In article <[EMAIL PROTECTED]> you
wrote:
> To what extent are we keeping up with these changes in mod_ssl for apache
> 2.0?
The fixes should be forward ported to Apache 2.0's mod_ssl, of course. But
this is easily achievable by looking at the output of "cvs diff
-rAPACHE_2_0_MOVE_POINT" in the src/modules/ssl/ subdir of my
Apache/1.3+mod_ssl/2.x CVS repository. It shows all fixes since the move
point. And most of them you can even ignore because they are related to SDBM,
etc. The current output I append you. Please merge the necessary pieces into
the Apache 2.0 source tree for us. If you've merged them in, drop me a short
note and I add a tag into the Apache/1.3+mod_ssl/2.x CVS repository to
remember this merging point for forthcoming merges. But I do not expect that
you have to merge lots of things in the future because since the move point
there is no active development there. Only bugfixes.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: libssl.module
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/libssl.module,v
retrieving revision 1.63
retrieving revision 1.65
diff -u -d -r1.63 -r1.65
--- libssl.module 15 Apr 2001 16:31:55 -0000 1.63
+++ libssl.module 23 Feb 2002 16:40:38 -0000 1.65
@@ -255,8 +255,8 @@
fi
# 4. override decision on a few brain-dead platforms
if [ ".$my_rule_SSL_SDBM" = .default ]; then
- case "$OS" in
- Linux )
+ case "$PLAT" in
+ *-linux* )
# force Linux boxes to use builtin SDBM per default because
# of too much broken vendor DBM libraries on this platform
SSL_DBM_NAME=''
@@ -282,7 +282,7 @@
# determine SSL_BASE
#
if [ ".$SSL_BASE" = . ]; then
- SSL_BASE=`egrep '^SSL_BASE=' $file | tail -1 | awk -F= '{print $2}'`
+ SSL_BASE=`egrep '^SSL_BASE=' $file | sed -n -e '$p' | awk -F= '{print $2}'`
if [ ".$SSL_BASE" = . ]; then
if [ -d /usr/local/ssl ]; then
SSL_BASE="/usr/local/ssl"
Index: libssl.version
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/libssl.version,v
retrieving revision 1.90
retrieving revision 1.94
diff -u -d -r1.90 -r1.94
--- libssl.version 31 Mar 2001 07:36:40 -0000 1.90
+++ libssl.version 23 Feb 2002 16:34:35 -0000 1.94
@@ -1 +1 @@
-mod_ssl/2.8.3-1.3.19
+mod_ssl/2.8.7-1.3.23
Index: mod_ssl.h
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/mod_ssl.h,v
retrieving revision 1.138
retrieving revision 1.141
diff -u -d -r1.138 -r1.141
--- mod_ssl.h 30 Mar 2001 10:03:04 -0000 1.138
+++ mod_ssl.h 23 Feb 2002 19:04:16 -0000 1.141
@@ -346,12 +346,7 @@
#define SSL_DBM_FILE_SUFFIX_DIR ".dir"
#define SSL_DBM_FILE_SUFFIX_PAG ".pag"
#else /* !SSL_USE_SDBM */
-#if defined(__GLIBC__) && defined(__GLIBC_MINOR__) \
- && __GLIBC__ >= 2 && __GLIBC_MINOR__ >= 1
-#include <db1/ndbm.h>
-#else
#include <ndbm.h>
-#endif
#define ssl_dbm_open dbm_open
#define ssl_dbm_close dbm_close
#define ssl_dbm_store dbm_store
@@ -725,7 +720,11 @@
int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
+#if SSL_LIBRARY_VERSION >= 0x00907000
+void ssl_callback_LogTracingState(const SSL *, int, int);
+#else
void ssl_callback_LogTracingState(SSL *, int, int);
+#endif
/* Session Cache Support */
void ssl_scache_init(server_rec *, pool *);
@@ -844,6 +843,7 @@
char *ssl_util_algotypestr(ssl_algo_t);
char *ssl_util_ptxtsub(pool *, const char *, const char *, char *);
void ssl_util_thread_setup(void);
