Tree - rpms/httpd - CentOS Git server

rpms / httpd

Blame SOURCES/httpd-2.4.6-r1811976.patch

Blob History Raw

		41a6c3	`diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en`
		41a6c3	`index 98540cd..4580f1c 100644`
		41a6c3	`--- a/docs/manual/mod/mod_ssl.html.en`
		41a6c3	`+++ b/docs/manual/mod/mod_ssl.html.en`
		41a6c3	`@@ -197,6 +197,12 @@ the SSLOptions directiv`
		41a6c3	`first (or only) attribute of any DN is added only under a non-suffixed`
		41a6c3	`name; i.e. no _0 suffixed entries are added.`
		41a6c3
		41a6c3	`+The _RAW suffix may now be added to mod_ssl DN variable names`
		41a6c3	`+(such as SSL_CLIENT_I_O_RAW). When this suffix is used, conversion`
		41a6c3	`+of certificate name attributes to UTF-8 is omitted. This allows variable`
		41a6c3	`+lookups and comparisons for certificates with incorrectly tagged name`
		41a6c3	`+attributes.`
		41a6c3	`+`
		41a6c3	`The format of the *_DN variables has changed in Apache HTTPD`
		41a6c3	`2.3.11. See the LegacyDNStringFormat option for`
		41a6c3	`SSLOptions for details.`
		41a6c3	`@@ -861,7 +867,7 @@ SSLEngine on`
		41a6c3	`</VirtualHost>`
		41a6c3
		41a6c3
		41a6c3	`-In Apache 2.1 and later, SSLEngine can be set to`
		41a6c3	`+In httpd 2.2.0 and later, SSLEngine can be set to`
		41a6c3	`optional. This enables support for`
		41a6c3	`RFC 2817, Upgrading to TLS`
		41a6c3	`Within HTTP/1.1. At this time no web browsers support RFC 2817.`
		41a6c3	`diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c`
		41a6c3	`index 2b7c9ba..e25a6d4 100644`
		41a6c3	`--- a/modules/ssl/ssl_engine_vars.c`
		41a6c3	`+++ b/modules/ssl/ssl_engine_vars.c`
		41a6c3	`@@ -41,7 +41,7 @@`
		41a6c3
		41a6c3	`static char ssl_var_lookup_ssl(apr_pool_t p, conn_rec c, request_rec r, char *var);`
		41a6c3	`static char ssl_var_lookup_ssl_cert(apr_pool_t p, request_rec r, X509 xs, char *var);`
		41a6c3	`-static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME xsname, char var);`
		41a6c3	`+static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME xsname, const char var);`
		41a6c3	`static char ssl_var_lookup_ssl_cert_san(apr_pool_t p, X509 xs, char var);`
		41a6c3	`static char ssl_var_lookup_ssl_cert_valid(apr_pool_t p, ASN1_TIME *tm);`
		41a6c3	`static char ssl_var_lookup_ssl_cert_remain(apr_pool_t p, ASN1_TIME *tm);`
		41a6c3	`@@ -562,15 +562,23 @@ static const struct {`
		41a6c3	`{ NULL, 0, 0 }`
		41a6c3	`};`
		41a6c3
		41a6c3	`-static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME xsname, char var)`
		41a6c3	`+static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME *xsname,`
		41a6c3	`+ const char *var)`
		41a6c3	`{`
		41a6c3	`- char result, ptr;`
