diff --git a/httpd-2.4.7-sslsninotreq.patch b/httpd-2.4.7-sslsninotreq.patch index a5d124b..55d6fb3 100644 --- a/httpd-2.4.7-sslsninotreq.patch +++ b/httpd-2.4.7-sslsninotreq.patch @@ -1,2 +1,76 @@ -diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c -index 15993f1..53ed6f1 100644 + +--- httpd-2.4.7/modules/ssl/ssl_engine_config.c.sslsninotreq ++++ httpd-2.4.7/modules/ssl/ssl_engine_config.c +@@ -55,6 +55,7 @@ SSLModConfigRec *ssl_config_global_creat + mc = (SSLModConfigRec *)apr_palloc(pool, sizeof(*mc)); + mc->pPool = pool; + mc->bFixed = FALSE; ++ mc->sni_required = FALSE; + + /* + * initialize per-module configuration +--- httpd-2.4.7/modules/ssl/ssl_engine_init.c.sslsninotreq ++++ httpd-2.4.7/modules/ssl/ssl_engine_init.c +@@ -234,7 +234,7 @@ int ssl_init_Module(apr_pool_t *p, apr_p + /* + * Configuration consistency checks + */ +- ssl_init_CheckServers(base_server, ptemp); ++ ssl_init_CheckServers(mc, base_server, ptemp); + + /* + * Announce mod_ssl and SSL library in HTTP Server field +@@ -1322,7 +1322,7 @@ void ssl_init_ConfigureServer(server_rec + } + } + +-void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p) ++void ssl_init_CheckServers(SSLModConfigRec *mc, server_rec *base_server, apr_pool_t *p) + { + server_rec *s, *ps; + SSLSrvConfigRec *sc; +@@ -1404,6 +1404,7 @@ void ssl_init_CheckServers(server_rec *b + } + + if (conflict) { ++ mc->sni_required = TRUE; + #ifndef HAVE_TLSEXT + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01917) + "Init: You should not use name-based " +--- httpd-2.4.7/modules/ssl/ssl_engine_kernel.c.sslsninotreq ++++ httpd-2.4.7/modules/ssl/ssl_engine_kernel.c +@@ -164,6 +164,7 @@ int ssl_hook_ReadReq(request_rec *r) + } + #ifdef HAVE_TLSEXT + if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) { ++ if (myModConfig(r->server)->sni_required) { + char *host, *scope_id; + apr_port_t port; + apr_status_t rv; +@@ -205,6 +206,7 @@ int ssl_hook_ReadReq(request_rec *r) + " virtual host"); + return HTTP_FORBIDDEN; + } ++ } + #endif + SSL_set_app_data2(ssl, r); + +--- httpd-2.4.7/modules/ssl/ssl_private.h.sslsninotreq ++++ httpd-2.4.7/modules/ssl/ssl_private.h +@@ -520,6 +520,7 @@ typedef struct { + struct { + void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10; + } rCtx; ++ BOOL sni_required; + } SSLModConfigRec; + + /** Structure representing configured filenames for certs and keys for +@@ -765,7 +766,7 @@ const char *ssl_cmd_SSLFIPS(cmd_parms *c + int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *); + void ssl_init_Engine(server_rec *, apr_pool_t *); + void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *); +-void ssl_init_CheckServers(server_rec *, apr_pool_t *); ++void ssl_init_CheckServers(SSLModConfigRec *mc, server_rec *, apr_pool_t *); + STACK_OF(X509_NAME) + *ssl_init_FindCAList(server_rec *, apr_pool_t *, const char *, const char *); + void ssl_init_Child(apr_pool_t *, server_rec *); diff --git a/httpd.spec b/httpd.spec index c448ddc..4bd92e8 100644 --- a/httpd.spec +++ b/httpd.spec @@ -15,7 +15,7 @@ Summary: Apache HTTP Server Name: httpd Version: 2.4.7 -Release: 1%{?dist} +Release: 2%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html @@ -85,6 +85,7 @@ Requires(pre): /usr/sbin/useradd Requires(preun): systemd-units Requires(postun): systemd-units Requires(post): systemd-units +Conflicts: apr < 1.5.0-1 %description The Apache HTTP Server is a powerful, efficient, and extensible @@ -190,7 +191,7 @@ interface for storing and accessing per-user session data. %patch31 -p1 -b .sslmultiproxy %patch32 -p1 -b .r1537535 -%patch51 -p1 -b .sninotreq +%patch51 -p1 -b .sslsninotreq %patch55 -p1 -b .malformedhost %patch56 -p1 -b .uniqueid %patch58 -p1 -b .r1534321 @@ -620,6 +621,10 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/rpm/macros.httpd %changelog +* Thu Dec 12 2013 Joe Orton - 2.4.7-2 +- conflict with pre-1.5.0 APR +- fix sslsninotreq patch + * Wed Nov 27 2013 Joe Orton - 2.4.7-1 - update to 2.4.7 (#1034071)