Re: svn commit: r1887085 - in /httpd/httpd/trunk: CHANGES include/ap_mmn.h include/http_protocol.h modules/md/mod_md.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h server/protocol.c

Tue, 02 Mar 2021 11:55:04 -0800 


On 3/2/21 3:21 PM, ic...@apache.org wrote:
> Author: icing
> Date: Tue Mar  2 14:21:18 2021
> New Revision: 1887085
> 
> URL: http://svn.apache.org/viewvc?rev=1887085&view=rev
> Log:
> Adding more ap_ssl_* functions and hooks to the core server.
> 
>      - ap_ssl_add_cert_files() to enable other modules like mod_md to provide
>        certificate and keys for an SSL module like mod_ssl.
>      - ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to
>        provide a fallback certificate in case no 'proper' certificate is
>        available for an SSL module like mod_ssl.
>      - ap_ssl_answer_challenge() to enable other modules like mod_md to
>        provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge
>        for the ACME protocol for an SSL module like mod_ssl.
>     - Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and
>       'ssl_answer_challenge' where modules like mod_md can provide providers
>       to the above mentioned functions.
> 
> 
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/include/ap_mmn.h
>     httpd/httpd/trunk/include/http_protocol.h
>     httpd/httpd/trunk/modules/md/mod_md.c
>     httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
>     httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
>     httpd/httpd/trunk/modules/ssl/ssl_private.h
>     httpd/httpd/trunk/server/protocol.c
> 

> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1887085&r1=1887084&r2=1887085&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Tue Mar  2 14:21:18 2021
> @@ -2316,11 +2316,29 @@ void ssl_callback_Info(const SSL *ssl, i
>  #ifdef HAVE_TLSEXT
>  
>  static apr_status_t set_challenge_creds(conn_rec *c, const char *servername,
> -                                        SSL *ssl, X509 *cert, EVP_PKEY *key)
> +                                        SSL *ssl, X509 *cert, EVP_PKEY *key,
> +                                        const char *cert_file, const char 
> *key_file)
>  {
>      SSLConnRec *sslcon = myConnConfig(c);
>      
>      sslcon->service_unavailable = 1;
> +    if (cert_file) {
> +        if (SSL_use_certificate_chain_file(ssl, cert_file) < 1) {

As noted by the failure of build #1461 (
https://travis-ci.com/github/apache/httpd/jobs/487481449)
SSL_use_certificate_chain_file is not available with OpenSSL 1.0.2 which is 
still the OS
provided standard version with Ubuntu 16 LTS and RedHat / Centos 7.

Regards

RĂ¼diger























					Reply via email to