Tree - rpms/httpd - CentOS Git server

altarch-user / rpms / httpd

Forked from rpms/httpd 2 years ago

Source
Stats

Blame SOURCES/httpd-2.4.6-r1811976.patch

Blob History Raw

		008793	`diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en`
		008793	`index 98540cd..4580f1c 100644`
		008793	`--- a/docs/manual/mod/mod_ssl.html.en`
		008793	`+++ b/docs/manual/mod/mod_ssl.html.en`
		008793	`@@ -197,6 +197,12 @@ the SSLOptions directiv`
		008793	`first (or only) attribute of any DN is added only under a non-suffixed`
		008793	`name; i.e. no _0 suffixed entries are added.`
		008793
		008793	`+The _RAW suffix may now be added to mod_ssl DN variable names`
		008793	`+(such as SSL_CLIENT_I_O_RAW). When this suffix is used, conversion`
		008793	`+of certificate name attributes to UTF-8 is omitted. This allows variable`
		008793	`+lookups and comparisons for certificates with incorrectly tagged name`
		008793	`+attributes.`
		008793	`+`
		008793	`The format of the *_DN variables has changed in Apache HTTPD`
		008793	`2.3.11. See the LegacyDNStringFormat option for`
		008793	`SSLOptions for details.`
		008793	`@@ -861,7 +867,7 @@ SSLEngine on`
		008793	`</VirtualHost>`
		008793
		008793
		008793	`-In Apache 2.1 and later, SSLEngine can be set to`
		008793	`+In httpd 2.2.0 and later, SSLEngine can be set to`
		008793	`optional. This enables support for`
		008793	`RFC 2817, Upgrading to TLS`
		008793	`Within HTTP/1.1. At this time no web browsers support RFC 2817.`
		008793	`diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c`
		008793	`index 2b7c9ba..e25a6d4 100644`
		008793	`--- a/modules/ssl/ssl_engine_vars.c`
		008793	`+++ b/modules/ssl/ssl_engine_vars.c`
		008793	`@@ -41,7 +41,7 @@`
		008793
		008793	`static char ssl_var_lookup_ssl(apr_pool_t p, conn_rec c, request_rec r, char *var);`
		008793	`static char ssl_var_lookup_ssl_cert(apr_pool_t p, request_rec r, X509 xs, char *var);`
		008793	`-static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME xsname, char var);`
		008793	`+static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME xsname, const char var);`
		008793	`static char ssl_var_lookup_ssl_cert_san(apr_pool_t p, X509 xs, char var);`
		008793	`static char ssl_var_lookup_ssl_cert_valid(apr_pool_t p, ASN1_TIME *tm);`
		008793	`static char ssl_var_lookup_ssl_cert_remain(apr_pool_t p, ASN1_TIME *tm);`
		008793	`@@ -562,15 +562,23 @@ static const struct {`
		008793	`{ NULL, 0, 0 }`
		008793	`};`
		008793
		008793	`-static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME xsname, char var)`
		008793	`+static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME *xsname,`
		008793	`+ const char *var)`
		008793	`{`
		008793	`- char result, ptr;`
		008793	`+ const char *ptr;`
		008793	`+ char *result;`
		008793	`X509_NAME_ENTRY *xsne;`
		008793	`- int i, j, n, idx = 0;`
		008793	`+ int i, j, n, idx = 0, raw = 0;`
		008793	`apr_size_t varlen;`
		008793
		008793	`+ ptr = ap_strrchr_c(var, '_');`
		008793	`+ if (ptr && ptr > var && strcmp(ptr + 1, "RAW") == 0) {`
		008793	`+ var = apr_pstrmemdup(p, var, ptr - var);`
		008793	`+ raw = 1;`
		008793	`+ }`
		008793	`+`
		008793	`/* if an _N suffix is used, find the Nth attribute of given name */`
		008793	`- ptr = strchr(var, '_');`
		008793	`+ ptr = ap_strchr_c(var, '_');`
		008793	`if (ptr != NULL && strspn(ptr + 1, "0123456789") == strlen(ptr + 1)) {`
		008793	`idx = atoi(ptr + 1);`
		008793	`varlen = ptr - var;`
		008793	`@@ -592,7 +600,7 @@ static char ssl_var_lookup_ssl_cert_dn(apr_pool_t p, X509_NAME xsname, char `
		008793	`n =OBJ_obj2nid((ASN1_OBJECT *)X509_NAME_ENTRY_get_object(xsne));`
		008793
		008793	`if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid && idx-- == 0) {`
		008793	`- result = SSL_X509_NAME_ENTRY_to_string(p, xsne);`
		008793	`+ result = SSL_X509_NAME_ENTRY_to_string(p, xsne, raw);`
		008793	`break;`
		008793	`}`
		008793	`}`
		008793	`@@ -897,7 +905,7 @@ static void extract_dn(apr_table_t t, apr_hash_t nids, const char *pfx,`
		008793	`apr_hash_set(count, &nid, sizeof nid, dup);`