+void ssl_util_thread_cleanup(void);
/* Vendor extension support */
#if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS)
Index: ssl_engine_dh.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_dh.c,v
retrieving revision 1.4
retrieving revision 1.6
diff -u -d -r1.4 -r1.6
--- ssl_engine_dh.c 1 Jan 2001 10:51:27 -0000 1.4
+++ ssl_engine_dh.c 23 Feb 2002 16:40:38 -0000 1.6
@@ -103,7 +103,7 @@
0x02,
};
-static DH *get_dh512()
+static DH *get_dh512(void)
{
DH *dh;
@@ -134,7 +134,7 @@
0x02,
};
-static DH *get_dh1024()
+static DH *get_dh1024(void)
{
DH *dh;
@@ -227,10 +227,10 @@
# generate C source from DH params
my $dhsource = '';
-open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand -8 |") || die;
+open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand |") || die;
$dhsource .= $_ while (<FP>);
close(FP);
-open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand -8 |") || die;
+open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand |") || die;
$dhsource .= $_ while (<FP>);
close(FP);
$dhsource =~ s|(DH\s+\*get_dh)|static $1|sg;
Index: ssl_engine_init.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.105
retrieving revision 1.107
diff -u -d -r1.105 -r1.107
--- ssl_engine_init.c 30 Mar 2001 09:26:55 -0000 1.105
+++ ssl_engine_init.c 23 Feb 2002 16:34:35 -0000 1.107
@@ -763,7 +763,8 @@
}
if (SSL_X509_getCN(p, sc->pPublicCert[i], &cp)) {
if (ap_is_fnmatch(cp) &&
- !ap_fnmatch(cp, s->server_hostname, FNM_PERIOD|FNM_CASE_BLIND)) {
+ ap_fnmatch(cp, s->server_hostname,
+ FNM_PERIOD|FNM_CASE_BLIND) == FNM_NOMATCH) {
ssl_log(s, SSL_LOG_WARN,
"Init: (%s) %s server certificate wildcard CommonName (CN)
`%s' "
"does NOT match server name!?", cpVHostID,
@@ -1084,6 +1085,8 @@
ERR_remove_state(0);
EVP_cleanup();
#endif
+
+ ssl_util_thread_cleanup();
return;
}
Index: ssl_engine_io.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -d -r1.32 -r1.33
--- ssl_engine_io.c 30 Mar 2001 10:22:28 -0000 1.32
+++ ssl_engine_io.c 28 Jan 2002 19:40:57 -0000 1.33
@@ -443,10 +443,6 @@
#ifdef WIN32
-/* these two functions are exported from buff.c under WIN32 */
-API_EXPORT(int) sendwithtimeout(int sock, const char *buf, int len, int flags);
-API_EXPORT(int) recvwithtimeout(int sock, char *buf, int len, int flags);
-
/* and the prototypes for our SSL_xxx variants */
static int SSL_sendwithtimeout(BUFF *fb, const char *buf, int len);
static int SSL_recvwithtimeout(BUFF *fb, char *buf, int len);
@@ -459,7 +455,7 @@
if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL)
rc = SSL_recvwithtimeout(fb, buf, len);
else
- rc = recvwithtimeout(fb->fd, buf, len, 0);
+ rc = ap_recvwithtimeout(fb->fd, buf, len, 0);
return rc;
}
@@ -471,7 +467,7 @@
if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL)
rc = SSL_sendwithtimeout(fb, buf, len);
else
- rc = sendwithtimeout(fb->fd, buf, len, 0);
+ rc = ap_sendwithtimeout(fb->fd, buf, len, 0);
return rc;
}
Index: ssl_engine_kernel.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.127
retrieving revision 1.128
diff -u -d -r1.127 -r1.128
--- ssl_engine_kernel.c 30 Mar 2001 09:10:23 -0000 1.127
+++ ssl_engine_kernel.c 23 Feb 2002 19:04:16 -0000 1.128
@@ -1835,7 +1835,11 @@
* SSL handshake and does SSL record layer stuff. We use it to
* trace OpenSSL's processing in out SSL logfile.
