]>
Commit | Line | Data |
---|---|---|
b22d41a1 ER |
1 | diff -ru orig/build_modssl_with_npn.sh mod/build_modssl_with_npn.sh |
2 | --- orig/build_modssl_with_npn.sh 2013-04-18 18:07:32.000000000 +0200 | |
3 | +++ mod/build_modssl_with_npn.sh 2013-04-18 18:47:14.000000000 +0200 | |
4 | @@ -94,7 +94,7 @@ | |
5 | } | |
6 | ||
7 | OPENSSL_SRC_TGZ_URL="http://www.openssl.org/source/openssl-1.0.1c.tar.gz" | |
8 | -APACHE_HTTPD_SRC_TGZ_URL="http://archive.apache.org/dist/httpd/httpd-2.2.22.tar.gz" | |
9 | +APACHE_HTTPD_SRC_TGZ_URL="http://archive.apache.org/dist/httpd/httpd-2.4.4.tar.gz" | |
10 | APACHE_HTTPD_MODSSL_NPN_PATCH_PATH="$(dirname $0)/scripts/mod_ssl_with_npn.patch" | |
11 | ||
12 | OPENSSL_SRC_TGZ=$(basename $OPENSSL_SRC_TGZ_URL) | |
13 | @@ -113,7 +113,7 @@ | |
14 | pushd $BUILDROOT >/dev/null | |
15 | ||
16 | download_file $OPENSSL_SRC_TGZ_URL $OPENSSL_SRC_TGZ ae412727c8c15b67880aef7bd2999b2e | |
17 | -download_file $APACHE_HTTPD_SRC_TGZ_URL $APACHE_HTTPD_SRC_TGZ d77fa5af23df96a8af68ea8114fa6ce1 | |
18 | +download_file $APACHE_HTTPD_SRC_TGZ_URL $APACHE_HTTPD_SRC_TGZ a2fed766e67c9681e0d9b86768f08286 | |
19 | ||
20 | echo "" | |
21 | ||
22 | diff -ru orig/mod_spdy/apache/apache_spdy_stream_task_factory.cc mod/mod_spdy/apache/apache_spdy_stream_task_factory.cc | |
23 | --- orig/mod_spdy/apache/apache_spdy_stream_task_factory.cc 2013-04-18 18:08:10.000000000 +0200 | |
24 | +++ mod/mod_spdy/apache/apache_spdy_stream_task_factory.cc 2013-04-18 20:16:43.000000000 +0200 | |
25 | @@ -98,8 +98,8 @@ | |
26 | slave_connection_->base_server = master_connection->base_server; | |
27 | slave_connection_->local_addr = master_connection->local_addr; | |
28 | slave_connection_->local_ip = master_connection->local_ip; | |
29 | - slave_connection_->remote_addr = master_connection->remote_addr; | |
30 | - slave_connection_->remote_ip = master_connection->remote_ip; | |
31 | + slave_connection_->client_addr = master_connection->client_addr; | |
32 | + slave_connection_->client_ip = master_connection->client_ip; | |
33 | ||
34 | // We're supposed to pass a socket object to ap_process_connection below, but | |
35 | // there's no meaningful object to pass for this slave connection, because | |
36 | diff -ru orig/mod_spdy/apache/log_message_handler.cc mod/mod_spdy/apache/log_message_handler.cc | |
37 | --- orig/mod_spdy/apache/log_message_handler.cc 2013-04-18 18:08:10.000000000 +0200 | |
38 | +++ mod/mod_spdy/apache/log_message_handler.cc 2013-04-18 20:21:31.000000000 +0200 | |
39 | @@ -22,6 +22,7 @@ | |
40 | // #defined LOG_* as numbers. This conflicts with what we are using those here. | |
41 | #undef HAVE_SYSLOG | |
42 | #include "http_log.h" | |
43 | +APLOG_USE_MODULE(spdy); | |
44 | ||
45 | #include "base/debug/debugger.h" | |
46 | #include "base/debug/stack_trace.h" | |
47 | diff -ru orig/mod_spdy/mod_spdy.cc mod/mod_spdy/mod_spdy.cc | |
48 | --- orig/mod_spdy/mod_spdy.cc 2013-04-18 18:07:32.000000000 +0200 | |
49 | +++ mod/mod_spdy/mod_spdy.cc 2013-04-18 20:31:56.000000000 +0200 | |
50 | @@ -254,8 +254,8 @@ | |
51 | for (server_rec* server = server_list; server != NULL; | |
52 | server = server->next) { | |
53 | spdy_enabled |= mod_spdy::GetServerConfig(server)->spdy_enabled(); | |
54 | - if (server->loglevel > max_apache_log_level) { | |
55 | - max_apache_log_level = server->loglevel; | |
56 | + if (server->log.level > max_apache_log_level) { | |
57 | + max_apache_log_level = server->log.level; | |
58 | } | |
59 | } | |
60 | ||
61 | diff -ru orig/scripts/mod_ssl_with_npn.patch mod/scripts/mod_ssl_with_npn.patch | |
62 | --- orig/scripts/mod_ssl_with_npn.patch 2013-04-18 18:08:10.000000000 +0200 | |