		41a6c3	`+ const char *ptr;`
		41a6c3	`+ char *result;`
		41a6c3	`X509_NAME_ENTRY *xsne;`
		41a6c3	`- int i, j, n, idx = 0;`
		41a6c3	`+ int i, j, n, idx = 0, raw = 0;`
		41a6c3	`apr_size_t varlen;`
		41a6c3
		41a6c3	`+ ptr = ap_strrchr_c(var, '_');`
		41a6c3	`+ if (ptr && ptr > var && strcmp(ptr + 1, "RAW") == 0) {`
		41a6c3	`+ var = apr_pstrmemdup(p, var, ptr - var);`
		41a6c3	`+ raw = 1;`
		41a6c3	`+ }`
		41a6c3	`+`
		41a6c3	`/* if an _N suffix is used, find the Nth attribute of given name */`
		41a6c3	`- ptr = strchr(var, '_');`
		41a6c3	`+ ptr = ap_strchr_c(var, '_');`
		41a6c3	`if (ptr != NULL && strspn(ptr + 1, "0123456789") == strlen(ptr + 1)) {`
		41a6c3	`idx = atoi(ptr + 1);`
		41a6c3	`varlen = ptr - var;`
		41a6c3	`@@ -592,7 +600,7 @@ static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME xsname, char `
		41a6c3	`n =OBJ_obj2nid((ASN1_OBJECT *)X509_NAME_ENTRY_get_object(xsne));`
		41a6c3
		41a6c3	`if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid && idx-- == 0) {`
		41a6c3	`- result = SSL_X509_NAME_ENTRY_to_string(p, xsne);`
		41a6c3	`+ result = SSL_X509_NAME_ENTRY_to_string(p, xsne, raw);`
		41a6c3	`break;`
		41a6c3	`}`
		41a6c3	`}`
		41a6c3	`@@ -897,7 +905,7 @@ static void extract_dn(apr_table_t t, apr_hash_t nids, const char *pfx,`
		41a6c3	`apr_hash_set(count, &nid, sizeof nid, dup);`
		41a6c3	`key = apr_pstrcat(p, pfx, tag, NULL);`
		41a6c3	`}`
		41a6c3	`- value = SSL_X509_NAME_ENTRY_to_string(p, xsne);`
		41a6c3	`+ value = SSL_X509_NAME_ENTRY_to_string(p, xsne, 0);`
		41a6c3	`apr_table_setn(t, key, value);`
		41a6c3	`}`
		41a6c3	`}`
		41a6c3	`diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c`
		41a6c3	`index 09a9877..fbd701f 100644`
		41a6c3	`--- a/modules/ssl/ssl_util_ssl.c`
		41a6c3	`+++ b/modules/ssl/ssl_util_ssl.c`
		41a6c3	`@@ -236,18 +236,21 @@ BOOL SSL_X509_getBC(X509 cert, int ca, int *pathlen)`
		41a6c3	`return TRUE;`
		41a6c3	`}`
		41a6c3
		41a6c3	`-/* convert an ASN.1 string to a UTF-8 string (escaping control characters) */`
		41a6c3	`-char SSL_ASN1_STRING_to_utf8(apr_pool_t p, ASN1_STRING *asn1str)`
		41a6c3	`+/* Convert ASN.1 string to a pool-allocated char * string, escaping`
		41a6c3	`+ * control characters. If raw is zero, convert to UTF-8, otherwise`
		41a6c3	`+ * unchanged from the character set. */`
		41a6c3	`+char SSL_ASN1_STRING_convert(apr_pool_t p, ASN1_STRING *asn1str, int raw)`
		41a6c3	`{`
		41a6c3	`char *result = NULL;`
		41a6c3	`BIO *bio;`
		41a6c3	`- int len;`
		41a6c3	`+ int len, flags = ASN1_STRFLGS_ESC_CTRL;`
		41a6c3
		41a6c3	`if ((bio = BIO_new(BIO_s_mem())) == NULL)`
		41a6c3	`return NULL;`
		41a6c3
		41a6c3	`- ASN1_STRING_print_ex(bio, asn1str, ASN1_STRFLGS_ESC_CTRL\|`
