Remove the hardcoded algorithm-type dependency for the SSLCertificateFile and SSLCertificateKeyFile directives, and deprecate SSLCertificateChainFile Splitting the patch into smaller pieces turned out to be infeasible, unfortunately, due to the heavily intertwined code in ssl_engine_config.c, ssl_engine_init.c and ssl_engine_pphrase.c, which all depends on the modssl_pk_server_t data structure. For better comprehensibility, a detailed listing of the changes follows: ssl_private.h - drop the X509 certs and EVP_PKEY keys arrays from modssl_pk_server_t - use apr_array_header_t for cert_files and key_files - drop tPublicCert from SSLModConfigRec - drop the ssl_algo_t struct and the SSL_ALGO_* and SSL_AIDX_* constants ssl_engine_config.c - change to apr_array_header_t for SSLCertificate[Key]File - drop ssl_cmd_check_aidx_max, i.e. allow an arbitrary number of certs and keys (in theory; currently OpenSSL does not support more than one cert/key per algorithm type) - add deprecation warning for SSLCertificateChainFile ssl_engine_init.c - configure server certs/keys in ssl_init_server_certs (no longer via ssl_pphrase_Handle in ssl_init_Module) - in ssl_init_server_certs, read in certificates and keys with standard OpenSSL API functions (SSL_CTX_use_*_file), and only fall back to ssl_load_encrypted_pkey when encountering an encrypted private key - drop ssl_server_import_cert, ssl_server_import_key, ssl_init_server_check, and ssl_init_ctx_cleanup_server - move the "problematic re-initialization" check to ssl_init_server_ctx ssl_engine_pphrase.c - use servername:port:index as the key identifier, instead of the previously used servername:port:algorithm - ssl_pphrase_Handle overhaul: remove all cert/public-key handling, make it only load a single (encrypted) private key, and rename to ssl_load_encrypted_pkey - in the passphrase prompt message, show the private key file name instead of the vhost id and the algorithm name - do no longer supply the algorithm name as an argument to "exec"-type passphrase prompting programs ssl_util.c - drop ssl_util_algotypeof, ssl_util_algotypestr, ssl_asn1_keystr, and ssl_asn1_table_keyfmt ssl_util_ssl.{c,h} - drop SSL_read_X509 - constify the filename arg for SSL_read_PrivateKey

Remove SSLPKCS7CertificateFile support: - was never documented, so very unlikely that it was ever used - adds complexity without apparent benefit; PKCS#7 files can be trivially converted to a file for use with SSLCertificateChainFile (concatenated X509 CERTIFICATE chunks, openssl pkcs7 -print_certs...) - only supports PKCS7 files with PEM encoding, i.e. relies on a non-standardized PEM header (cf. RFC 2315 and draft-josefsson-pkix-textual) - issues pointed out in http://mail-archives.apache.org/mod_mbox/httpd-dev/200607.mbox/%3C20060723093125.GA19423@redhat.com%3E were never fully addressed (cf. r424707 and r424735) - has never worked in vhost context due to a cfgMergeString call missing from modssl_ctx_cfg_merge

Address a todo listed in https://mail-archives.apache.org/mod_mbox/httpd-dev/200205.mbox/%3CPine.LNX.4.33.0205292300380.27841-100000%40mako.covalent.net%3E "init functions should return status code rather than ssl_die()" For diagnostic purposes, ssl_die() is still there, but instead of abruptly exit(1)ing, it will return APR_EGENERAL to the ssl_init_* callers in ssl_engine_init.c, and these will propagate the status back to ssl_init_Module.

Increase minimum required OpenSSL version to 0.9.8a (in preparation for the next mod_ssl commit, which will rely on the get_rfcX_prime_Y functions added in that release): - remove obsolete #defines / macros - in ssl_private.h, regroup definitions based on whether they depend on TLS extension support or not - for ECC and SRP support, set HAVE_X and change the rather awkward #ifndef OPENSSL_NO_X lines accordingly For the discussion prior to taking this step, see https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C524275C7.9060408%40velox.ch%3E

Avoid use of deprecated functions for OpenSSL version >= 1.0

Remove some checking for out-of-mem conditions that cannot be hit because apr_pcalloc/apr_pool_create will call abort() anyway.

