Skip to content
  1. Oct 23, 2003
  3. Oct 22, 2003
  5. Sep 22, 2003
  7. Sep 10, 2003
  9. Sep 08, 2003
  11. Sep 03, 2003
  13. Aug 29, 2003
  15. Aug 12, 2003
  17. Aug 08, 2003
  19. Aug 07, 2003
  21. Aug 05, 2003
  23. Jul 24, 2003
  25. Jul 21, 2003
  27. Jul 14, 2003
  29. Jul 09, 2003
  31. Jun 24, 2003
  33. Jun 20, 2003
  35. Jun 17, 2003
    • William A. Rowe Jr's avatar
      · 425651c3
      William A. Rowe Jr authored 
        Reaction to Jeff Trawick's observations that we are double-initializing
  dynalinked OpenSSL Engines and Configs.  Move the library teardown code
  so that it is torn down in the proper order, corresponding to when the
  library itself was initialized.  And leave a little reminder that some
  memory diagnostics would be good if OpenSSL is built for malloc debugging.

Suggested by: Geoff Thorpe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100288 13f79535-47bb-0310-9956-ffa450edef68
      425651c3
  37. Jun 11, 2003
  39. Jun 07, 2003
    • Jeff Trawick's avatar
      Unix: Handle permissions settings for flock-based mutexes in · b149b152
      Jeff Trawick authored 
      unixd_set_global|proc_mutex_perms().  Allow the functions to be
called for any type of mutex.

This resolves a fatal problem with mod_rewrite on systems where
APR uses flock-based mutex.

It simplifies mod_ssl as well, which had special logic to perform
the chown().  It fixed an init error with mod_ssl on systems where
flock is used when the user had no SSLMutex directive.

The Unix MPMs continue to call unixd_set_global|proc_mutex_perms()
only for SysV sems.  There is no permission problem with flock-based
accept mutexes since the child init logic for the MPMs is done
prior to switching identity.

PR:              20312


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100189 13f79535-47bb-0310-9956-ffa450edef68
      b149b152
  41. Jun 02, 2003
    • William A. Rowe Jr's avatar
      · 5e3df0e9
      William A. Rowe Jr authored 
        The right patch (thanks to Eric for identifying the wrong patch) to move
  SSL_library_init() into the register hooks phase.  OpenSSL_add_ssl_algorithms
  devolves to SSL_library_init, which is the same for most toolkits (and would
  be accomodated in ssl_toolkit_config.h if not.)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100136 13f79535-47bb-0310-9956-ffa450edef68
      5e3df0e9
  43. May 31, 2003
  45. May 30, 2003
    • William A. Rowe Jr's avatar
      · c36eab60
      William A. Rowe Jr authored 
        OpenSSL_add_all_algorithms is simply an alias for SSL_load_library.

  Note that the entire schema of what-we-load-how follows from
  OpenSSL 0.9.7's own apps/ example applications.  More review
  is greatly desired, but that's where I believed I should
  start looking for the 'correct' order of operations.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100110 13f79535-47bb-0310-9956-ffa450edef68
      c36eab60
    • William A. Rowe Jr's avatar
      · bcf13856
      William A. Rowe Jr authored 
        Provide a far more useful explanation when SSLCryptoDevice fails to
  find a device.  Still would be nice to implement dynamic:{options}
  but this gets us to display the usual, builtin devices.

  We now load builtin engines up front, in the pre_config phase, because
  this and any other config cmd processor must have an already valid
  library config.  So loading builtin engines becomes redundant in this
  cmd handler.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100108 13f79535-47bb-0310-9956-ffa450edef68
      bcf13856
    • William A. Rowe Jr's avatar
      · 511e7ce1
      William A. Rowe Jr authored 
        Solve a pretty horrific bug in SSLCryptoDevice and other places where
  the config cmd processors should be examining the SSL context.  We must
  initialize the SSL library before we can actually obtain any useful
  information from the SSL library.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100107 13f79535-47bb-0310-9956-ffa450edef68
      511e7ce1
    • William A. Rowe Jr's avatar
      · dfcc4c1a
      William A. Rowe Jr authored 
        Based on list discussion between myself and Geoff, it seems prudent
  to check for both the existence of the openssl/engine.h header file
  and some 'expected function' such as ENGINE_init() (better suggestions
  are welcome.)  Also clear up some confusion; so long as we have
  ENGINE_load_builtin_engines() we should attempt to preload those.

  This patch protects all ENGINE-based code within the tests for the
  engine header and function, and changes a version test into a
  function test.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100104 13f79535-47bb-0310-9956-ffa450edef68
      dfcc4c1a
  47. May 27, 2003
  49. May 22, 2003
    • William A. Rowe Jr's avatar
      · 7b196d24
      William A. Rowe Jr authored 
        The patch below reverts the prior commit to eliminate SSL_set_state().
  Some additional work or research is required in order to pass the
  perl-framework regressions, but I don't have the cycles and don't
  care to leave the broken code in cvs HEAD.

REVERTING: wrowe 2003/05/19 08:13:19

  Modified:    modules/ssl config.m4 ssl_engine_io.c ssl_engine_kernel.c
                        ssl_toolkit_compat.h
  Log:
    Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin
    rehandshaking the SSL connection, vis-a-vis ApacheSSL.

  Revision  Changes    Path
  1.15      +0 -1      httpd-2.0/modules/ssl/config.m4
  1.108     +1 -1      httpd-2.0/modules/ssl/ssl_engine_io.c
  1.93      +1 -1      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  1.34      +0 -6      httpd-2.0/modules/ssl/ssl_toolkit_compat.h


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100004 13f79535-47bb-0310-9956-ffa450edef68
      7b196d24
  51. May 19, 2003
  53. May 16, 2003
  55. May 01, 2003
  57. Apr 06, 2003