		41a6c3	`- ASN1_STRFLGS_UTF8_CONVERT);`
		41a6c3	`+ if (!raw) flags \|= ASN1_STRFLGS_UTF8_CONVERT;`
		41a6c3	`+`
		41a6c3	`+ ASN1_STRING_print_ex(bio, asn1str, flags);`
		41a6c3	`len = BIO_pending(bio);`
		41a6c3	`if (len > 0) {`
		41a6c3	`result = apr_palloc(p, len+1);`
		41a6c3	`@@ -258,10 +261,13 @@ char SSL_ASN1_STRING_to_utf8(apr_pool_t p, ASN1_STRING *asn1str)`
		41a6c3	`return result;`
		41a6c3	`}`
		41a6c3
		41a6c3	`+#define SSL_ASN1_STRING_to_utf8(p, a) SSL_ASN1_STRING_convert(p, a, 0)`
		41a6c3	`+`
		41a6c3	`/* convert a NAME_ENTRY to UTF8 string */`
		41a6c3	`-char SSL_X509_NAME_ENTRY_to_string(apr_pool_t p, X509_NAME_ENTRY *xsne)`
		41a6c3	`+char SSL_X509_NAME_ENTRY_to_string(apr_pool_t p, X509_NAME_ENTRY *xsne,`
		41a6c3	`+ int raw)`
		41a6c3	`{`
		41a6c3	`- char *result = SSL_ASN1_STRING_to_utf8(p, X509_NAME_ENTRY_get_data(xsne));`
		41a6c3	`+ char *result = SSL_ASN1_STRING_convert(p, X509_NAME_ENTRY_get_data(xsne), raw);`
		41a6c3	`ap_xlate_proto_from_ascii(result, len);`
		41a6c3	`return result;`
		41a6c3	`}`
		41a6c3	`@@ -414,7 +420,7 @@ BOOL SSL_X509_getIDs(apr_pool_t p, X509 x509, apr_array_header_t **ids)`
		41a6c3	`subj = X509_get_subject_name(x509);`
		41a6c3	`while ((i = X509_NAME_get_index_by_NID(subj, NID_commonName, i)) != -1) {`
		41a6c3	`APR_ARRAY_PUSH(ids, const char ) =`
		41a6c3	`- SSL_X509_NAME_ENTRY_to_string(p, X509_NAME_get_entry(subj, i));`
		41a6c3	`+ SSL_X509_NAME_ENTRY_to_string(p, X509_NAME_get_entry(subj, i), 0);`
		41a6c3	`}`
		41a6c3
		41a6c3	`return apr_is_empty_array(*ids) ? FALSE : TRUE;`
		41a6c3	`diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h`
		41a6c3	`index be07ab7..611957e 100644`
		41a6c3	`--- a/modules/ssl/ssl_util_ssl.h`
		41a6c3	`+++ b/modules/ssl/ssl_util_ssl.h`
		41a6c3	`@@ -65,8 +65,8 @@ EVP_PKEY SSL_read_PrivateKey(char , EVP_PKEY *, pem_password_cb , void *);`
		41a6c3	`int SSL_smart_shutdown(SSL *ssl);`
		41a6c3	`BOOL SSL_X509_isSGC(X509 *);`
		41a6c3	`BOOL SSL_X509_getBC(X509 , int , int *);`
		41a6c3	`-char SSL_ASN1_STRING_to_utf8(apr_pool_t , ASN1_STRING *);`
		41a6c3	`-char SSL_X509_NAME_ENTRY_to_string(apr_pool_t p, X509_NAME_ENTRY *xsne);`
		41a6c3	`+char SSL_ASN1_STRING_to_utf8(apr_pool_t , ASN1_STRING *, int raw);`
		41a6c3	`+char SSL_X509_NAME_ENTRY_to_string(apr_pool_t p, X509_NAME_ENTRY *xsne, int raw);`
		41a6c3	`char SSL_X509_NAME_to_string(apr_pool_t , X509_NAME *, int);`
		41a6c3	`BOOL SSL_X509_getSAN(apr_pool_t , X509 , int, const char , int, apr_array_header_t *);`
		41a6c3	`BOOL SSL_X509_getIDs(apr_pool_t , X509 , apr_array_header_t **);`

rpms / httpd

Source Code

Blame SOURCES/httpd-2.4.6-r1811976.patch