*/
+#if SSL_LIBRARY_VERSION >= 0x00907000
+void ssl_callback_LogTracingState(const SSL *ssl, int where, int rc)
+#else
void ssl_callback_LogTracingState(SSL *ssl, int where, int rc)
+#endif
{
conn_rec *c;
server_rec *s;
@@ -1845,7 +1849,7 @@
/*
* find corresponding server
*/
- if ((c = (conn_rec *)SSL_get_app_data(ssl)) == NULL)
+ if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL)
return;
s = c->server;
if ((sc = mySrvConfig(s)) == NULL)
Index: ssl_engine_rand.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_rand.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- ssl_engine_rand.c 1 Jan 2001 10:51:27 -0000 1.11
+++ ssl_engine_rand.c 31 Jan 2002 15:54:15 -0000 1.12
@@ -86,6 +86,7 @@
int i, n, l;
time_t t;
pid_t pid;
+ int m;
mc = myModConfig();
nReq = 0;
@@ -151,12 +152,13 @@
nDone += 128;
/*
- * seed in an 1KB extract of the current scoreboard
+ * seed in extract data from the current scoreboard
*/
- if (ap_scoreboard_image != NULL) {
- n = ssl_rand_choosenum(0, SCOREBOARD_SIZE-1024-1);
- RAND_seed((unsigned char *)ap_scoreboard_image+n, 1024);
- nDone += 1024;
+ if (ap_scoreboard_image != NULL && SCOREBOARD_SIZE > 16) {
+ m = ((SCOREBOARD_SIZE / 2) - 1);
+ n = ssl_rand_choosenum(0, m);
+ RAND_seed(((unsigned char *)ap_scoreboard_image)+n, m);
+ nDone += m;
}
}
}
Index: ssl_expr_eval.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_expr_eval.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- ssl_expr_eval.c 1 Jan 2001 10:51:27 -0000 1.12
+++ ssl_expr_eval.c 16 Oct 2001 12:00:31 -0000 1.13
@@ -239,7 +239,7 @@
*buf = NUL;
}
else {
- if ((buf = (char *)ap_palloc(r->pool, sizeof(char) * len+1)) == NULL) {
+ if ((buf = (char *)ap_palloc(r->pool, sizeof(char) * (len+1))) == NULL) {
ssl_expr_error = "Cannot allocate memory";
ap_pfclose(r->pool, fp);
return "";
Index: ssl_scache_dbm.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_scache_dbm.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- ssl_scache_dbm.c 1 Jan 2001 10:51:27 -0000 1.3
+++ ssl_scache_dbm.c 23 Feb 2002 18:50:02 -0000 1.4
@@ -143,8 +143,10 @@
UCHAR *ucp;
/* streamline session data */
+ if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
+ return FALSE;
ucp = ucaData;
- nData = i2d_SSL_SESSION(sess, &ucp);
+ i2d_SSL_SESSION(sess, &ucp);
/* be careful: do not try to store too much bytes in a DBM file! */
#ifdef SSL_USE_SDBM
Index: ssl_scache_shmcb.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_scache_shmcb.c,v
retrieving revision 1.3
retrieving revision 1.5
diff -u -d -r1.3 -r1.5
--- ssl_scache_shmcb.c 30 Mar 2001 10:03:04 -0000 1.3
+++ ssl_scache_shmcb.c 31 Jan 2002 16:03:17 -0000 1.5
@@ -183,9 +183,9 @@
unsigned int division_offset;
unsigned int division_size;
unsigned int queue_size;
- unsigned char index_num;
- unsigned char index_offset;
- unsigned char index_size;
+ unsigned int index_num;
+ unsigned int index_offset;
+ unsigned int index_size;
unsigned int cache_data_offset;
unsigned int cache_data_size;
unsigned long num_stores;
@@ -209,9 +209,9 @@
unsigned int cache_data_offset;
unsigned int cache_data_size;
unsigned char division_mask;
- unsigned char index_num;
- unsigned char index_offset;
- unsigned char index_size;
+ unsigned int index_num;
+ unsigned int index_offset;
+ unsigned int index_size;
#endif
} SHMCBHeader;
@@ -456,7 +456,7 @@
return;
}
-BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR * id, int idlen,
+BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen,
time_t timeout, SSL_SESSION * pSession)
{
SSLModConfigRec *mc = myModConfig();
@@ -478,7 +478,7 @@
return to_return;
}
-SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR * id, int idlen)
+SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR *id, int idlen)
{
SSLModConfigRec *mc = myModConfig();
void *shm_segment;
