diff --git a/httpd-2.4.38-r1830819+.patch b/httpd-2.4.38-r1830819+.patch index 01027ce..7df5ff6 100644 --- a/httpd-2.4.38-r1830819+.patch +++ b/httpd-2.4.38-r1830819+.patch @@ -11,9 +11,9 @@ http://svn.apache.org/viewvc?view=revision&revision=1835242 diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index d276fea..5467d23 100644 ---- a/modules/ssl/ssl_engine_config.c -+++ b/modules/ssl/ssl_engine_config.c -@@ -919,7 +919,9 @@ const char *ssl_cmd_SSLCertificateFile(cmd_parms *cmd, +--- httpd-2.4.38/modules/ssl/ssl_engine_config.c.r1830819+ ++++ httpd-2.4.38/modules/ssl/ssl_engine_config.c +@@ -916,7 +916,9 @@ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; @@ -24,7 +24,7 @@ index d276fea..5467d23 100644 return err; } -@@ -935,7 +937,9 @@ const char *ssl_cmd_SSLCertificateKeyFile(cmd_parms *cmd, +@@ -932,7 +934,9 @@ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); const char *err; @@ -35,11 +35,9 @@ index d276fea..5467d23 100644 return err; } -diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c -index 8ba3486..e1b0844 100644 ---- a/modules/ssl/ssl_engine_init.c -+++ b/modules/ssl/ssl_engine_init.c -@@ -1264,12 +1264,18 @@ static apr_status_t ssl_init_server_certs(server_rec *s, +--- httpd-2.4.38/modules/ssl/ssl_engine_init.c.r1830819+ ++++ httpd-2.4.38/modules/ssl/ssl_engine_init.c +@@ -1228,12 +1228,18 @@ (certfile = APR_ARRAY_IDX(mctx->pks->cert_files, i, const char *)); i++) { @@ -59,7 +57,7 @@ index 8ba3486..e1b0844 100644 if ((SSL_CTX_use_certificate_file(mctx->ssl_ctx, certfile, SSL_FILETYPE_PEM) < 1)) { ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02561) -@@ -1298,12 +1304,46 @@ static apr_status_t ssl_init_server_certs(server_rec *s, +@@ -1262,12 +1268,46 @@ ERR_clear_error(); @@ -111,7 +109,7 @@ index 8ba3486..e1b0844 100644 const unsigned char *ptr; ERR_clear_error(); -@@ -1390,8 +1430,9 @@ static apr_status_t ssl_init_server_certs(server_rec *s, +@@ -1354,8 +1394,9 @@ /* * Try to read DH parameters from the (first) SSLCertificateFile */ @@ -123,7 +121,7 @@ index 8ba3486..e1b0844 100644 SSL_CTX_set_tmp_dh(mctx->ssl_ctx, dhparams); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02540) "Custom DH parameters (%d bits) for %s loaded from %s", -@@ -1403,10 +1444,10 @@ static apr_status_t ssl_init_server_certs(server_rec *s, +@@ -1367,10 +1408,10 @@ /* * Similarly, try to read the ECDH curve name from SSLCertificateFile... */ @@ -138,11 +136,9 @@ index 8ba3486..e1b0844 100644 SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02541) "ECDH curve %s for %s specified in %s", -diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c -index 8c29443..d5d33f7 100644 ---- a/modules/ssl/ssl_engine_pphrase.c -+++ b/modules/ssl/ssl_engine_pphrase.c -@@ -143,8 +143,6 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, +--- httpd-2.4.38/modules/ssl/ssl_engine_pphrase.c.r1830819+ ++++ httpd-2.4.38/modules/ssl/ssl_engine_pphrase.c +@@ -143,8 +143,6 @@ const char *key_id = asn1_table_vhost_key(mc, p, sc->vhost_id, idx); EVP_PKEY *pPrivateKey = NULL; ssl_asn1_t *asn1; @@ -151,7 +147,16 @@ index 8c29443..d5d33f7 100644 int nPassPhrase = (*pphrases)->nelts; int nPassPhraseRetry = 0; apr_time_t pkey_mtime = 0; -@@ -351,19 +349,12 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *s, apr_pool_t *p, int idx, +@@ -221,7 +219,7 @@ + * is not empty. */ + ERR_clear_error(); + +- pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file, NULL, ++ pPrivateKey = modssl_read_privatekey(ppcb_arg.pkey_file, + ssl_pphrase_Handle_CB, &ppcb_arg); + /* If the private key was successfully read, nothing more to + do here. */ +@@ -351,19 +349,12 @@ nPassPhrase++; } @@ -174,7 +179,7 @@ index 