatibility.

PR: 8122
Obtained from:
Submitted by:
Reviewed by:	William Rowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98771 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98747 13f79535-47bb-0310-9956-ffa450edef68

  After consultations on the APR list, it was decided that /map files are
  fairly redundant when you retain rich .pdb debugging symbol files.  We
  have rarely used them, and generally .dbg and .pdb files prove much more
  useful for the cases we have.

  While eliminating /map files, we are also shrinking the size of the .dbg
  files by stripping 'private' symbol information.  Really this means less
  rich diagnostics from Dr. Watson on NT or Win9x when they query the .dbg
  symbols in creating a DrWatson log file.  But it's more than compensated
  for on newer OS'es where Dr. Watson will query the .pdb symbols, on all
  Win32 flavors when WinDbg is used with the .pdb symbols, and the fact that
  the distribution of binary symbols will use less bandwidth when less
  information is duplicated from the .pdb format into the .dbg files.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98743 13f79535-47bb-0310-9956-ffa450edef68

  foo.dbgmark turned out to be the same 8.3 name as foo.dbg itself, which
  was badness.  Twist this puppy to .dbr, the only name I could invent that
  doesn't look like any database file extension I recall.

  It stands for .dbg rebased.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98712 13f79535-47bb-0310-9956-ffa450edef68

     and .dbg files (older debuggers and Dr. Watson-type utilities
     on WinNT or Win9x don't support the newer .pdb flavor.)
     [Allen Edwards, William Rowe]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98596 13f79535-47bb-0310-9956-ffa450edef68

update license to 2003.

Happy New Year! ;-))


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98573 13f79535-47bb-0310-9956-ffa450edef68

  Omitted the commit log message from the last commit, sorry;

  Fix a nasty segfault, that there's a stack buffer we are trying to free!
  Revert this 'memory leak' patch from the 1.79 rev.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98430 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98429 13f79535-47bb-0310-9956-ffa450edef68

  Catch up with the changes to apr/build/win32ver.awk and name all loadable
  httpd modules as .so, internally.  Credit to Mladen Turk for identifing
  the issue.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98380 13f79535-47bb-0310-9956-ffa450edef68