		008793	`key = apr_pstrcat(p, pfx, tag, NULL);`
		008793	`}`
		008793	`- value = SSL_X509_NAME_ENTRY_to_string(p, xsne);`
		008793	`+ value = SSL_X509_NAME_ENTRY_to_string(p, xsne, 0);`
		008793	`apr_table_setn(t, key, value);`
		008793	`}`
		008793	`}`
		008793	`diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c`
		008793	`index 09a9877..fbd701f 100644`
		008793	`--- a/modules/ssl/ssl_util_ssl.c`
		008793	`+++ b/modules/ssl/ssl_util_ssl.c`
		008793	`@@ -236,18 +236,21 @@ BOOL SSL_X509_getBC(X509 cert, int ca, int *pathlen)`
		008793	`return TRUE;`
		008793	`}`
		008793
		008793	`-/* convert an ASN.1 string to a UTF-8 string (escaping control characters) */`
		008793	`-char SSL_ASN1_STRING_to_utf8(apr_pool_t p, ASN1_STRING *asn1str)`
		008793	`+/* Convert ASN.1 string to a pool-allocated char * string, escaping`
		008793	`+ * control characters. If raw is zero, convert to UTF-8, otherwise`
		008793	`+ * unchanged from the character set. */`
		008793	`+char SSL_ASN1_STRING_convert(apr_pool_t p, ASN1_STRING *asn1str, int raw)`
		008793	`{`
		008793	`char *result = NULL;`
		008793	`BIO *bio;`
		008793	`- int len;`
		008793	`+ int len, flags = ASN1_STRFLGS_ESC_CTRL;`
		008793
		008793	`if ((bio = BIO_new(BIO_s_mem())) == NULL)`
		008793	`return NULL;`
		008793
		008793	`- ASN1_STRING_print_ex(bio, asn1str, ASN1_STRFLGS_ESC_CTRL\|`
		008793	`- ASN1_STRFLGS_UTF8_CONVERT);`
		008793	`+ if (!raw) flags \|= ASN1_STRFLGS_UTF8_CONVERT;`
		008793	`+`
		008793	`+ ASN1_STRING_print_ex(bio, asn1str, flags);`
		008793	`len = BIO_pending(bio);`
		008793	`if (len > 0) {`
		008793	`result = apr_palloc(p, len+1);`
		008793	`@@ -258,10 +261,13 @@ char SSL_ASN1_STRING_to_utf8(apr_pool_t p, ASN1_STRING *asn1str)`
		008793	`return result;`
		008793	`}`
		008793
		008793	`+#define SSL_ASN1_STRING_to_utf8(p, a) SSL_ASN1_STRING_convert(p, a, 0)`
		008793	`+`
		008793	`/* convert a NAME_ENTRY to UTF8 string */`
		008793	`-char SSL_X509_NAME_ENTRY_to_string(apr_pool_t p, X509_NAME_ENTRY *xsne)`
		008793	`+char SSL_X509_NAME_ENTRY_to_string(apr_pool_t p, X509_NAME_ENTRY *xsne,`
		008793	`+ int raw)`
		008793	`{`
		008793	`- char *result = SSL_ASN1_STRING_to_utf8(p, X509_NAME_ENTRY_get_data(xsne));`
		008793	`+ char *result = SSL_ASN1_STRING_convert(p, X509_NAME_ENTRY_get_data(xsne), raw);`
		008793	`ap_xlate_proto_from_ascii(result, len);`
		008793	`return result;`
		008793	`}`
		008793	`@@ -414,7 +420,7 @@ BOOL SSL_X509_getIDs(apr_pool_t p, X509 x509, apr_array_header_t **ids)`
		008793	`subj = X509_get_subject_name(x509);`
		008793	`while ((i = X509_NAME_get_index_by_NID(subj, NID_commonName, i)) != -1) {`
		008793	`APR_ARRAY_PUSH(ids, const char ) =`
		008793	`- SSL_X509_NAME_ENTRY_to_string(p, X509_NAME_get_entry(subj, i));`
		008793	`+ SSL_X509_NAME_ENTRY_to_string(p, X509_NAME_get_entry(subj, i), 0);`
		008793	`}`
		008793
		008793	`return apr_is_empty_array(*ids) ? FALSE : TRUE;`
		008793	`diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h`
		008793	`index be07ab7..611957e 100644`
		008793	`--- a/modules/ssl/ssl_util_ssl.h`
		008793	`+++ b/modules/ssl/ssl_util_ssl.h`
		008793	`@@ -65,8 +65,8 @@ EVP_PKEY SSL_read_PrivateKey(char , EVP_PKEY *, pem_password_cb , void *);`
		008793	`int SSL_smart_shutdown(SSL *ssl);`
		008793	`BOOL SSL_X509_isSGC(X509 *);`
		008793	`BOOL SSL_X509_getBC(X509 , int , int *);`
		008793	`-char SSL_ASN1_STRING_to_utf8(apr_pool_t , ASN1_STRING *);`
		008793	`-char SSL_X509_NAME_ENTRY_to_string(apr_pool_t p, X509_NAME_ENTRY *xsne);`
		008793	`+char SSL_ASN1_STRING_to_utf8(apr_pool_t , ASN1_STRING *, int raw);`
		008793	`+char SSL_X509_NAME_ENTRY_to_string(apr_pool_t p, X509_NAME_ENTRY *xsne, int raw);`
		008793	`char SSL_X509_NAME_to_string(apr_pool_t , X509_NAME *, int);`
		008793	`BOOL SSL_X509_getSAN(apr_pool_t , X509 , int, const char , int, apr_array_header_t *);`
		008793	`BOOL SSL_X509_getIDs(apr_pool_t , X509 , apr_array_header_t **);`

altarch-user / rpms / httpd

Source Code

Blame SOURCES/httpd-2.4.6-r1811976.patch