[packages/apache-mod_spdy.git] / apache2.4.patch

diff -ru orig/build_modssl_with_npn.sh mod/build_modssl_with_npn.sh
--- orig/build_modssl_with_npn.sh	2013-04-18 18:07:32.000000000 +0200
+++ mod/build_modssl_with_npn.sh	2013-04-18 18:47:14.000000000 +0200
@@ -94,7 +94,7 @@
 }
 
 OPENSSL_SRC_TGZ_URL="http://www.openssl.org/source/openssl-1.0.1c.tar.gz"
-APACHE_HTTPD_SRC_TGZ_URL="http://archive.apache.org/dist/httpd/httpd-2.2.22.tar.gz"
+APACHE_HTTPD_SRC_TGZ_URL="http://archive.apache.org/dist/httpd/httpd-2.4.4.tar.gz"
 APACHE_HTTPD_MODSSL_NPN_PATCH_PATH="$(dirname $0)/scripts/mod_ssl_with_npn.patch"
 
 OPENSSL_SRC_TGZ=$(basename $OPENSSL_SRC_TGZ_URL)
@@ -113,7 +113,7 @@
 pushd $BUILDROOT >/dev/null
 
 download_file $OPENSSL_SRC_TGZ_URL $OPENSSL_SRC_TGZ ae412727c8c15b67880aef7bd2999b2e
-download_file $APACHE_HTTPD_SRC_TGZ_URL $APACHE_HTTPD_SRC_TGZ d77fa5af23df96a8af68ea8114fa6ce1
+download_file $APACHE_HTTPD_SRC_TGZ_URL $APACHE_HTTPD_SRC_TGZ a2fed766e67c9681e0d9b86768f08286
 
 echo ""
 
diff -ru orig/mod_spdy/apache/apache_spdy_stream_task_factory.cc mod/mod_spdy/apache/apache_spdy_stream_task_factory.cc
--- orig/mod_spdy/apache/apache_spdy_stream_task_factory.cc	2013-04-18 18:08:10.000000000 +0200
+++ mod/mod_spdy/apache/apache_spdy_stream_task_factory.cc	2013-04-18 20:16:43.000000000 +0200
@@ -98,8 +98,8 @@
   slave_connection_->base_server = master_connection->base_server;
   slave_connection_->local_addr = master_connection->local_addr;
   slave_connection_->local_ip = master_connection->local_ip;
-  slave_connection_->remote_addr = master_connection->remote_addr;
-  slave_connection_->remote_ip = master_connection->remote_ip;
+  slave_connection_->client_addr = master_connection->client_addr;
+  slave_connection_->client_ip = master_connection->client_ip;
 
   // We're supposed to pass a socket object to ap_process_connection below, but
   // there's no meaningful object to pass for this slave connection, because
diff -ru orig/mod_spdy/apache/log_message_handler.cc mod/mod_spdy/apache/log_message_handler.cc
--- orig/mod_spdy/apache/log_message_handler.cc	2013-04-18 18:08:10.000000000 +0200
+++ mod/mod_spdy/apache/log_message_handler.cc	2013-04-18 20:21:31.000000000 +0200
@@ -22,6 +22,7 @@
 // #defined LOG_* as numbers. This conflicts with what we are using those here.
 #undef HAVE_SYSLOG
 #include "http_log.h"
+APLOG_USE_MODULE(spdy);
 
 #include "base/debug/debugger.h"
 #include "base/debug/stack_trace.h"
diff -ru orig/mod_spdy/mod_spdy.cc mod/mod_spdy/mod_spdy.cc
--- orig/mod_spdy/mod_spdy.cc	2013-04-18 18:07:32.000000000 +0200
+++ mod/mod_spdy/mod_spdy.cc	2013-04-18 20:31:56.000000000 +0200
@@ -254,8 +254,8 @@
   for (server_rec* server = server_list; server != NULL;
        server = server->next) {
     spdy_enabled |= mod_spdy::GetServerConfig(server)->spdy_enabled();
-    if (server->loglevel > max_apache_log_level) {
-      max_apache_log_level = server->loglevel;
+    if (server->log.level > max_apache_log_level) {
+      max_apache_log_level = server->log.level;
     }
   }
 
