1 diff -Nur httpd-2.2.17/modules/ssl/ssl_engine_init.c httpd-2.2.17-patched/modules/ssl/ssl_engine_init.c
2 --- httpd-2.2.17/modules/ssl/ssl_engine_init.c 2010-07-12 22:47:45.000000000 +0400
3 +++ httpd-2.2.17-patched/modules/ssl/ssl_engine_init.c 2010-12-22 21:40:15.000000000 +0300
5 ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
10 + if (!ENGINE_init(e)) {
11 + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
12 + "Init: Failed to initialize Crypto Device API `%s'",
13 + mc->szCryptoDevice);
14 + ssl_log_ssl_error(APLOG_MARK, APLOG_ERR,s);
18 if (strEQ(mc->szCryptoDevice, "chil")) {
19 ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
22 "Init: loaded Crypto Device API `%s'",
25 + /* Have to reinitalize SSL after loading engine */
34 +#if OPENSSL_VERSION_NUMBER>=0x0909000L
37 MODSSL_SSL_METHOD_CONST SSL_METHOD *method = NULL;
39 int protocol = mctx->protocol;
42 MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;
43 const char *type = ssl_asn1_keystr(idx);
44 - int pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
47 + EVP_PKEY *pubkey = NULL;
49 - if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) {
50 + if (mctx->pks->certs[idx]) {
51 + pubkey = X509_get_pubkey(mctx->pks->certs[idx]);
52 + pkey_type = pubkey->type;
53 + EVP_PKEY_free(pubkey);
56 + if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) {
64 - const char *rsa_id, *dsa_id;
66 const char *vhost_id = mctx->sc->vhost_id;
68 - int have_rsa, have_dsa;
70 - rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
71 - dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
73 + int have_key = 0,have_cert=0;
75 - have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
76 - have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
77 + for (i = 0; i < SSL_AIDX_MAX; i++) {
78 + id = ssl_asn1_table_keyfmt(ptemp, vhost_id, i);
79 + ap_log_error(APLOG_MARK,APLOG_DEBUG,0,s,"Trying key with id %s alg %d",id,i);
80 + have_cert = ssl_server_import_cert(s, mctx, id, i) || have_cert;
81 + ssl_check_public_cert(s, ptemp, mctx->pks->certs[i], i);
82 + have_key = ssl_server_import_key(s, mctx, id, i) || have_key;
85 - if (!(have_rsa || have_dsa)) {
87 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
88 - "Oops, no RSA or DSA server certificate found "
89 + "Oops, no server certificate found "
90 "for '%s:%d'?!", s->server_hostname, s->port);
94 - for (i = 0; i < SSL_AIDX_MAX; i++) {
95 - ssl_check_public_cert(s, ptemp, mctx->pks->certs[i], i);
98 - have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
99 - have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
101 - if (!(have_rsa || have_dsa)) {
103 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
104 - "Oops, no RSA or DSA server private key found?!");
105 + "Oops, no server private key found?!");
109 diff -Nur httpd-2.2.17/modules/ssl/ssl_private.h httpd-2.2.17-patched/modules/ssl/ssl_private.h
110 --- httpd-2.2.17/modules/ssl/ssl_private.h 2010-07-12 22:47:45.000000000 +0400
111 +++ httpd-2.2.17-patched/modules/ssl/ssl_private.h 2010-12-22 21:44:06.000000000 +0300
112 @@ -181,11 +181,24 @@
113 #define SSL_ALGO_UNKNOWN (0)
114 #define SSL_ALGO_RSA (1<<0)
115 #define SSL_ALGO_DSA (1<<1)
116 +#if OPENSSL_VERSION_NUMBER >= 0x00909000L
117 +#define SSL_ALGO_EC (1<<2)
118 +#define SSL_ALGO_GOST94 (1<<3)
119 +#define SSL_ALGO_GOST01 (1<<4)
120 +#define SSL_ALGO_ALL (0x1F)
122 #define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA)
125 #define SSL_AIDX_RSA (0)
126 #define SSL_AIDX_DSA (1)
127 -#define SSL_AIDX_MAX (2)
128 +#if OPENSSL_VERSION_NUMBER >= 0x00909000L
129 +#define SSL_AIDX_EC (2)
130 +#define SSL_AIDX_GOST94 (3)
131 +#define SSL_AIDX_GOST01 (4)
132 +#define SSL_AIDX_MAX (5)
134 +#define SSL_AIDX_MAX (2)
139 diff -Nur httpd-2.2.17/modules/ssl/ssl_util.c httpd-2.2.17-patched/modules/ssl/ssl_util.c
140 --- httpd-2.2.17/modules/ssl/ssl_util.c 2008-09-18 18:34:51.000000000 +0400
141 +++ httpd-2.2.17-patched/modules/ssl/ssl_util.c 2010-12-22 21:48:20.000000000 +0300
146 + #if OPENSSL_VERSION_NUMBER >= 0x0909000L
150 + case NID_id_GostR3410_94:
151 + t = SSL_ALGO_GOST94;
153 + case NID_id_GostR3410_2001:
154 + t = SSL_ALGO_GOST01;
164 +#if OPENSSL_VERSION_NUMBER >= 0x0909000L
168 + case SSL_ALGO_GOST94:
169 + cp = "GOST R 34.10-94";
171 + case SSL_ALGO_GOST01:
172 + cp= "GOST R 34.10-2001";
179 apr_hash_set(table, key, klen, NULL);
182 -static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
183 +static const char *ssl_asn1_key_types[] = {"RSA", "DSA","EC","GOST R 34.10-94", "GOST R 34.10-2001"};
185 const char *ssl_asn1_keystr(int keytype)