Tree - rpms/httpd - CentOS Git server

rpms / httpd

Blame SOURCES/httpd-2.4.6-r1811976.patch

Blob History Raw

		8335b1	`diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en`
		8335b1	`index 98540cd..4580f1c 100644`
		8335b1	`--- a/docs/manual/mod/mod_ssl.html.en`
		8335b1	`+++ b/docs/manual/mod/mod_ssl.html.en`
		8335b1	`@@ -197,6 +197,12 @@ the SSLOptions directiv`
		8335b1	`first (or only) attribute of any DN is added only under a non-suffixed`
		8335b1	`name; i.e. no _0 suffixed entries are added.`
		8335b1
		8335b1	`+The _RAW suffix may now be added to mod_ssl DN variable names`
		8335b1	`+(such as SSL_CLIENT_I_O_RAW). When this suffix is used, conversion`
		8335b1	`+of certificate name attributes to UTF-8 is omitted. This allows variable`
		8335b1	`+lookups and comparisons for certificates with incorrectly tagged name`
		8335b1	`+attributes.`
		8335b1	`+`
		8335b1	`The format of the *_DN variables has changed in Apache HTTPD`
		8335b1	`2.3.11. See the LegacyDNStringFormat option for`
		8335b1	`SSLOptions for details.`
		8335b1	`@@ -861,7 +867,7 @@ SSLEngine on`
		8335b1	`</VirtualHost>`
		8335b1
		8335b1
		8335b1	`-In Apache 2.1 and later, SSLEngine can be set to`
		8335b1	`+In httpd 2.2.0 and later, SSLEngine can be set to`
		8335b1	`optional. This enables support for`
		8335b1	`RFC 2817, Upgrading to TLS`
		8335b1	`Within HTTP/1.1. At this time no web browsers support RFC 2817.`
		8335b1	`diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c`
		8335b1	`index 2b7c9ba..e25a6d4 100644`
		8335b1	`--- a/modules/ssl/ssl_engine_vars.c`
		8335b1	`+++ b/modules/ssl/ssl_engine_vars.c`
		8335b1	`@@ -41,7 +41,7 @@`
		8335b1
		8335b1	`static char ssl_var_lookup_ssl(apr_pool_t p, conn_rec c, request_rec r, char *var);`
		8335b1	`static char ssl_var_lookup_ssl_cert(apr_pool_t p, request_rec r, X509 xs, char *var);`
		8335b1	`-static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME xsname, char var);`
		8335b1	`+static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME xsname, const char var);`
		8335b1	`static char ssl_var_lookup_ssl_cert_san(apr_pool_t p, X509 xs, char var);`
		8335b1	`static char ssl_var_lookup_ssl_cert_valid(apr_pool_t p, ASN1_TIME *tm);`
		8335b1	`static char ssl_var_lookup_ssl_cert_remain(apr_pool_t p, ASN1_TIME *tm);`
		8335b1	`@@ -562,15 +562,23 @@ static const struct {`
		8335b1	`{ NULL, 0, 0 }`
		8335b1	`};`
		8335b1
		8335b1	`-static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME xsname, char var)`
		8335b1	`+static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME *xsname,`
		8335b1	`+ const char *var)`
		8335b1	`{`
		8335b1	`- char result, ptr;`
		8335b1	`+ const char *ptr;`
		8335b1	`+ char *result;`
		8335b1	`X509_NAME_ENTRY *xsne;`
		8335b1	`- int i, j, n, idx = 0;`
		8335b1	`+ int i, j, n, idx = 0, raw = 0;`
		8335b1	`apr_size_t varlen;`
		8335b1
		8335b1	`+ ptr = ap_strrchr_c(var, '_');`
		8335b1	`+ if (ptr && ptr > var && strcmp(ptr + 1, "RAW") == 0) {`
		8335b1	`+ var = apr_pstrmemdup(p, var, ptr - var);`
		8335b1	`+ raw = 1;`
		8335b1	`+ }`
		8335b1	`+`
		8335b1	`/* if an _N suffix is used, find the Nth attribute of given name */`
		8335b1	`- ptr = strchr(var, '_');`
		8335b1	`+ ptr = ap_strchr_c(var, '_');`
		8335b1	`if (ptr != NULL && strspn(ptr + 1, "0123456789") == strlen(ptr + 1)) {`
		8335b1	`idx = atoi(ptr + 1);`
		8335b1	`varlen = ptr - var;`
		8335b1	`@@ -592,7 +600,7 @@ static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME xsname, char `
		8335b1	`n =OBJ_obj2nid((ASN1_OBJECT *)X509_NAME_ENTRY_get_object(xsne));`
		8335b1
		8335b1	`if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid && idx-- == 0) {`
		8335b1	`- result = SSL_X509_NAME_ENTRY_to_string(p, xsne);`
		8335b1	`+ result = SSL_X509_NAME_ENTRY_to_string(p, xsne, raw);`
		8335b1	`break;`
		8335b1	`}`
		8335b1	`}`
		8335b1	`@@ -897,7 +905,7 @@ static void extract_dn(apr_table_t t, apr_hash_t nids, const char *pfx,`
		8335b1	`apr_hash_set(count, &nid, sizeof nid, dup);`