diff -ru orig/scripts/mod_ssl_with_npn.patch mod/scripts/mod_ssl_with_npn.patch
--- orig/scripts/mod_ssl_with_npn.patch	2013-04-18 18:08:10.000000000 +0200
+++ mod/scripts/mod_ssl_with_npn.patch	2013-04-18 19:29:03.000000000 +0200
@@ -1,21 +1,60 @@
-Index: modules/ssl/ssl_private.h
-===================================================================
---- modules/ssl/ssl_private.h	(revision 1367982)
-+++ modules/ssl/ssl_private.h	(working copy)
-@@ -603,6 +603,7 @@
- #ifndef OPENSSL_NO_TLSEXT
- int          ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
- #endif
-+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
+diff -ru modules/ssl/mod_ssl.c modules/ssl/mod_ssl.c
+--- modules/ssl/mod_ssl.c	2012-12-11 10:55:03.000000000 +0100
++++ modules/ssl/mod_ssl.c	2013-04-18 19:20:51.000000000 +0200
+@@ -272,6 +272,18 @@
+     AP_END_CMD
+ };
+ 
++/* Implement 'modssl_run_npn_advertise_protos_hook'. */
++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
++    modssl, AP, int, npn_advertise_protos_hook,
++    (conn_rec *connection, apr_array_header_t *protos),
++    (connection, protos), OK, DECLINED);
++
++/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
++    modssl, AP, int, npn_proto_negotiated_hook,
++    (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
++    (connection, proto_name, proto_name_len), OK, DECLINED);
++
+ /*
+  *  the various processing hooks
+  */
+diff -ru modules/ssl/mod_ssl.h modules/ssl/mod_ssl.h
+--- modules/ssl/mod_ssl.h	2011-09-23 15:38:09.000000000 +0200
++++ modules/ssl/mod_ssl.h	2013-04-18 19:20:51.000000000 +0200
+@@ -63,5 +63,26 @@
  
- /**  Session Cache Support  */
- void         ssl_scache_init(server_rec *, apr_pool_t *);
-Index: modules/ssl/ssl_engine_init.c
-===================================================================
---- modules/ssl/ssl_engine_init.c	(revision 1367982)
-+++ modules/ssl/ssl_engine_init.c	(working copy)
-@@ -559,6 +559,11 @@
-     SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
+ APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
+ 
++/** The npn_advertise_protos optional hook allows other modules to add entries
++ * to the list of protocol names advertised by the server during the Next
++ * Protocol Negotiation (NPN) portion of the SSL handshake.  The hook callee is
++ * given the connection and an APR array; it should push one or more char*'s
++ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
++ * the array and return OK, or do nothing and return DECLINED. */
++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
++                          (conn_rec *connection, apr_array_header_t *protos));
++
++/** The npn_proto_negotiated optional hook allows other modules to discover the
++ * name of the protocol that was chosen during the Next Protocol Negotiation
++ * (NPN) portion of the SSL handshake.  Note that this may be the empty string
++ * (in which case modules should probably assume HTTP), or it may be a protocol
++ * that was never even advertised by the server.  The hook callee is given the
++ * connection, a non-null-terminated string containing the protocol name, and
++ * the length of the string; it should do something appropriate (i.e. insert or
++ * remove filters) and return OK, or do nothing and return DECLINED. */
++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
++                          (conn_rec *connection, const char *proto_name,
++                           apr_size_t proto_name_len));
++
+ #endif /* __MOD_SSL_H__ */
+ /** @} */
+diff -ru modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_init.c
+--- modules/ssl/ssl_engine_init.c	2012-12-11 10:55:03.000000000 +0100
++++ modules/ssl/ssl_engine_init.c	2013-04-18 19:20:51.000000000 +0200
+@@ -725,6 +725,11 @@
+ #endif
  
      SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
 +
@@ -26,11 +65,10 @@
  }
  
  static void ssl_init_ctx_verify(server_rec *s,
-Index: modules/ssl/ssl_engine_io.c
-===================================================================
---- modules/ssl/ssl_engine_io.c	(revision 1367982)
-+++ modules/ssl/ssl_engine_io.c	(working copy)
-@@ -338,6 +338,7 @@
+diff -ru modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_io.c
+--- modules/ssl/ssl_engine_io.c	2012-09-21 17:10:12.000000000 +0200
++++ modules/ssl/ssl_engine_io.c	2013-04-18 19:20:51.000000000 +0200
+@@ -297,6 +297,7 @@
      apr_pool_t *pool;
      char buffer[AP_IOBUFSIZE];
      ssl_filter_ctx_t *filter_ctx;
@@ -38,7 +76,7 @@
  } bio_filter_in_ctx_t;
  
  /*
-@@ -1409,6 +1410,27 @@
+@@ -1385,6 +1386,27 @@
          APR_BRIGADE_INSERT_TAIL(bb, bucket);
      }
  
@@ -66,22 +104,21 @@
      return APR_SUCCESS;
  }
  
-@@ -1753,6 +1775,7 @@
+@@ -1866,6 +1888,7 @@
      inctx->block = APR_BLOCK_READ;
      inctx->pool = c->pool;
      inctx->filter_ctx = filter_ctx;
 +    inctx->npn_finished = 0;
  }
  
- void ssl_io_filter_init(conn_rec *c, SSL *ssl)
-Index: modules/ssl/ssl_engine_kernel.c
-===================================================================
---- modules/ssl/ssl_engine_kernel.c	(revision 1367982)
-+++ modules/ssl/ssl_engine_kernel.c	(working copy)
-@@ -2104,3 +2104,84 @@
-     return 0;
+ /* The request_rec pointer is passed in here only to ensure that the
+diff -ru modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_kernel.c
+--- modules/ssl/ssl_engine_kernel.c	2012-12-11 10:55:03.000000000 +0100
++++ modules/ssl/ssl_engine_kernel.c	2013-04-18 19:20:51.000000000 +0200
+@@ -2186,3 +2186,84 @@
  }
- #endif
+ 
+ #endif /* OPENSSL_NO_SRP */
 +
 +#ifdef HAVE_TLS_NPN
 +/*
@@ -163,66 +200,11 @@
 +    return SSL_TLSEXT_ERR_OK;
 +}
 +#endif
-Index: modules/ssl/mod_ssl.c
-===================================================================
---- modules/ssl/mod_ssl.c	(revision 1367982)
-+++ modules/ssl/mod_ssl.c	(working copy)
-@@ -220,6 +220,18 @@
-     AP_END_CMD
- };
- 
-+/* Implement 'modssl_run_npn_advertise_protos_hook'. */
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
-+    modssl, AP, int, npn_advertise_protos_hook,
-+    (conn_rec *connection, apr_array_header_t *protos),
-+    (connection, protos), OK, DECLINED);
-+
-+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
-+    modssl, AP, int, npn_proto_negotiated_hook,
-+    (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
-+    (connection, proto_name, proto_name_len), OK, DECLINED);
-+
- /*
-  *  the various processing hooks
-  */
-Index: modules/ssl/mod_ssl.h
-===================================================================
---- modules/ssl/mod_ssl.h	(revision 1367982)
-+++ modules/ssl/mod_ssl.h	(working copy)
-@@ -60,5 +60,26 @@
- 
- APR_DECLARE_OPTIONAL_FN(apr_array_header_t *, ssl_extlist_by_oid, (request_rec *r, const char *oidstr));
- 
-+/** The npn_advertise_protos optional hook allows other modules to add entries
-+ * to the list of protocol names advertised by the server during the Next
-+ * Protocol Negotiation (NPN) portion of the SSL handshake.  The hook callee is
-+ * given the connection and an APR array; it should push one or more char*'s
-+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
-+ * the array and return OK, or do nothing and return DECLINED. */
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
-+                          (conn_rec *connection, apr_array_header_t *protos));
-+
-+/** The npn_proto_negotiated optional hook allows other modules to discover the
-+ * name of the protocol that was chosen during the Next Protocol Negotiation
-+ * (NPN) portion of the SSL handshake.  Note that this may be the empty string
-+ * (in which case modules should probably assume HTTP), or it may be a protocol
-+ * that was never even advertised by the server.  The hook callee is given the
-+ * connection, a non-null-terminated string containing the protocol name, and
-+ * the length of the string; it should do something appropriate (i.e. insert or
-+ * remove filters) and return OK, or do nothing and return DECLINED. */
-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
-+                          (conn_rec *connection, const char *proto_name,
-+                           apr_size_t proto_name_len));
-+
- #endif /* __MOD_SSL_H__ */
- /** @} */
-Index: modules/ssl/ssl_toolkit_compat.h
-===================================================================
---- modules/ssl/ssl_toolkit_compat.h	(revision 1367982)
-+++ modules/ssl/ssl_toolkit_compat.h	(working copy)
-@@ -145,6 +145,11 @@
- #define HAVE_FIPS
+diff -ru modules/ssl/ssl_private.h modules/ssl/ssl_private.h
+--- modules/ssl/ssl_private.h	2012-12-11 10:55:03.000000000 +0100
++++ modules/ssl/ssl_private.h	2013-04-18 19:20:51.000000000 +0200
+@@ -149,6 +149,11 @@
+ #define OPENSSL_NO_EC
  #endif
  