@@ -499,14 +499,16 @@
return pSession;
}
-void ssl_scache_shmcb_remove(server_rec *s, UCHAR * id, int idlen)
+void ssl_scache_shmcb_remove(server_rec *s, UCHAR *id, int idlen)
{
SSLModConfigRec *mc = myModConfig();
void *shm_segment;
/* We've kludged our pointer into the other cache's member variable. */
shm_segment = (void *) mc->tSessionCacheDataTable;
+ ssl_mutex_on(s);
shmcb_remove_session(s, shm_segment, id, idlen);
+ ssl_mutex_off(s);
}
void ssl_scache_shmcb_expire(server_rec *s)
@@ -705,7 +707,7 @@
}
static BOOL shmcb_store_session(
- server_rec *s, void *shm_segment, UCHAR * id,
+ server_rec *s, void *shm_segment, UCHAR *id,
int idlen, SSL_SESSION * pSession,
time_t timeout)
{
@@ -755,7 +757,7 @@
static SSL_SESSION *shmcb_retrieve_session(
server_rec *s, void *shm_segment,
- UCHAR * id, int idlen)
+ UCHAR *id, int idlen)
{
SHMCBHeader *header;
SHMCBQueue queue;
@@ -795,7 +797,7 @@
static BOOL shmcb_remove_session(
server_rec *s, void *shm_segment,
- UCHAR * id, int idlen)
+ UCHAR *id, int idlen)
{
SHMCBHeader *header;
SHMCBQueue queue;
@@ -992,7 +994,7 @@
const SHMCBQueue *queue, unsigned int idx)
{
/* bounds check */
- if (idx > (unsigned int) queue->header->index_num)
+ if (idx > queue->header->index_num)
return NULL;
/* Return a pointer to the index. NB: I am being horribly pendantic
Index: ssl_scache_shmht.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_scache_shmht.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- ssl_scache_shmht.c 1 Jan 2001 10:51:27 -0000 1.2
+++ ssl_scache_shmht.c 23 Feb 2002 18:50:02 -0000 1.3
@@ -175,8 +175,10 @@
UCHAR *ucp;
/* streamline session data */
+ if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
+ return FALSE;
ucp = ucaData;
- nData = i2d_SSL_SESSION(sess, &ucp);
+ i2d_SSL_SESSION(sess, &ucp);
ssl_mutex_on(s);
if (table_insert_kd(mc->tSessionCacheDataTable,
Index: ssl_util.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_util.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -d -r1.28 -r1.29
--- ssl_util.c 1 Jan 2001 10:51:27 -0000 1.28
+++ ssl_util.c 23 Feb 2002 16:34:35 -0000 1.29
@@ -435,3 +435,15 @@
return;
}
+void ssl_util_thread_cleanup(void)
+{
+#ifdef WIN32
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+ for (i = 0; i < CRYPTO_NUM_LOCKS; i++)
+ CloseHandle(lock_cs[i]);
+#endif /* WIN32 */
+ return;
+}
+
Index: ssl_util_sdbm.c
===================================================================
RCS file: /e/modssl/cvs/mod_ssl/pkg.apache/src/modules/ssl/ssl_util_sdbm.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- ssl_util_sdbm.c 1 Jan 2001 10:51:27 -0000 1.16
+++ ssl_util_sdbm.c 29 Jan 2002 07:49:16 -0000 1.17
@@ -499,14 +499,17 @@
{
register long c;
register long dirb;
+ int got;
c = dbit / BYTESIZ;
dirb = c / DBLKSIZ;
if (dirb != db->dirbno) {
if (lseek(db->dirf, OFF_DIR(dirb), SEEK_SET) < 0
- || read(db->dirf, db->dirbuf, DBLKSIZ) < 0)
+ || (got = read(db->dirf, db->dirbuf, DBLKSIZ)) < 0)
return 0;
+ if (got == 0)
+ memset(db->dirbuf, 0, DBLKSIZ);
db->dirbno = dirb;
debug(("dir read: %d\n", dirb));
@@ -522,14 +525,17 @@
{
register long c;
register long dirb;
+ int got;
c = dbit / BYTESIZ;
dirb = c / DBLKSIZ;
if (dirb != db->dirbno) {
if (lseek(db->dirf, OFF_DIR(dirb), SEEK_SET) < 0
- || read(db->dirf, db->dirbuf, DBLKSIZ) < 0)
+ || (got = read(db->dirf, db->dirbuf, DBLKSIZ)) < 0)
return 0;
+ if (got == 0)
+ memset(db->dirbuf, 0, DBLKSIZ);
db->dirbno = dirb;
debug(("dir read: %d\n", dirb));
@@ -537,8 +543,13 @@
db->dirbuf[c % DBLKSIZ] |= (1 << dbit % BYTESIZ);
+#if 0
if (dbit >= db->maxbno)
db->maxbno += DBLKSIZ * BYTESIZ;
+#else
+ if (OFF_DIR((dirb+1))*BYTESIZ > db->maxbno)
+ db->maxbno = OFF_DIR((dirb+1)) * BYTESIZ;
+#endif
if (lseek(db->dirf, OFF_DIR(dirb), SEEK_SET) < 0
|| write(db->dirf, db->dirbuf, DBLKSIZ) < 0)
