diff -urN mod_ssl-2.8.8-1.3.24/pkg.sslcfg/sslcfg.patch mod_ssl-2.8.8-1.3.24-tw/pkg.sslcfg/sslcfg.patch --- mod_ssl-2.8.8-1.3.24/pkg.sslcfg/sslcfg.patch Wed Mar 27 19:05:04 2002 +++ mod_ssl-2.8.8-1.3.24-tw/pkg.sslcfg/sslcfg.patch Thu May 16 11:55:52 2002 @@ -61,7 +61,7 @@ +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## -+ ++SSLCryptoDevice trustway +# +# Some MIME-types for downloading Certificates and CRLs +# @@ -81,11 +81,11 @@ +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). -+#SSLSessionCache none ++SSLSessionCache none +#SSLSessionCache shmht:logs/ssl_scache(512000) +#SSLSessionCache shmcb:logs/ssl_scache(512000) -+SSLSessionCache dbm:logs/ssl_scache -+SSLSessionCacheTimeout 300 ++#SSLSessionCache dbm:logs/ssl_scache ++#SSLSessionCacheTimeout 300 + +# Semaphore: +# Configure the path to the mutual exclusion semaphore the @@ -117,7 +117,7 @@ +# Log levels are (ascending order: higher ones include lower ones): +# none, error, warn, info, trace, debug. +SSLLog logs/ssl_engine_log -+SSLLogLevel info ++SSLLogLevel none + + + @@ -134,7 +134,7 @@ +ServerName new.host.name +ServerAdmin you@your.address +ErrorLog logs/error_log -+TransferLog logs/access_log ++#TransferLog logs/access_log + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. @@ -143,7 +143,7 @@ +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. -+SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL ++SSLCipherSuite RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If @@ -286,8 +286,8 @@ +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. -+CustomLog logs/ssl_request_log \ -+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ++#CustomLog logs/ssl_request_log \ ++# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + + diff -urN mod_ssl-2.8.8-1.3.24/pkg.sslmod/libssl.module mod_ssl-2.8.8-1.3.24-tw/pkg.sslmod/libssl.module --- mod_ssl-2.8.8-1.3.24/pkg.sslmod/libssl.module Sat Feb 23 19:45:45 2002 +++ mod_ssl-2.8.8-1.3.24-tw/pkg.sslmod/libssl.module Thu Apr 18 15:30:52 2002 @@ -78,9 +78,9 @@ my_outfile="Makefile.config" my_prefix=" +" my_prefixe=" " - SSL_CFLAGS='' + SSL_CFLAGS='-g -DSSL_EXPERIMENTAL_ENGINE -DSSL_TRUSTWAY_ENGINE' SSL_LDFLAGS='' - SSL_LIBS='' + SSL_LIBS='-lgpkcs11cc2000' # # find a reasonable Bourne Shell for sub-shell calls diff -urN mod_ssl-2.8.8-1.3.24/pkg.sslmod/mod_ssl.c mod_ssl-2.8.8-1.3.24-tw/pkg.sslmod/mod_ssl.c --- mod_ssl-2.8.8-1.3.24/pkg.sslmod/mod_ssl.c Sat Feb 23 19:45:45 2002 +++ mod_ssl-2.8.8-1.3.24-tw/pkg.sslmod/mod_ssl.c Thu May 16 17:39:50 2002 @@ -234,7 +234,11 @@ NULL, /* [#9] log a transaction */ NULL, /* [#2] header parser */ ssl_init_Child, /* child_init */ +#ifdef SSL_TRUSTWAY_ENGINE + ssl_init_ChildKill, /* child_exit */ +#else NULL, /* child_exit */ +#endif ssl_hook_ReadReq, /* [#0] post read-request */ /* Extended API (forced to be enabled with mod_ssl) */ diff -urN mod_ssl-2.8.8-1.3.24/pkg.sslmod/ssl_engine_init.c mod_ssl-2.8.8-1.3.24-tw/pkg.sslmod/ssl_engine_init.c --- mod_ssl-2.8.8-1.3.24/pkg.sslmod/ssl_engine_init.c Wed Mar 27 17:47:20 2002 +++ mod_ssl-2.8.8-1.3.24-tw/pkg.sslmod/ssl_engine_init.c Thu May 16 17:38:47 2002 @@ -242,6 +242,9 @@ } #endif if (mc->nInitCount == 1) { +#ifdef SSL_TRUSTWAY_ENGINE + ssl_init_Engine(s, p); +#endif ssl_pphrase_Handle(s, p); ssl_init_TmpKeysHandle(SSL_TKP_GEN, s, p); #ifndef WIN32 @@ -383,6 +386,7 @@ /* seed PRNG */ ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: "); +#ifndef SSL_TRUSTWAY_ENGINE /* generate 512 bit RSA key */ ssl_log(s, SSL_LOG_INFO, "Init: Generating temporary RSA private keys (512/1024 bits)"); if ((rsa = RSA_generate_key(512, RSA_F4, NULL, NULL)) == NULL) { @@ -407,6 +411,7 @@ asn1->cpData = ap_palloc(mc->pPool, asn1->nData); ucp = asn1->cpData; i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */ RSA_free(rsa); +#endif ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary DH parameters (512/1024 bits)"); @@ -436,6 +441,7 @@ /* Allocate Keys and Params */ else if (action == SSL_TKP_ALLOC) { +#ifndef SSL_TRUSTWAY_ENGINE ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary RSA private keys (512/1024 bits)"); /* allocate 512 bit RSA key */ @@ -465,6 +471,7 @@ ssl_die(); } } +#endif ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary DH parameters (512/1024 bits)"); @@ -499,6 +506,7 @@ /* Free Keys and Params */ else if (action == SSL_TKP_FREE) { +#ifndef SSL_TRUSTWAY_ENGINE if (mc->pTmpKeys[SSL_TKPIDX_RSA512] != NULL) { RSA_free((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA512]); mc->pTmpKeys[SSL_TKPIDX_RSA512] = NULL; @@ -507,6 +515,7 @@ RSA_free((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024]); mc->pTmpKeys[SSL_TKPIDX_RSA1024] = NULL; } +#endif if (mc->pTmpKeys[SSL_TKPIDX_DH512] != NULL) { DH_free((DH *)mc->pTmpKeys[SSL_TKPIDX_DH512]); mc->pTmpKeys[SSL_TKPIDX_DH512] = NULL; @@ -1032,7 +1041,11 @@ void ssl_init_ChildKill(void *data) { +#ifdef SSL_TRUSTWAY_ENGINE + trustway_freesession(); +#else /* currently nothing to do */ +#endif return; } diff -urN mod_ssl-2.8.8-1.3.24/pkg.sslmod/ssl_engine_kernel.c mod_ssl-2.8.8-1.3.24-tw/pkg.sslmod/ssl_engine_kernel.c --- mod_ssl-2.8.8-1.3.24/pkg.sslmod/ssl_engine_kernel.c Wed Mar 27 18:02:31 2002 +++ mod_ssl-2.8.8-1.3.24-tw/pkg.sslmod/ssl_engine_kernel.c Thu Apr 18 15:53:02 2002 @@ -1381,6 +1381,7 @@ * So we generated 512 and 1024 bit temporary keys on startup * which we now just handle out on demand.... */ +#ifndef SSL_TRUSTWAY_ENGINE RSA *ssl_callback_TmpRSA(SSL *pSSL, int nExport, int nKeyLen) { SSLModConfigRec *mc = myModConfig(); @@ -1403,6 +1404,18 @@ } return rsa; } +#else +extern RSA* trustway_RSA_generate_tmp_key(int bits, unsigned long e_value, + void (*callback)(int,int,void *), + void *cb_arg); +static RSA* tmpRSA=NULL; +RSA *ssl_callback_TmpRSA(SSL *pSSL, int nExport, int nKeyLen) +{ + if (tmpRSA == NULL) + tmpRSA = trustway_RSA_generate_tmp_key(nKeyLen, RSA_F4, NULL, NULL); + return tmpRSA; +} +#endif /* * Handle out the already generated DH parameters... diff -urN mod_ssl-2.8.8-1.3.24/pkg.sslmod/ssl_engine_log.c mod_ssl-2.8.8-1.3.24-tw/pkg.sslmod/ssl_engine_log.c --- mod_ssl-2.8.8-1.3.24/pkg.sslmod/ssl_engine_log.c Wed Mar 27 18:12:52 2002 +++ mod_ssl-2.8.8-1.3.24-tw/pkg.sslmod/ssl_engine_log.c Thu May 16 10:14:43 2002 @@ -289,22 +289,45 @@ strerror(safe_errno), safe_errno); } if (add & SSL_ADD_SSLERR) { +#ifdef SSL_TRUSTWAY_ENGINE + const char *file,*data; + int line,flags; + while ((e = ERR_get_error_line_data(&file,&line,&data,&flags))) { +#else while ((e = ERR_get_error())) { +#endif cpE = ERR_error_string(e, NULL); cpA = ssl_log_annotation(cpE); if (level <= sc->nLogLevel && sc->fileLogFile != NULL) { +#ifdef SSL_TRUSTWAY_ENGINE + ap_snprintf(str, sizeof(str), "%s%s%s: %s: %s:%s%s%s%s", + tstr, lstr, SSL_LIBRARY_NAME, cpE, + data!= NULL ? data : "" , + cpA != NULL ? " [Hint: " : "", + cpA != NULL ? cpA : "", cpA != NULL ? "]" : "", + nstr); +#else ap_snprintf(str, sizeof(str), "%s%s%s: %s%s%s%s%s", tstr, lstr, SSL_LIBRARY_NAME, cpE, cpA != NULL ? " [Hint: " : "", cpA != NULL ? cpA : "", cpA != NULL ? "]" : "", nstr); +#endif fprintf(sc->fileLogFile, "%s", str); } if (level & SSL_LOG_ERROR) +#ifdef SSL_TRUSTWAY_ENGINE + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s, + "%s: %s: %s%s%s%s", SSL_LIBRARY_NAME, cpE, + data!= NULL ? data : "" , + cpA != NULL ? " [Hint: " : "", + cpA != NULL ? cpA : "", cpA != NULL ? "]" : ""); +#else ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s, "%s: %s%s%s%s", SSL_LIBRARY_NAME, cpE, cpA != NULL ? " [Hint: " : "", cpA != NULL ? cpA : "", cpA != NULL ? "]" : ""); +#endif } } /* make sure the next log starts from a clean base */