 +#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
@@ -233,3 +215,11 @@
  #ifndef PEM_F_DEF_CALLBACK
  #ifdef PEM_F_PEM_DEF_CALLBACK
  /** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
+@@ -614,6 +619,7 @@
+     unsigned char aes_key[16];
+ } modssl_ticket_key_t;
+ #endif
++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
+ 
+ typedef struct SSLSrvConfigRec SSLSrvConfigRec;
+
Commit	Line	Data
b22d41a1 ER	1	diff -ru orig/build_modssl_with_npn.sh mod/build_modssl_with_npn.sh
	2	--- orig/build_modssl_with_npn.sh 2013-04-18 18:07:32.000000000 +0200
	3	+++ mod/build_modssl_with_npn.sh 2013-04-18 18:47:14.000000000 +0200
	4	@@ -94,7 +94,7 @@
	5	}
	6
	7	OPENSSL_SRC_TGZ_URL="http://www.openssl.org/source/openssl-1.0.1c.tar.gz"
	8	-APACHE_HTTPD_SRC_TGZ_URL="http://archive.apache.org/dist/httpd/httpd-2.2.22.tar.gz"
	9	+APACHE_HTTPD_SRC_TGZ_URL="http://archive.apache.org/dist/httpd/httpd-2.4.4.tar.gz"
	10	APACHE_HTTPD_MODSSL_NPN_PATCH_PATH="$(dirname $0)/scripts/mod_ssl_with_npn.patch"
	11
	12	OPENSSL_SRC_TGZ=$(basename $OPENSSL_SRC_TGZ_URL)
	13	@@ -113,7 +113,7 @@
	14	pushd $BUILDROOT >/dev/null
	15
	16	download_file $OPENSSL_SRC_TGZ_URL $OPENSSL_SRC_TGZ ae412727c8c15b67880aef7bd2999b2e
	17	-download_file $APACHE_HTTPD_SRC_TGZ_URL $APACHE_HTTPD_SRC_TGZ d77fa5af23df96a8af68ea8114fa6ce1
	18	+download_file $APACHE_HTTPD_SRC_TGZ_URL $APACHE_HTTPD_SRC_TGZ a2fed766e67c9681e0d9b86768f08286
	19
	20	echo ""
	21
	22	diff -ru orig/mod_spdy/apache/apache_spdy_stream_task_factory.cc mod/mod_spdy/apache/apache_spdy_stream_task_factory.cc
	23	--- orig/mod_spdy/apache/apache_spdy_stream_task_factory.cc 2013-04-18 18:08:10.000000000 +0200
	24	+++ mod/mod_spdy/apache/apache_spdy_stream_task_factory.cc 2013-04-18 20:16:43.000000000 +0200
	25	@@ -98,8 +98,8 @@
	26	slave_connection_->base_server = master_connection->base_server;
	27	slave_connection_->local_addr = master_connection->local_addr;
	28	slave_connection_->local_ip = master_connection->local_ip;
	29	- slave_connection_->remote_addr = master_connection->remote_addr;
	30	- slave_connection_->remote_ip = master_connection->remote_ip;
	31	+ slave_connection_->client_addr = master_connection->client_addr;
	32	+ slave_connection_->client_ip = master_connection->client_ip;
	33
	34	// We're supposed to pass a socket object to ap_process_connection below, but
	35	// there's no meaningful object to pass for this slave connection, because
	36	diff -ru orig/mod_spdy/apache/log_message_handler.cc mod/mod_spdy/apache/log_message_handler.cc
	37	--- orig/mod_spdy/apache/log_message_handler.cc 2013-04-18 18:08:10.000000000 +0200
	38	+++ mod/mod_spdy/apache/log_message_handler.cc 2013-04-18 20:21:31.000000000 +0200
	39	@@ -22,6 +22,7 @@
	40	// #defined LOG_* as numbers. This conflicts with what we are using those here.
	41	#undef HAVE_SYSLOG
	42	#include "http_log.h"
	43	+APLOG_USE_MODULE(spdy);
	44
	45	#include "base/debug/debugger.h"
	46	#include "base/debug/stack_trace.h"
	47	diff -ru orig/mod_spdy/mod_spdy.cc mod/mod_spdy/mod_spdy.cc
	48	--- orig/mod_spdy/mod_spdy.cc 2013-04-18 18:07:32.000000000 +0200
	49	+++ mod/mod_spdy/mod_spdy.cc 2013-04-18 20:31:56.000000000 +0200
	50	@@ -254,8 +254,8 @@
	51	for (server_rec* server = server_list; server != NULL;
	52	server = server->next) {
	53	spdy_enabled \|= mod_spdy::GetServerConfig(server)->spdy_enabled();
