Skip to content
  1. May 27, 2003
  2. May 22, 2003
    • William A. Rowe Jr's avatar
      · 7b196d24
      William A. Rowe Jr authored
        The patch below reverts the prior commit to eliminate SSL_set_state().
        Some additional work or research is required in order to pass the
        perl-framework regressions, but I don't have the cycles and don't
        care to leave the broken code in cvs HEAD.
      
      REVERTING: wrowe 2003/05/19 08:13:19
      
        Modified:    modules/ssl config.m4 ssl_engine_io.c ssl_engine_kernel.c
                              ssl_toolkit_compat.h
        Log:
          Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin
          rehandshaking the SSL connection, vis-a-vis ApacheSSL.
      
        Revision  Changes    Path
        1.15      +0 -1      httpd-2.0/modules/ssl/config.m4
        1.108     +1 -1      httpd-2.0/modules/ssl/ssl_engine_io.c
        1.93      +1 -1      httpd-2.0/modules/ssl/ssl_engine_kernel.c
        1.34      +0 -6      httpd-2.0/modules/ssl/ssl_toolkit_compat.h
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100004 13f79535-47bb-0310-9956-ffa450edef68
      7b196d24
  3. May 19, 2003
  4. May 16, 2003
  5. May 01, 2003
  6. Apr 06, 2003
  7. Apr 05, 2003
    • William A. Rowe Jr's avatar
      · 430e6606
      William A. Rowe Jr authored
        Solve SSL-C breakage introduced in mod_ssl.h rev 1.129 and
        ssl_engine_kernel.c rev 1.88.  SSL* is not const under SSL-C.
      
        I've confirmed Jeff's comment that the original patch doesn't harm
        earlier OpenSSL versions which declared no arguments at all.
      
        I suspect now that we could fold
           #define MODSSL_BIO_CB_ARG_TYPE const char
           #define MODSSL_CRYPTO_CB_ARG_TYPE const char
           #define MODSSL_INFO_CB_ARG_TYPE const SSL*
        into a single MODSSL_CB_ARG_CONST define, but this works for now.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99263 13f79535-47bb-0310-9956-ffa450edef68
      430e6606
    • William A. Rowe Jr's avatar
      · f0f89dbf
      William A. Rowe Jr authored
        Noop MS DevStudio IDE change
       to include ssl_toolkit_compat.h
        in the list of project headers.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99261 13f79535-47bb-0310-9956-ffa450edef68
      f0f89dbf
    • William A. Rowe Jr's avatar
      · 8f413882
      William A. Rowe Jr authored
        Have some consistency!  Fixes logic I introduced in 1.37.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99253 13f79535-47bb-0310-9956-ffa450edef68
      8f413882
    • William A. Rowe Jr's avatar
      · fb574408
      William A. Rowe Jr authored
        Reapply the fix *intended* by rev 1.79 in a safer manner.  Prior to
        all assignments and the final SSL_free(), free ssl_conn->client_cert
        to avoid leaks of this refcounted X509*.  Prereleasing refcounted
        objects is unsafe programming; fix applied to both branches.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99252 13f79535-47bb-0310-9956-ffa450edef68
      fb574408
    • William A. Rowe Jr's avatar
      · fbf92085
      William A. Rowe Jr authored
        EVP_PKEY_free() is refcounted on OpenSSL, but NOT under RSA SSL-C.
        Eliminate a number of test failures by conditionally reverting rev 1.79
        pubkey handling in ssl_engine_kernel.c, except under OpenSSL.
      
        Also revert a rev 1.79 bogisity for all toolkits; it's entirely bogus
        to release a refcount after setting aside the results in a persistant
        structure, in this case sslconn->client_cert from SSL_get_peer_certificate()
        mustn't be freed while sslconn is still in play.  The proper patch (not
        written yet) is to invoke the X509_free(sslconn->client_cert) when we
        cleanup the sslconn structure.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99250 13f79535-47bb-0310-9956-ffa450edef68
      fbf92085
    • William A. Rowe Jr's avatar
      · b97742be
      William A. Rowe Jr authored
        A cosmetic change to 1.79 - a real X509 *cert is in play, don't use
        that same variable to retrieve/release the quick lookup and discard
        of the peercert.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99244 13f79535-47bb-0310-9956-ffa450edef68
      b97742be
  8. Apr 04, 2003
  9. Apr 03, 2003
  10. Mar 31, 2003
  11. Mar 29, 2003
  12. Mar 28, 2003
  13. Mar 27, 2003
    • William A. Rowe Jr's avatar
      · ee2c7f6f
      William A. Rowe Jr authored
        Addendum to r1.21... I missed the fact that we blew away the init
        complete state too early in ssl_init_Module().
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99096 13f79535-47bb-0310-9956-ffa450edef68
      ee2c7f6f
    • William A. Rowe Jr's avatar
      · 3fc4bea7
      William A. Rowe Jr authored
        Fix a serious bug where the 'next' generation of the server would open
        a brand new mutex.  This patch creates a single mutex in the first config
        phase that survives for the life of the server (server->process->pool).
      
        Now one server generation to the next will respect the same mutex between
        one another, while the previous generation is still mopping up.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99095 13f79535-47bb-0310-9956-ffa450edef68
      3fc4bea7
    • William A. Rowe Jr's avatar
      · fcbf42f4
      William A. Rowe Jr authored
        Allow any mutex to accept a 'filename' ... and always root it to the
        server root unless we are using posixsem, which can't handle big paths.
        This reorganization should make the code much more readable because
        all of the common code is at the beginning and end of the function,
        simplifing the long conditional test case block.
      
        This patch allows SSLMutex default:logs/ssl_mutex syntax.  It also
        removes the mod_ssl historical '.pid' suffixes - that isn't how Apache2
        specifies files.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99094 13f79535-47bb-0310-9956-ffa450edef68
      fcbf42f4
  14. Mar 26, 2003
  15. Mar 14, 2003
  16. Mar 13, 2003
  17. Mar 12, 2003
  18. Mar 11, 2003
    • William A. Rowe Jr's avatar
      · 18e49f9b
      William A. Rowe Jr authored
        After discussions at length on dev@apr/httpd, it is determined that
        the older .dbg format symbols are not worth the interference with
        generating complete .pdb symbolic debugging databases.
      
        This patch further eliminates pdbtype:sept flags that interfere with
        deciphering local symbols and type information.
      
      
      git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98970 13f79535-47bb-0310-9956-ffa450edef68
      18e49f9b
  19. Mar 06, 2003
  20. Feb 23, 2003
  21. Feb 21, 2003