Pass the server_rec to ssl_die() and use it to log a message to the main error log, pointing to the appropriate virtual host error log

Various fixes for log message tags: - Remove tags in ssl_log_ssl_error() and ssl_log_cert_error() - Instead add tags to various ssl_log_xerror, ssl_log_cxerror calls (ssl_log_rxerror is unused). - likewise for modssl_proxy_info_log() - Fix spelling of APLOG_NOERRNO in coccinelle script - add support for ssl_log_*error and ap_log_cserror - add some more tags missing due to APLOG_NOERRNO spelling error - Remove tags from example modules (we don't want people to blindly copy those)

Remove usage of APLOG_NOERRNO. It has been a no-op since at least 2.0.x

Add some more log message tags Remove some log message tags from ap_log_* calls that log lots of different error messages, in particular the config parsing errors. Not sure how we should handle those. ssl_util.c: Downgrade some dynamic locking messages from level DEBUG to TRACE1-3

Add another AP_DEBUG_ASSERT to document some assumptions in the code, for the benefit of code analyzers.

Cleanup effort in prep for GA push: Trim trailing whitespace... no func change

Add wrappers for malloc, calloc, realloc that check for out of memory situations. Use them in most places where malloc, and friends are used. This results in clean error messages in an out of memory situation instead of segfaulting or silently malfunctioning. In some places, it just allows to remove some logging code. PR 51568, PR 51569, PR 51571.

Remove the ssl_toolkit_compat layer, which is no longer needed after support for non-OpenSSL toolkits has been dropped. Replace macros by their value proper where feasible, and keep those definitions in ssl_private.h which depend on specific OpenSSL versions.

Drop support for the RSA BSAFE SSL-C toolkit from configure, and remove #ifdef'ed code from mod_ssl and ab where applicable. Consensus for dropping support for SSL/TLS toolkits other than OpenSSL was reached on dev@httpd in June 2010 (message with ID <20100602162310.GA11156@redhat.com> and follow-ups).

Consistently use loglevel emerg before ssl_die()

Fix some modules to make them compile with per-module loglevels.

Introduce SSLLOG_MARK for use with ssl_log_ssl_error(). This will allow to redefine APLOG_MARK later.

Free surrounding PKCS7 structure to avoid a leak.

enable support for ECC keys and ECDH ciphers. Tested against OpenSSL 1.0.0b3. [Vipul Gupta vipul.gupta sun.com, Sander Temme]

Move struct definition out of the header file since it is only used in this source file

Implement dynamic mutex callbacks for the benefit of OpenSSL.

* Style police / style nitpicking. No functional changes.

Layout and compiler warning.

Add PKCS#7 support.

update license header text

Update the copyright year in all .c, .h and .xml files

No functional Change: Removing trailing whitespace. This also means that "blank" lines consisting of just spaces or tabs are now really blank lines

Fix Bug#: 25659 (Memory leak in ssl_util_algotypeof()) Reported by David Blake in 2003, including patch.

Update copyright year to 2005 and standardize on current copyright owner line.

* modules/ssl/ssl_util.c, modules/ssl/ssl_private.h: Remove unused functions ssl_util_strupper, ssl_util_ptxtstub, and ssl_util_uuencode*.

Move mod_ssl-internal interfaces into ssl_private.h; allow mod_ssl.h to be included even when mod_ssl is not enabled. * Makefile.in (install-include): Only install mod_ssl.h. * modules/ssl/ssl_private.h: New file. * modules/ssl/mod_ssl.h: Move everything apart from than the optional hook definitions into ssl_private.h. * modules/ssl/*.c: Include ssl_private.h not mod_ssl.h * modules/ssl/config.m4: Always add the mod_ssl directory to the include path so other modules can find mod_ssl.h. * modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional hook definitions rather than copy'n'pasting them.

fix name of The Apache Software Foundation

fix copyright dates according to the first check in

apply Apache License, Version 2.0

update license to 2004.

SSL-C doesn't declare the char* file arg const, so we shouldn't either.

Prevent the OpenSSL id_callback from pointing at a mod_ssl function after mod_ssl is unloaded. * ssl_util.c (ssl_util_thread_cleanup): Clear the id_callback.

Have some consistency! Fixes logic I introduced in 1.37.

Introduce a number of SSLC hints to mod_ssl, including the following type overrides; MODSSL_CLIENT_CERT_CB_ARG_TYPE MODSSL_PCHAR_CAST (for a host of non-void/const sslc values) modssl_read_bio_cb_fn (for several callbacks with same prototypes) Declare callback functions appropriately. And protect us from indetermineant toolkits with #error "Unrecognized SSL Toolkit!"

finished that boring job: update license to 2003. Happy New Year! ;-))

After some productive feedback and no negative feedback, introduce SSLEngine upgrade so that we can begin and continue to support these facilities. This makes it simpler to keep this effort (while we have no known clients that support Connection: upgrade at this time), and begin refactoring more of SSL into smaller and tighter (and then optional) components. Submitted by: Ryan Bloom Reviewed by: William Rowe, Joe Orton

This stuff shouldn't have been committed. This is the SSL upgrade stuff, and it was included in a commit that shouldn't have touched these files.