	54	- if (server->loglevel > max_apache_log_level) {
	55	- max_apache_log_level = server->loglevel;
	56	+ if (server->log.level > max_apache_log_level) {
	57	+ max_apache_log_level = server->log.level;
	58	}
	59	}
	60
	61	diff -ru orig/scripts/mod_ssl_with_npn.patch mod/scripts/mod_ssl_with_npn.patch
	62	--- orig/scripts/mod_ssl_with_npn.patch 2013-04-18 18:08:10.000000000 +0200
	63	+++ mod/scripts/mod_ssl_with_npn.patch 2013-04-18 19:29:03.000000000 +0200
	64	@@ -1,21 +1,60 @@
65	-Index: modules/ssl/ssl_private.h
66	-===================================================================
67	---- modules/ssl/ssl_private.h (revision 1367982)
68	-+++ modules/ssl/ssl_private.h (working copy)
69	-@@ -603,6 +603,7 @@
70	- #ifndef OPENSSL_NO_TLSEXT
71	- int ssl_callback_ServerNameIndication(SSL , int , modssl_ctx_t *);
72	- #endif
73	-+int ssl_callback_AdvertiseNextProtos(SSL ssl, const unsigned char data, unsigned int len, void *arg);
74	+diff -ru modules/ssl/mod_ssl.c modules/ssl/mod_ssl.c
75	+--- modules/ssl/mod_ssl.c 2012-12-11 10:55:03.000000000 +0100
76	++++ modules/ssl/mod_ssl.c 2013-04-18 19:20:51.000000000 +0200
77	+@@ -272,6 +272,18 @@
78	+ AP_END_CMD
79	+ };
80	+
81	++/* Implement 'modssl_run_npn_advertise_protos_hook'. */
82	++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
83	++ modssl, AP, int, npn_advertise_protos_hook,
84	++ (conn_rec connection, apr_array_header_t protos),
85	++ (connection, protos), OK, DECLINED);
86	++
87	++/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
88	++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
89	++ modssl, AP, int, npn_proto_negotiated_hook,
90	++ (conn_rec connection, const char proto_name, apr_size_t proto_name_len),
91	++ (connection, proto_name, proto_name_len), OK, DECLINED);
92	++
93	+ /*
94	+ * the various processing hooks
95	+ */
96	+diff -ru modules/ssl/mod_ssl.h modules/ssl/mod_ssl.h
97	+--- modules/ssl/mod_ssl.h 2011-09-23 15:38:09.000000000 +0200
98	++++ modules/ssl/mod_ssl.h 2013-04-18 19:20:51.000000000 +0200
99	+@@ -63,5 +63,26 @@
100
101	- /** Session Cache Support */
102	- void ssl_scache_init(server_rec , apr_pool_t );
103	-Index: modules/ssl/ssl_engine_init.c
104	-===================================================================
105	---- modules/ssl/ssl_engine_init.c (revision 1367982)
106	-+++ modules/ssl/ssl_engine_init.c (working copy)
107	-@@ -559,6 +559,11 @@
108	- SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH);
109	+ APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
110	+
111	++/** The npn_advertise_protos optional hook allows other modules to add entries
112	++ * to the list of protocol names advertised by the server during the Next
113	++ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is
114	++ * given the connection and an APR array; it should push one or more char*'s
115	++ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
116	++ * the array and return OK, or do nothing and return DECLINED. */
117	++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
118	++ (conn_rec connection, apr_array_header_t protos));
119	++
120	++/** The npn_proto_negotiated optional hook allows other modules to discover the
121	++ * name of the protocol that was chosen during the Next Protocol Negotiation
122	++ * (NPN) portion of the SSL handshake. Note that this may be the empty string