63 | +++ mod/scripts/mod_ssl_with_npn.patch 2013-04-18 19:29:03.000000000 +0200 | |
64 | @@ -1,21 +1,60 @@ | |
65 | -Index: modules/ssl/ssl_private.h | |
66 | -=================================================================== | |
67 | ---- modules/ssl/ssl_private.h (revision 1367982) | |
68 | -+++ modules/ssl/ssl_private.h (working copy) | |
69 | -@@ -603,6 +603,7 @@ | |
70 | - #ifndef OPENSSL_NO_TLSEXT | |
71 | - int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *); | |
72 | - #endif | |
73 | -+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); | |
74 | +diff -ru modules/ssl/mod_ssl.c modules/ssl/mod_ssl.c | |
75 | +--- modules/ssl/mod_ssl.c 2012-12-11 10:55:03.000000000 +0100 | |
76 | ++++ modules/ssl/mod_ssl.c 2013-04-18 19:20:51.000000000 +0200 | |
77 | +@@ -272,6 +272,18 @@ | |
78 | + AP_END_CMD | |
79 | + }; | |
80 | + | |
81 | ++/* Implement 'modssl_run_npn_advertise_protos_hook'. */ | |
82 | ++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( | |
83 | ++ modssl, AP, int, npn_advertise_protos_hook, | |
84 | ++ (conn_rec *connection, apr_array_header_t *protos), | |
85 | ++ (connection, protos), OK, DECLINED); | |
86 | ++ | |
87 | ++/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ | |
88 | ++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( | |
89 | ++ modssl, AP, int, npn_proto_negotiated_hook, | |
90 | ++ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), | |
91 | ++ (connection, proto_name, proto_name_len), OK, DECLINED); | |
92 | ++ | |
93 | + /* | |
94 | + * the various processing hooks | |
95 | + */ | |
96 | +diff -ru modules/ssl/mod_ssl.h modules/ssl/mod_ssl.h | |
97 | +--- modules/ssl/mod_ssl.h 2011-09-23 15:38:09.000000000 +0200 | |
98 | ++++ modules/ssl/mod_ssl.h 2013-04-18 19:20:51.000000000 +0200 | |
99 | +@@ -63,5 +63,26 @@ | |
100 | ||
101 | - /** Session Cache Support */ | |
102 | - void ssl_scache_init(server_rec *, apr_pool_t *); | |
103 | -Index: modules/ssl/ssl_engine_init.c | |
104 | -=================================================================== | |
105 | ---- modules/ssl/ssl_engine_init.c (revision 1367982) | |
106 | -+++ modules/ssl/ssl_engine_init.c (working copy) | |
107 | -@@ -559,6 +559,11 @@ | |
108 | - SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); | |
109 | + APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); | |
110 | + | |
111 | ++/** The npn_advertise_protos optional hook allows other modules to add entries | |
112 | ++ * to the list of protocol names advertised by the server during the Next | |
113 | ++ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is | |
114 | ++ * given the connection and an APR array; it should push one or more char*'s | |
115 | ++ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto | |
116 | ++ * the array and return OK, or do nothing and return DECLINED. */ | |
117 | ++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, | |
118 | ++ (conn_rec *connection, apr_array_header_t *protos)); | |
119 | ++ | |
120 | ++/** The npn_proto_negotiated optional hook allows other modules to discover the | |
121 | ++ * name of the protocol that was chosen during the Next Protocol Negotiation | |
122 | ++ * (NPN) portion of the SSL handshake. Note that this may be the empty string | |
123 | ++ * (in which case modules should probably assume HTTP), or it may be a protocol | |
124 | ++ * that was never even advertised by the server. The hook callee is given the | |
125 | ++ * connection, a non-null-terminated string containing the protocol name, and | |
126 | ++ * the length of the string; it should do something appropriate (i.e. insert or | |
