| blob | ca44ac9394278babff5145169f831e3ebc82774e |
1 diff -Nur httpd-2.2.17/modules/ssl/ssl_engine_init.c httpd-2.2.17-patched/modules/ssl/ssl_engine_init.c
2 --- httpd-2.2.17/modules/ssl/ssl_engine_init.c 2010-07-12 22:47:45.000000000 +0400
3 +++ httpd-2.2.17-patched/modules/ssl/ssl_engine_init.c 2010-12-22 21:40:15.000000000 +0300
4 @@ -359,7 +359,15 @@
5 ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
6 ssl_die();
7 }
8 -
9 +
10 + if (!ENGINE_init(e)) {
11 + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
12 + "Init: Failed to initialize Crypto Device API `%s'",
13 + mc->szCryptoDevice);
14 + ssl_log_ssl_error(APLOG_MARK, APLOG_ERR,s);
15 + ssl_die();
16 + }
17 +
18 if (strEQ(mc->szCryptoDevice, "chil")) {
19 ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
20 }
21 @@ -375,6 +383,8 @@
22 "Init: loaded Crypto Device API `%s'",
23 mc->szCryptoDevice);
25 + /* Have to reinitalize SSL after loading engine */
26 + SSL_library_init();
27 ENGINE_free(e);
28 }
29 }
30 @@ -441,6 +451,9 @@
31 modssl_ctx_t *mctx)
32 {
33 SSL_CTX *ctx = NULL;
34 +#if OPENSSL_VERSION_NUMBER>=0x0909000L
35 +const
36 +#endif
37 MODSSL_SSL_METHOD_CONST SSL_METHOD *method = NULL;
38 char *cp;
39 int protocol = mctx->protocol;
40 @@ -821,10 +834,17 @@
41 ssl_asn1_t *asn1;
42 MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;
43 const char *type = ssl_asn1_keystr(idx);
44 - int pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
45 + int pkey_type;
46 EVP_PKEY *pkey;
47 + EVP_PKEY *pubkey = NULL;
49 - if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) {
50 + if (mctx->pks->certs[idx]) {
51 + pubkey = X509_get_pubkey(mctx->pks->certs[idx]);
52 + pkey_type = pubkey->type;
53 + EVP_PKEY_free(pubkey);
54 + }
55 +
56 + if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) {
57 return FALSE;
58 }
60 @@ -933,34 +953,32 @@
61 apr_pool_t *ptemp,
62 modssl_ctx_t *mctx)
63 {
64 - const char *rsa_id, *dsa_id;
65 + const char *id;
66 const char *vhost_id = mctx->sc->vhost_id;
67 int i;
68 - int have_rsa, have_dsa;
69 -
70 - rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
71 - dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
72 +
73 + int have_key = 0,have_cert=0;
75 - have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
76 - have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
77 + for (i = 0; i < SSL_AIDX_MAX; i++) {
78 + id = ssl_asn1_table_keyfmt(ptemp, vhost_id, i);
79 + ap_log_error(APLOG_MARK,APLOG_DEBUG,0,s,"Trying key with id %s alg %d",id,i);
80 + have_cert = ssl_server_import_cert(s, mctx, id, i) || have_cert;
81 + ssl_check_public_cert(s, ptemp, mctx->pks->certs[i], i);
82 + have_key = ssl_server_import_key(s, mctx, id, i) || have_key;
83 + };
85 - if (!(have_rsa || have_dsa)) {
86 + if (!have_cert) {
87 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
88 - "Oops, no RSA or DSA server certificate found "
89 + "Oops, no server certificate found "
90 "for '%s:%d'?!", s->server_hostname, s->port);
91 ssl_die();
92 }
94 - for (i = 0; i < SSL_AIDX_MAX; i++) {
95 - ssl_check_public_cert(s, ptemp, mctx->pks->certs[i], i);
96 - }
98 - have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
99 - have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
101 - if (!(have_rsa || have_dsa)) {
102 + if (!(have_key)) {
103 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
104 - "Oops, no RSA or DSA server private key found?!");
105 + "Oops, no server private key found?!");
106 ssl_die();
107 }
108 }
109 diff -Nur httpd-2.2.17/modules/ssl/ssl_private.h httpd-2.2.17-patched/modules/ssl/ssl_private.h
110 --- httpd-2.2.17/modules/ssl/ssl_private.h 2010-07-12 22:47:45.000000000 +0400
111 +++ httpd-2.2.17-patched/modules/ssl/ssl_private.h 2010-12-22 21:44:06.000000000 +0300
112 @@ -181,11 +181,24 @@
113 #define SSL_ALGO_UNKNOWN (0)
114 #define SSL_ALGO_RSA (1<<0)
115 #define SSL_ALGO_DSA (1<<1)
116 +#if OPENSSL_VERSION_NUMBER >= 0x00909000L
117 +#define SSL_ALGO_EC (1<<2)
118 +#define SSL_ALGO_GOST94 (1<<3)
119 +#define SSL_ALGO_GOST01 (1<<4)
120 +#define SSL_ALGO_ALL (0x1F)
121 +#else
122 #define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA)
123 -
124 +#endif
125 #define SSL_AIDX_RSA (0)
126 #define SSL_AIDX_DSA (1)
127 -#define SSL_AIDX_MAX (2)
128 +#if OPENSSL_VERSION_NUMBER >= 0x00909000L
129 +#define SSL_AIDX_EC (2)
130 +#define SSL_AIDX_GOST94 (3)
131 +#define SSL_AIDX_GOST01 (4)
132 +#define SSL_AIDX_MAX (5)
133 +#else
134 +#define SSL_AIDX_MAX (2)
135 +#endif
138 /**
139 diff -Nur httpd-2.2.17/modules/ssl/ssl_util.c httpd-2.2.17-patched/modules/ssl/ssl_util.c
140 --- httpd-2.2.17/modules/ssl/ssl_util.c 2008-09-18 18:34:51.000000000 +0400
141 +++ httpd-2.2.17-patched/modules/ssl/ssl_util.c 2010-12-22 21:48:20.000000000 +0300
142 @@ -150,6 +150,17 @@
143 case EVP_PKEY_DSA:
144 t = SSL_ALGO_DSA;
145 break;
146 + #if OPENSSL_VERSION_NUMBER >= 0x0909000L
147 + case EVP_PKEY_EC:
148 + t = SSL_ALGO_EC;
149 + break;
150 + case NID_id_GostR3410_94:
151 + t = SSL_ALGO_GOST94;
152 + break;
153 + case NID_id_GostR3410_2001:
154 + t = SSL_ALGO_GOST01;
155 + break;
156 + #endif
157 default:
158 break;
159 }
160 @@ -174,6 +185,17 @@
161 case SSL_ALGO_DSA:
162 cp = "DSA";
163 break;
164 +#if OPENSSL_VERSION_NUMBER >= 0x0909000L
165 + case SSL_ALGO_EC:
166 + cp = "EC";
167 + break;
168 + case SSL_ALGO_GOST94:
169 + cp = "GOST R 34.10-94";
170 + break;
171 + case SSL_ALGO_GOST01:
172 + cp= "GOST R 34.10-2001";
173 + break;
174 +#endif
175 default:
176 break;
177 }
178 @@ -245,7 +267,7 @@
179 apr_hash_set(table, key, klen, NULL);
180 }
182 -static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
183 +static const char *ssl_asn1_key_types[] = {"RSA", "DSA","EC","GOST R 34.10-94", "GOST R 34.10-2001"};
185 const char *ssl_asn1_keystr(int keytype)
186 {