123	++ * (in which case modules should probably assume HTTP), or it may be a protocol
124	++ * that was never even advertised by the server. The hook callee is given the
125	++ * connection, a non-null-terminated string containing the protocol name, and
126	++ * the length of the string; it should do something appropriate (i.e. insert or
127	++ * remove filters) and return OK, or do nothing and return DECLINED. */
128	++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
129	++ (conn_rec connection, const char proto_name,
130	++ apr_size_t proto_name_len));
131	++
132	+ #endif /* __MOD_SSL_H__ */
133	+ /** @} */
134	+diff -ru modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_init.c
135	+--- modules/ssl/ssl_engine_init.c 2012-12-11 10:55:03.000000000 +0100
136	++++ modules/ssl/ssl_engine_init.c 2013-04-18 19:20:51.000000000 +0200
137	+@@ -725,6 +725,11 @@
138	+ #endif
139
140	SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
141	+
142	@@ -26,11 +65,10 @@
143	}
144
145	static void ssl_init_ctx_verify(server_rec *s,
146	-Index: modules/ssl/ssl_engine_io.c
147	-===================================================================
148	---- modules/ssl/ssl_engine_io.c (revision 1367982)
149	-+++ modules/ssl/ssl_engine_io.c (working copy)
150	-@@ -338,6 +338,7 @@
151	+diff -ru modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_io.c
152	+--- modules/ssl/ssl_engine_io.c 2012-09-21 17:10:12.000000000 +0200
153	++++ modules/ssl/ssl_engine_io.c 2013-04-18 19:20:51.000000000 +0200
154	+@@ -297,6 +297,7 @@
155	apr_pool_t *pool;
156	char buffer[AP_IOBUFSIZE];
157	ssl_filter_ctx_t *filter_ctx;
158	@@ -38,7 +76,7 @@
159	} bio_filter_in_ctx_t;
160
161	/*
162	-@@ -1409,6 +1410,27 @@
163	+@@ -1385,6 +1386,27 @@
164	APR_BRIGADE_INSERT_TAIL(bb, bucket);
165	}
166
167	@@ -66,22 +104,21 @@
168	return APR_SUCCESS;
169	}
170
171	-@@ -1753,6 +1775,7 @@
172	+@@ -1866,6 +1888,7 @@
173	inctx->block = APR_BLOCK_READ;
174	inctx->pool = c->pool;
175	inctx->filter_ctx = filter_ctx;
176	+ inctx->npn_finished = 0;
177	}
178
179	- void ssl_io_filter_init(conn_rec c, SSL ssl)
180	-Index: modules/ssl/ssl_engine_kernel.c
181	-===================================================================
182	---- modules/ssl/ssl_engine_kernel.c (revision 1367982)
183	-+++ modules/ssl/ssl_engine_kernel.c (working copy)
184	-@@ -2104,3 +2104,84 @@
185	- return 0;
186	+ /* The request_rec pointer is passed in here only to ensure that the
187	+diff -ru modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_kernel.c
188	+--- modules/ssl/ssl_engine_kernel.c 2012-12-11 10:55:03.000000000 +0100
189	++++ modules/ssl/ssl_engine_kernel.c 2013-04-18 19:20:51.000000000 +0200
190	+@@ -2186,3 +2186,84 @@
191	}
192	- #endif
193	+
194	+ #endif /* OPENSSL_NO_SRP */
195	+
196	+#ifdef HAVE_TLS_NPN
197	+/*
198	@@ -163,66 +200,11 @@
199	+ return SSL_TLSEXT_ERR_OK;
200	+}
201	+#endif
202	-Index: modules/ssl/mod_ssl.c
203	-===================================================================
204	---- modules/ssl/mod_ssl.c (revision 1367982)
205	-+++ modules/ssl/mod_ssl.c (working copy)
206	-@@ -220,6 +220,18 @@
207	- AP_END_CMD
208	- };
209	-
210	-+/* Implement 'modssl_run_npn_advertise_protos_hook'. */
211	-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
212	-+ modssl, AP, int, npn_advertise_protos_hook,