127 | ++ * remove filters) and return OK, or do nothing and return DECLINED. */ | |
128 | ++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, | |
129 | ++ (conn_rec *connection, const char *proto_name, | |
130 | ++ apr_size_t proto_name_len)); | |
131 | ++ | |
132 | + #endif /* __MOD_SSL_H__ */ | |
133 | + /** @} */ | |
134 | +diff -ru modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_init.c | |
135 | +--- modules/ssl/ssl_engine_init.c 2012-12-11 10:55:03.000000000 +0100 | |
136 | ++++ modules/ssl/ssl_engine_init.c 2013-04-18 19:20:51.000000000 +0200 | |
137 | +@@ -725,6 +725,11 @@ | |
138 | + #endif | |
139 | ||
140 | SSL_CTX_set_info_callback(ctx, ssl_callback_Info); | |
141 | + | |
142 | @@ -26,11 +65,10 @@ | |
143 | } | |
144 | ||
145 | static void ssl_init_ctx_verify(server_rec *s, | |
146 | -Index: modules/ssl/ssl_engine_io.c | |
147 | -=================================================================== | |
148 | ---- modules/ssl/ssl_engine_io.c (revision 1367982) | |
149 | -+++ modules/ssl/ssl_engine_io.c (working copy) | |
150 | -@@ -338,6 +338,7 @@ | |
151 | +diff -ru modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_io.c | |
152 | +--- modules/ssl/ssl_engine_io.c 2012-09-21 17:10:12.000000000 +0200 | |
153 | ++++ modules/ssl/ssl_engine_io.c 2013-04-18 19:20:51.000000000 +0200 | |
154 | +@@ -297,6 +297,7 @@ | |
155 | apr_pool_t *pool; | |
156 | char buffer[AP_IOBUFSIZE]; | |
157 | ssl_filter_ctx_t *filter_ctx; | |
158 | @@ -38,7 +76,7 @@ | |
159 | } bio_filter_in_ctx_t; | |
160 | ||
161 | /* | |
162 | -@@ -1409,6 +1410,27 @@ | |
163 | +@@ -1385,6 +1386,27 @@ | |
164 | APR_BRIGADE_INSERT_TAIL(bb, bucket); | |
165 | } | |
166 | ||
167 | @@ -66,22 +104,21 @@ | |
168 | return APR_SUCCESS; | |
169 | } | |
170 | ||
171 | -@@ -1753,6 +1775,7 @@ | |
172 | +@@ -1866,6 +1888,7 @@ | |
173 | inctx->block = APR_BLOCK_READ; | |
174 | inctx->pool = c->pool; | |
175 | inctx->filter_ctx = filter_ctx; | |
176 | + inctx->npn_finished = 0; | |
177 | } | |
178 | ||
179 | - void ssl_io_filter_init(conn_rec *c, SSL *ssl) | |
180 | -Index: modules/ssl/ssl_engine_kernel.c | |
181 | -=================================================================== | |
182 | ---- modules/ssl/ssl_engine_kernel.c (revision 1367982) | |
183 | -+++ modules/ssl/ssl_engine_kernel.c (working copy) | |
184 | -@@ -2104,3 +2104,84 @@ | |
185 | - return 0; | |
186 | + /* The request_rec pointer is passed in here only to ensure that the | |
187 | +diff -ru modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_kernel.c | |
188 | +--- modules/ssl/ssl_engine_kernel.c 2012-12-11 10:55:03.000000000 +0100 | |
189 | ++++ modules/ssl/ssl_engine_kernel.c 2013-04-18 19:20:51.000000000 +0200 | |
190 | +@@ -2186,3 +2186,84 @@ | |
191 | } | |
192 | - #endif | |
193 | + | |
194 | + #endif /* OPENSSL_NO_SRP */ | |
195 | + | |
196 | +#ifdef HAVE_TLS_NPN | |
197 | +/* | |
198 | @@ -163,66 +200,11 @@ | |
199 | + return SSL_TLSEXT_ERR_OK; | |
200 | +} | |
201 | +#endif | |
202 | -Index: modules/ssl/mod_ssl.c | |
203 | -=================================================================== | |
204 | ---- modules/ssl/mod_ssl.c (revision 1367982) | |
205 | -+++ modules/ssl/mod_ssl.c (working copy) | |
206 | -@@ -220,6 +220,18 @@ | |
207 | - AP_END_CMD | |
208 | - }; | |
209 | - | |
210 | -+/* Implement 'modssl_run_npn_advertise_protos_hook'. */ | |
211 | -+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( | |
212 | -+ modssl, AP, int, npn_advertise_protos_hook, | |
213 | -+ (conn_rec *connection, apr_array_header_t *protos), | |