8c29443..d5d33f7 100644 asn1->source_mtime = pkey_mtime; } -@@ -614,3 +605,288 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv) +@@ -614,3 +605,288 @@ */ return (len); } @@ -463,11 +468,9 @@ index 8c29443..d5d33f7 100644 + return APR_SUCCESS; +} +#endif -diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h -index f46814d..1fdde13 100644 ---- a/modules/ssl/ssl_private.h -+++ b/modules/ssl/ssl_private.h -@@ -1002,21 +1002,28 @@ BOOL ssl_util_vhost_matches(const char *servername, server_rec *s); +--- httpd-2.4.38/modules/ssl/ssl_private.h.r1830819+ ++++ httpd-2.4.38/modules/ssl/ssl_private.h +@@ -1002,21 +1002,28 @@ apr_status_t ssl_load_encrypted_pkey(server_rec *, apr_pool_t *, int, const char *, apr_array_header_t **); @@ -505,7 +508,7 @@ index f46814d..1fdde13 100644 /** Mutex Support */ int ssl_mutex_init(server_rec *, apr_pool_t *); -@@ -1109,6 +1116,10 @@ int modssl_request_is_tls(const request_rec *r, SSLConnRec **sslconn); +@@ -1109,6 +1116,10 @@ int ssl_is_challenge(conn_rec *c, const char *servername, X509 **pcert, EVP_PKEY **pkey); @@ -516,11 +519,9 @@ index f46814d..1fdde13 100644 #endif /* SSL_PRIVATE_H */ /** @} */ -diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c -index 0d23465..223b385 100644 ---- a/modules/ssl/ssl_util.c -+++ b/modules/ssl/ssl_util.c -@@ -192,45 +192,37 @@ BOOL ssl_util_path_check(ssl_pathcheck_t pcm, const char *path, apr_pool_t *p) +--- httpd-2.4.38/modules/ssl/ssl_util.c.r1830819+ ++++ httpd-2.4.38/modules/ssl/ssl_util.c +@@ -192,45 +192,37 @@ return TRUE; } @@ -582,7 +583,7 @@ index 0d23465..223b385 100644 } ssl_asn1_t *ssl_asn1_table_get(apr_hash_t *table, -@@ -480,3 +472,13 @@ void ssl_util_thread_id_setup(apr_pool_t *p) +@@ -480,3 +472,13 @@ } #endif /* #if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API */ @@ -596,11 +597,9 @@ index 0d23465..223b385 100644 + return 0; +#endif +} -diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c -index b7f0eca..4fa089b 100644 ---- a/modules/ssl/ssl_util_ssl.c -+++ b/modules/ssl/ssl_util_ssl.c -@@ -74,7 +74,7 @@ void modssl_set_app_data2(SSL *ssl, void *arg) +--- httpd-2.4.38/modules/ssl/ssl_util_ssl.c.r1830819+ ++++ httpd-2.4.38/modules/ssl/ssl_util_ssl.c +@@ -74,7 +74,7 @@ ** _________________________________________________________________ */ @@ -609,7 +608,7 @@ index b7f0eca..4fa089b 100644 { EVP_PKEY *rc; BIO *bioS; -@@ -83,7 +83,7 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw +@@ -83,7 +83,7 @@ /* 1. try PEM (= DER+Base64+headers) */ if ((bioS=BIO_new_file(filename, "r")) == NULL) return NULL; @@ -618,7 +617,7 @@ index b7f0eca..4fa089b 100644 BIO_free(bioS); if (rc == NULL) { -@@ -107,41 +107,9 @@ EVP_PKEY *modssl_read_privatekey(const char* filename, EVP_PKEY **key, pem_passw +@@ -107,41 +107,9 @@ BIO_free(bioS); } } @@ -660,10 +659,8 @@ index b7f0eca..4fa089b 100644 /* _________________________________________________________________ ** ** Smart shutdown -diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h -index c67dacf..d6307d9 100644 ---- a/modules/ssl/ssl_util_ssl.h -+++ b/modules/ssl/ssl_util_ssl.h +--- httpd-2.4.38/modules/ssl/ssl_util_ssl.h.r1830819+ ++++ httpd-2.4.38/modules/ssl/ssl_util_ssl.h @@ -64,8 +64,11 @@ void modssl_init_app_data2_idx(void); void *modssl_get_app_data2(SSL *); diff --git a/httpd.spec b/httpd.spec index 6539e23..01c4dda 100644 --- a/httpd.spec +++ b/httpd.spec @@ -235,7 +235,7 @@ interface for storing and accessing per-user session data. %patch30 -p1 -b .cachehardmax #patch31 -p1 -b .sslmultiproxy %patch34 -p1 -b .socketactivation -#%patch36 -p1 -b .r1830819+ +%patch36 -p1 -b .r1830819+ %patch38 -p1 -b .sslciphdefault %patch39 -p1 -b .sslprotdefault