213	-+ (conn_rec connection, apr_array_header_t protos),
214	-+ (connection, protos), OK, DECLINED);
215	-+
216	-+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
217	-+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
218	-+ modssl, AP, int, npn_proto_negotiated_hook,
219	-+ (conn_rec connection, const char proto_name, apr_size_t proto_name_len),
220	-+ (connection, proto_name, proto_name_len), OK, DECLINED);
221	-+
222	- /*
223	- * the various processing hooks
224	- */
225	-Index: modules/ssl/mod_ssl.h
226	-===================================================================
227	---- modules/ssl/mod_ssl.h (revision 1367982)
228	-+++ modules/ssl/mod_ssl.h (working copy)
229	-@@ -60,5 +60,26 @@
230	-
231	- APR_DECLARE_OPTIONAL_FN(apr_array_header_t , ssl_extlist_by_oid, (request_rec r, const char *oidstr));
232	-
233	-+/** The npn_advertise_protos optional hook allows other modules to add entries
234	-+ * to the list of protocol names advertised by the server during the Next
235	-+ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is
236	-+ * given the connection and an APR array; it should push one or more char*'s
237	-+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
238	-+ * the array and return OK, or do nothing and return DECLINED. */
239	-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
240	-+ (conn_rec connection, apr_array_header_t protos));
241	-+
242	-+/** The npn_proto_negotiated optional hook allows other modules to discover the
243	-+ * name of the protocol that was chosen during the Next Protocol Negotiation
244	-+ * (NPN) portion of the SSL handshake. Note that this may be the empty string
245	-+ * (in which case modules should probably assume HTTP), or it may be a protocol
246	-+ * that was never even advertised by the server. The hook callee is given the
247	-+ * connection, a non-null-terminated string containing the protocol name, and
248	-+ * the length of the string; it should do something appropriate (i.e. insert or
249	-+ * remove filters) and return OK, or do nothing and return DECLINED. */
250	-+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
251	-+ (conn_rec connection, const char proto_name,
252	-+ apr_size_t proto_name_len));
253	-+
254	- #endif /* __MOD_SSL_H__ */
255	- /** @} */
256	-Index: modules/ssl/ssl_toolkit_compat.h
257	-===================================================================
258	---- modules/ssl/ssl_toolkit_compat.h (revision 1367982)
259	-+++ modules/ssl/ssl_toolkit_compat.h (working copy)
260	-@@ -145,6 +145,11 @@
261	- #define HAVE_FIPS
262	+diff -ru modules/ssl/ssl_private.h modules/ssl/ssl_private.h
263	+--- modules/ssl/ssl_private.h 2012-12-11 10:55:03.000000000 +0100
264	++++ modules/ssl/ssl_private.h 2013-04-18 19:20:51.000000000 +0200
265	+@@ -149,6 +149,11 @@
266	+ #define OPENSSL_NO_EC
267	#endif
268
269	+#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
270	@@ -233,3 +215,11 @@
271	#ifndef PEM_F_DEF_CALLBACK
272	#ifdef PEM_F_PEM_DEF_CALLBACK
273	/** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
274	+@@ -614,6 +619,7 @@
275	+ unsigned char aes_key[16];
276	+ } modssl_ticket_key_t;
277	+ #endif
278	++int ssl_callback_AdvertiseNextProtos(SSL ssl, const unsigned char data, unsigned int len, void *arg);
279	+
280	+ typedef struct SSLSrvConfigRec SSLSrvConfigRec;
281	+