214 | -+ (connection, protos), OK, DECLINED); | |
215 | -+ | |
216 | -+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */ | |
217 | -+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL( | |
218 | -+ modssl, AP, int, npn_proto_negotiated_hook, | |
219 | -+ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len), | |
220 | -+ (connection, proto_name, proto_name_len), OK, DECLINED); | |
221 | -+ | |
222 | - /* | |
223 | - * the various processing hooks | |
224 | - */ | |
225 | -Index: modules/ssl/mod_ssl.h | |
226 | -=================================================================== | |
227 | ---- modules/ssl/mod_ssl.h (revision 1367982) | |
228 | -+++ modules/ssl/mod_ssl.h (working copy) | |
229 | -@@ -60,5 +60,26 @@ | |
230 | - | |
231 | - APR_DECLARE_OPTIONAL_FN(apr_array_header_t *, ssl_extlist_by_oid, (request_rec *r, const char *oidstr)); | |
232 | - | |
233 | -+/** The npn_advertise_protos optional hook allows other modules to add entries | |
234 | -+ * to the list of protocol names advertised by the server during the Next | |
235 | -+ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is | |
236 | -+ * given the connection and an APR array; it should push one or more char*'s | |
237 | -+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto | |
238 | -+ * the array and return OK, or do nothing and return DECLINED. */ | |
239 | -+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook, | |
240 | -+ (conn_rec *connection, apr_array_header_t *protos)); | |
241 | -+ | |
242 | -+/** The npn_proto_negotiated optional hook allows other modules to discover the | |
243 | -+ * name of the protocol that was chosen during the Next Protocol Negotiation | |
244 | -+ * (NPN) portion of the SSL handshake. Note that this may be the empty string | |
245 | -+ * (in which case modules should probably assume HTTP), or it may be a protocol | |
246 | -+ * that was never even advertised by the server. The hook callee is given the | |
247 | -+ * connection, a non-null-terminated string containing the protocol name, and | |
248 | -+ * the length of the string; it should do something appropriate (i.e. insert or | |
249 | -+ * remove filters) and return OK, or do nothing and return DECLINED. */ | |
250 | -+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook, | |
251 | -+ (conn_rec *connection, const char *proto_name, | |
252 | -+ apr_size_t proto_name_len)); | |
253 | -+ | |
254 | - #endif /* __MOD_SSL_H__ */ | |
255 | - /** @} */ | |
256 | -Index: modules/ssl/ssl_toolkit_compat.h | |
257 | -=================================================================== | |
258 | ---- modules/ssl/ssl_toolkit_compat.h (revision 1367982) | |
259 | -+++ modules/ssl/ssl_toolkit_compat.h (working copy) | |
260 | -@@ -145,6 +145,11 @@ | |
261 | - #define HAVE_FIPS | |
262 | +diff -ru modules/ssl/ssl_private.h modules/ssl/ssl_private.h | |
263 | +--- modules/ssl/ssl_private.h 2012-12-11 10:55:03.000000000 +0100 | |
264 | ++++ modules/ssl/ssl_private.h 2013-04-18 19:20:51.000000000 +0200 | |
265 | +@@ -149,6 +149,11 @@ | |
266 | + #define OPENSSL_NO_EC | |
267 | #endif | |
268 | ||
269 | +#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \ | |
270 | @@ -233,3 +215,11 @@ | |
271 | #ifndef PEM_F_DEF_CALLBACK | |
272 | #ifdef PEM_F_PEM_DEF_CALLBACK | |
273 | /** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */ | |
274 | +@@ -614,6 +619,7 @@ | |
275 | + unsigned char aes_key[16]; | |
276 | + } modssl_ticket_key_t; | |
277 | + #endif | |
278 | ++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg); | |
279 | + | |
280 | + typedef struct SSLSrvConfigRec SSLSrvConfigRec; | |
281 | + |