- Aug 05, 2003
-
-
William A. Rowe Jr authored
Although we initialize mc->pid in the child init phase, we haven't initialized it before initially performing our ssl_rand_seed() in the parent/postconfig phase. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100912 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 24, 2003
-
-
Joe Orton authored
function after mod_ssl is unloaded. * ssl_util.c (ssl_util_thread_cleanup): Clear the id_callback. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100767 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 21, 2003
-
-
Joe Orton authored
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Set aborted flag after renegotiation failure. * modules/ssl/ssl_engine_io.c (ssl_filter_write, ssl_io_filter_output): Don't dereference BIOs in filter_ctx when filter_ctx->pssl is NULL. (ssl_filter_io_shutdown): Set aborted flag on abortive shutdown. PR: 21370 Submitted by: Hartmut Keil <Hartmut.Keil@adnovum.ch> Cleaned up by: Jeff Trawick, Joe Orton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100720 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 14, 2003
-
-
Jeff Trawick authored
client certificate chain. PR: 21371 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100605 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
static string or something parsed from the config git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100603 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 09, 2003
-
-
Sander Striker authored
SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one could result in the weak ciphersuite being used in place of the strong one. [Ben Laurie] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100518 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 24, 2003
-
-
William A. Rowe Jr authored
Narrow the scope of several OPENSSL-specific setup and teardown calls to only OpenSSL based builds. Also introduce success result for the registered cleanup callback to clean up a compiler emit. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100348 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 20, 2003
-
-
Martin Kraemer authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100314 13f79535-47bb-0310-9956-ffa450edef68
-
Martin Kraemer authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100313 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 17, 2003
-
-
William A. Rowe Jr authored
Reaction to Jeff Trawick's observations that we are double-initializing dynalinked OpenSSL Engines and Configs. Move the library teardown code so that it is torn down in the proper order, corresponding to when the library itself was initialized. And leave a little reminder that some memory diagnostics would be good if OpenSSL is built for malloc debugging. Suggested by: Geoff Thorpe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100288 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 11, 2003
-
-
William A. Rowe Jr authored
OPENSSL_load_builtin_modules -appears- to have been introduced in beta-1, but boy is this a hassle to determine without gstein's viewcvs ;-) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100211 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 07, 2003
-
-
Jeff Trawick authored
unixd_set_global|proc_mutex_perms(). Allow the functions to be called for any type of mutex. This resolves a fatal problem with mod_rewrite on systems where APR uses flock-based mutex. It simplifies mod_ssl as well, which had special logic to perform the chown(). It fixed an init error with mod_ssl on systems where flock is used when the user had no SSLMutex directive. The Unix MPMs continue to call unixd_set_global|proc_mutex_perms() only for SysV sems. There is no permission problem with flock-based accept mutexes since the child init logic for the MPMs is done prior to switching identity. PR: 20312 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100189 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 02, 2003
-
-
William A. Rowe Jr authored
The right patch (thanks to Eric for identifying the wrong patch) to move SSL_library_init() into the register hooks phase. OpenSSL_add_ssl_algorithms devolves to SSL_library_init, which is the same for most toolkits (and would be accomodated in ssl_toolkit_config.h if not.) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100136 13f79535-47bb-0310-9956-ffa450edef68
-
- May 31, 2003
-
-
Justin Erenkrantz authored
No idea where this was seen, but OpenSSL 0.9.7b does not have this. This gets mod_ssl working again. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100122 13f79535-47bb-0310-9956-ffa450edef68
-
- May 30, 2003
-
-
William A. Rowe Jr authored
OpenSSL_add_all_algorithms is simply an alias for SSL_load_library. Note that the entire schema of what-we-load-how follows from OpenSSL 0.9.7's own apps/ example applications. More review is greatly desired, but that's where I believed I should start looking for the 'correct' order of operations. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100110 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Provide a far more useful explanation when SSLCryptoDevice fails to find a device. Still would be nice to implement dynamic:{options} but this gets us to display the usual, builtin devices. We now load builtin engines up front, in the pre_config phase, because this and any other config cmd processor must have an already valid library config. So loading builtin engines becomes redundant in this cmd handler. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100108 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Solve a pretty horrific bug in SSLCryptoDevice and other places where the config cmd processors should be examining the SSL context. We must initialize the SSL library before we can actually obtain any useful information from the SSL library. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100107 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Based on list discussion between myself and Geoff, it seems prudent to check for both the existence of the openssl/engine.h header file and some 'expected function' such as ENGINE_init() (better suggestions are welcome.) Also clear up some confusion; so long as we have ENGINE_load_builtin_engines() we should attempt to preload those. This patch protects all ENGINE-based code within the tests for the engine header and function, and changes a version test into a function test. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100104 13f79535-47bb-0310-9956-ffa450edef68
-
- May 27, 2003
-
-
William A. Rowe Jr authored
These tests now exist in acinclude.m4 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100041 13f79535-47bb-0310-9956-ffa450edef68
-
- May 22, 2003