Fix a compile of compiler warnings. I don't know how these slipped past. Also, uncomment a line of code that the last commit should have uncommented. Randall found this line and the fix, but I forgot to uncomment this line along with the fix.

The only remaining question ... are nested or strictly unnested locks expected by OpenSSL? Right now I've left it as _DEFAULT for the platform preference. Very simple code really - the server_rec was superfluous.

Fix a mod_ssl build problem on OS/390. This is admittedly rather ugly code to come up with a unique 4-byte identifier for the thread. Since our threads are pthreads and a pthread maps 1:1 to a TCB, the address of the TCB is sufficient. Yes, every TCB sees a different piece of real storage mapped to the first page, so the code does make sense.

de-hungarian-ize server config member names which are going to stay

adjust to another const char vs char mismatch between OpenSSL and sslc

Update our copyright for this year.

add ssl_asn1_keystr() util function that returns string representation (RSA or DSA) of the key index.

add ssl_asn1_table_keyfmt() function for clarity

remove obsolete ssl_ds_{table,array} api

Document future binary compatibility problem.

mod_ssl adjustments to help with using toolkits other than OpenSSL: Use SSL functions/macros instead of directly dereferencing SSL structures wherever possible. Add type-casts for the cases where functions return a generic pointer. Add $SSL/include to configure search path. PR: Obtained from: Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com> Reviewed by: dougm

get SSLPassPhraseDialog exec: working by passing the proper arguments to apr_proc_create() PR: Obtained from: Submitted by: Reviewed by:

ssl_util_getmodconfig() and ssl_util_getmodconfig_ssl() show up high in the gprof profile. there's no need for the "global" SSLModConfigRec to live in the s->process->pool userdata table. we now just point the SSLSrvConfigRec in each server_rec.module_config to the SSLModConfigRec so we can access it directly which is much faster. PR: Obtained from: Submitted by: Reviewed by:

Gets us compiling again on FreeBSD. Adds conditional compilation around thread mutex routines for when we don't have APR_HAS_THREADS. Submitted by: Justin Erenkrantz Reviewed by: Aaron Bannert

No good reason to have this in <> instead of "". Having it in <> might interact badly with makefile dependency generators, too.

Conversion from old apr_lock_t to new apr_thread_mutex_t (only converting INTRAPROCESS locks at this time). I don't see how this used to work, which also means I'm not entirely sure if it works now. It really didn't look like it was allocating the correct size before. It compiles and SSL still works in my limited tests, but I'd appreciate a second opinion.

Style updates before I convert to the new lock type.

apr_os_thread_current() call needs #if APR_HAS_THREADS protection PR: Obtained from: Submitted by: Justin Erenkrantz <jerenkrantz@ebuilt.com> Reviewed by:

fix prototype

implement CRYPTO_set_id_callback PR: Obtained from: Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com> Reviewed by: dougm

change APR_LOCKALL to APR_INTRAPROCESS for crypto locks PR: Obtained from: Submitted by: Justin Erenkrantz <jerenkrantz@ebuilt.com> Reviewed by:

only set the crypto locking callback if mpm is threaded get rid of some warnings introduced by the original patch PR: Obtained from: Submitted by: Reviewed by:

Implement CRYPTO_set_locking_callback() for mod_ssl PR: Obtained from: Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com> Reviewed by: dougm

Silly compiler, const char* is for text :)

Explicitly fix some types, and opt-out on macro conflicts

Apply mod_ssl MEGA porting patch. This is a cleaned up version of the latest patches from Madhusudan which makes mod_ssl 95% working inside Apache 2.0. There is still a lot of more work (both porting and cleanup) to do be done. See modules/ssl/README for details. Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>

Merge in part of a set of mod_ssl porting changes. Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>

What once was ap_ ...

Port ssl_util.c stuff to APR.

Axe most WIN32 stuff from Apache 1.3. In Apache 2.0 we either use APR later for this or we don't do it at all. But we certainly no longer want to see any platform specific things inside a module.

Axe out EAPI-based SSL_VENDOR stuff. If we want this later again, we have to do it differently anyway. So, for now we try to strip down mod_ssl as heavy as possible and hence we kick out this stuff at all.

Next step in mod_ssl integration: Add missing files to build environment.

mod_ssl integration step 2: transfer copyright of all code to ASF by using Apache Software License v1.1

Initial revision