		8335b1	`key = apr_pstrcat(p, pfx, tag, NULL);`
		8335b1	`}`
		8335b1	`- value = SSL_X509_NAME_ENTRY_to_string(p, xsne);`
		8335b1	`+ value = SSL_X509_NAME_ENTRY_to_string(p, xsne, 0);`
		8335b1	`apr_table_setn(t, key, value);`
		8335b1	`}`
		8335b1	`}`
		8335b1	`diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c`
		8335b1	`index 09a9877..fbd701f 100644`
		8335b1	`--- a/modules/ssl/ssl_util_ssl.c`
		8335b1	`+++ b/modules/ssl/ssl_util_ssl.c`
		8335b1	`@@ -236,18 +236,21 @@ BOOL SSL_X509_getBC(X509 cert, int ca, int *pathlen)`
		8335b1	`return TRUE;`
		8335b1	`}`
		8335b1
		8335b1	`-/* convert an ASN.1 string to a UTF-8 string (escaping control characters) */`
		8335b1	`-char SSL_ASN1_STRING_to_utf8(apr_pool_t p, ASN1_STRING *asn1str)`
		8335b1	`+/* Convert ASN.1 string to a pool-allocated char * string, escaping`
		8335b1	`+ * control characters. If raw is zero, convert to UTF-8, otherwise`
		8335b1	`+ * unchanged from the character set. */`
		8335b1	`+char SSL_ASN1_STRING_convert(apr_pool_t p, ASN1_STRING *asn1str, int raw)`
		8335b1	`{`
		8335b1	`char *result = NULL;`
		8335b1	`BIO *bio;`
		8335b1	`- int len;`
		8335b1	`+ int len, flags = ASN1_STRFLGS_ESC_CTRL;`
		8335b1
		8335b1	`if ((bio = BIO_new(BIO_s_mem())) == NULL)`
		8335b1	`return NULL;`
		8335b1
		8335b1	`- ASN1_STRING_print_ex(bio, asn1str, ASN1_STRFLGS_ESC_CTRL\|`
		8335b1	`- ASN1_STRFLGS_UTF8_CONVERT);`
		8335b1	`+ if (!raw) flags \|= ASN1_STRFLGS_UTF8_CONVERT;`
		8335b1	`+`
		8335b1	`+ ASN1_STRING_print_ex(bio, asn1str, flags);`
		8335b1	`len = BIO_pending(bio);`
		8335b1	`if (len > 0) {`
		8335b1	`result = apr_palloc(p, len+1);`
		8335b1	`@@ -258,10 +261,13 @@ char SSL_ASN1_STRING_to_utf8(apr_pool_t p, ASN1_STRING *asn1str)`
		8335b1	`return result;`
		8335b1	`}`
		8335b1
		8335b1	`+#define SSL_ASN1_STRING_to_utf8(p, a) SSL_ASN1_STRING_convert(p, a, 0)`
		8335b1	`+`
		8335b1	`/* convert a NAME_ENTRY to UTF8 string */`
		8335b1	`-char SSL_X509_NAME_ENTRY_to_string(apr_pool_t p, X509_NAME_ENTRY *xsne)`
		8335b1	`+char SSL_X509_NAME_ENTRY_to_string(apr_pool_t p, X509_NAME_ENTRY *xsne,`
		8335b1	`+ int raw)`
		8335b1	`{`
		8335b1	`- char *result = SSL_ASN1_STRING_to_utf8(p, X509_NAME_ENTRY_get_data(xsne));`
		8335b1	`+ char *result = SSL_ASN1_STRING_convert(p, X509_NAME_ENTRY_get_data(xsne), raw);`
		8335b1	`ap_xlate_proto_from_ascii(result, len);`
		8335b1	`return result;`
		8335b1	`}`
		8335b1	`@@ -414,7 +420,7 @@ BOOL SSL_X509_getIDs(apr_pool_t p, X509 x509, apr_array_header_t **ids)`
		8335b1	`subj = X509_get_subject_name(x509);`
		8335b1	`while ((i = X509_NAME_get_index_by_NID(subj, NID_commonName, i)) != -1) {`
		8335b1	`APR_ARRAY_PUSH(ids, const char ) =`
		8335b1	`- SSL_X509_NAME_ENTRY_to_string(p, X509_NAME_get_entry(subj, i));`
		8335b1	`+ SSL_X509_NAME_ENTRY_to_string(p, X509_NAME_get_entry(subj, i), 0);`
		8335b1	`}`
		8335b1
		8335b1	`return apr_is_empty_array(*ids) ? FALSE : TRUE;`
		8335b1	`diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h`
		8335b1	`index be07ab7..611957e 100644`
		8335b1	`--- a/modules/ssl/ssl_util_ssl.h`
		8335b1	`+++ b/modules/ssl/ssl_util_ssl.h`
		8335b1	`@@ -65,8 +65,8 @@ EVP_PKEY SSL_read_PrivateKey(char , EVP_PKEY *, pem_password_cb , void *);`
		8335b1	`int SSL_smart_shutdown(SSL *ssl);`
		8335b1	`BOOL SSL_X509_isSGC(X509 *);`
		8335b1	`BOOL SSL_X509_getBC(X509 , int , int *);`
		8335b1	`-char SSL_ASN1_STRING_to_utf8(apr_pool_t , ASN1_STRING *);`
		8335b1	`-char SSL_X509_NAME_ENTRY_to_string(apr_pool_t p, X509_NAME_ENTRY *xsne);`
		8335b1	`+char SSL_ASN1_STRING_to_utf8(apr_pool_t , ASN1_STRING *, int raw);`
		8335b1	`+char SSL_X509_NAME_ENTRY_to_string(apr_pool_t p, X509_NAME_ENTRY *xsne, int raw);`
		8335b1	`char SSL_X509_NAME_to_string(apr_pool_t , X509_NAME *, int);`
		8335b1	`BOOL SSL_X509_getSAN(apr_pool_t , X509 , int, const char , int, apr_array_header_t *);`
		8335b1	`BOOL SSL_X509_getIDs(apr_pool_t , X509 , apr_array_header_t **);`

rpms / httpd

Source Code

Blame SOURCES/httpd-2.4.6-r1811976.patch