-
-
William A. Rowe Jr authored
The patch below reverts the prior commit to eliminate SSL_set_state(). Some additional work or research is required in order to pass the perl-framework regressions, but I don't have the cycles and don't care to leave the broken code in cvs HEAD. REVERTING: wrowe 2003/05/19 08:13:19 Modified: modules/ssl config.m4 ssl_engine_io.c ssl_engine_kernel.c ssl_toolkit_compat.h Log: Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin rehandshaking the SSL connection, vis-a-vis ApacheSSL. Revision Changes Path 1.15 +0 -1 httpd-2.0/modules/ssl/config.m4 1.108 +1 -1 httpd-2.0/modules/ssl/ssl_engine_io.c 1.93 +1 -1 httpd-2.0/modules/ssl/ssl_engine_kernel.c 1.34 +0 -6 httpd-2.0/modules/ssl/ssl_toolkit_compat.h git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100004 13f79535-47bb-0310-9956-ffa450edef68
-
- May 19, 2003
-
-
William A. Rowe Jr authored
Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin rehandshaking the SSL connection, vis-a-vis ApacheSSL. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99921 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Drop archiac notes - no special steps required once we test for ENGINE_init() git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99920 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Roll away the SSL_EXPERIMENTAL_ENGINE test in favor of testing for the ENGINE_init() function in config.m4, and rely on HAVE_ENGINE_INIT instead. Reviewed by: Ben Laurie (concept) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99919 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
First point out that we lost HAVE_SSL_SET_STATE and HAVE_SSL_SET_CERT_STORE autoconf discovery. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99918 13f79535-47bb-0310-9956-ffa450edef68
-
- May 16, 2003
-
-
Justin Erenkrantz authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99879 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Why wouldn't this be a mod_ssl header? git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99871 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Assure that we block on the read BIO when we invoke the read BIO for both first-use cases (via ssl_io_input_add_filter) and when we are writing and need response from the client (via ssl_io_filter_output). Both of these cases are always blocking. [ PR: 19242 Submitted by: David Deaves <David.Deaves@dd.id.au>, William Rowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99863 13f79535-47bb-0310-9956-ffa450edef68
-
- May 01, 2003
-
-
Jeff Trawick authored
version this resolves some warnings with RH 8 (OpenSSL 0.9.6) and some errors with AIX's native compiler (OpenSSL 0.9.6) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99678 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 06, 2003
-
-
Justin Erenkrantz authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99279 13f79535-47bb-0310-9956-ffa450edef68
-
Justin Erenkrantz authored
MODSSL_INFO_CB_ARG_TYPE already includes 'SSL' in its type. Don't duplicate. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99278 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 05, 2003
-
-
William A. Rowe Jr authored
Solve SSL-C breakage introduced in mod_ssl.h rev 1.129 and ssl_engine_kernel.c rev 1.88. SSL* is not const under SSL-C. I've confirmed Jeff's comment that the original patch doesn't harm earlier OpenSSL versions which declared no arguments at all. I suspect now that we could fold #define MODSSL_BIO_CB_ARG_TYPE const char #define MODSSL_CRYPTO_CB_ARG_TYPE const char #define MODSSL_INFO_CB_ARG_TYPE const SSL* into a single MODSSL_CB_ARG_CONST define, but this works for now. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99263 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Noop MS DevStudio IDE change to include ssl_toolkit_compat.h in the list of project headers. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99261 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Have some consistency! Fixes logic I introduced in 1.37. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99253 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Reapply the fix *intended* by rev 1.79 in a safer manner. Prior to all assignments and the final SSL_free(), free ssl_conn->client_cert to avoid leaks of this refcounted X509*. Prereleasing refcounted objects is unsafe programming; fix applied to both branches. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99252 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
EVP_PKEY_free() is refcounted on OpenSSL, but NOT under RSA SSL-C. Eliminate a number of test failures by conditionally reverting rev 1.79 pubkey handling in ssl_engine_kernel.c, except under OpenSSL. Also revert a rev 1.79 bogisity for all toolkits; it's entirely bogus to release a refcount after setting aside the results in a persistant structure, in this case sslconn->client_cert from SSL_get_peer_certificate() mustn't be freed while sslconn is still in play. The proper patch (not written yet) is to invoke the X509_free(sslconn->client_cert) when we cleanup the sslconn structure. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99250 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
A cosmetic change to 1.79 - a real X509 *cert is in play, don't use that same variable to retrieve/release the quick lookup and discard of the peercert. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99244 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 04, 2003
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99202 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
(e.g., OpenSSL 0.9.7a and xlc_r on AIX). The OpenSSL info callback field changed recently from a generic function pointer to a specific one, and ssl_callback_LogTracingState wasn't quite right. old: ssl.h: void (*info_callback)(); new: ssl.h: void (*info_callback)(const SSL *ssl,int type,int val); git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99201 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 03, 2003
-
-
William A. Rowe Jr authored
Introduce a number of SSLC hints to mod_ssl, including the following type overrides; MODSSL_CLIENT_CERT_CB_ARG_TYPE MODSSL_PCHAR_CAST (for a host of non-void/const sslc values) modssl_read_bio_cb_fn (for several callbacks with same prototypes) Declare callback functions appropriately. And protect us from indetermineant toolkits with #error "Unrecognized SSL Toolkit!" git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99183 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
We presume to HAVE_OPENSSL - we were falling into the SSLC path :-( Win32 is non-autoconf git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99182 13f79535-47bb-0310-9956-ffa450edef68
-