1 diff -ru orig/build_modssl_with_npn.sh mod/build_modssl_with_npn.sh
2 --- orig/build_modssl_with_npn.sh 2013-04-18 18:07:32.000000000 +0200
3 +++ mod/build_modssl_with_npn.sh 2013-04-18 18:47:14.000000000 +0200
7 OPENSSL_SRC_TGZ_URL="http://www.openssl.org/source/openssl-1.0.1c.tar.gz"
8 -APACHE_HTTPD_SRC_TGZ_URL="http://archive.apache.org/dist/httpd/httpd-2.2.22.tar.gz"
9 +APACHE_HTTPD_SRC_TGZ_URL="http://archive.apache.org/dist/httpd/httpd-2.4.4.tar.gz"
10 APACHE_HTTPD_MODSSL_NPN_PATCH_PATH="$(dirname $0)/scripts/mod_ssl_with_npn.patch"
12 OPENSSL_SRC_TGZ=$(basename $OPENSSL_SRC_TGZ_URL)
14 pushd $BUILDROOT >/dev/null
16 download_file $OPENSSL_SRC_TGZ_URL $OPENSSL_SRC_TGZ ae412727c8c15b67880aef7bd2999b2e
17 -download_file $APACHE_HTTPD_SRC_TGZ_URL $APACHE_HTTPD_SRC_TGZ d77fa5af23df96a8af68ea8114fa6ce1
18 +download_file $APACHE_HTTPD_SRC_TGZ_URL $APACHE_HTTPD_SRC_TGZ a2fed766e67c9681e0d9b86768f08286
22 diff -ru orig/mod_spdy/apache/apache_spdy_stream_task_factory.cc mod/mod_spdy/apache/apache_spdy_stream_task_factory.cc
23 --- orig/mod_spdy/apache/apache_spdy_stream_task_factory.cc 2013-04-18 18:08:10.000000000 +0200
24 +++ mod/mod_spdy/apache/apache_spdy_stream_task_factory.cc 2013-04-18 20:16:43.000000000 +0200
26 slave_connection_->base_server = master_connection->base_server;
27 slave_connection_->local_addr = master_connection->local_addr;
28 slave_connection_->local_ip = master_connection->local_ip;
29 - slave_connection_->remote_addr = master_connection->remote_addr;
30 - slave_connection_->remote_ip = master_connection->remote_ip;
31 + slave_connection_->client_addr = master_connection->client_addr;
32 + slave_connection_->client_ip = master_connection->client_ip;
34 // We're supposed to pass a socket object to ap_process_connection below, but
35 // there's no meaningful object to pass for this slave connection, because
36 diff -ru orig/mod_spdy/apache/log_message_handler.cc mod/mod_spdy/apache/log_message_handler.cc
37 --- orig/mod_spdy/apache/log_message_handler.cc 2013-04-18 18:08:10.000000000 +0200
38 +++ mod/mod_spdy/apache/log_message_handler.cc 2013-04-18 20:21:31.000000000 +0200
40 // #defined LOG_* as numbers. This conflicts with what we are using those here.
43 +APLOG_USE_MODULE(spdy);
45 #include "base/debug/debugger.h"
46 #include "base/debug/stack_trace.h"
47 diff -ru orig/mod_spdy/mod_spdy.cc mod/mod_spdy/mod_spdy.cc
48 --- orig/mod_spdy/mod_spdy.cc 2013-04-18 18:07:32.000000000 +0200
49 +++ mod/mod_spdy/mod_spdy.cc 2013-04-18 20:31:56.000000000 +0200
51 for (server_rec* server = server_list; server != NULL;
52 server = server->next) {
53 spdy_enabled |= mod_spdy::GetServerConfig(server)->spdy_enabled();
54 - if (server->loglevel > max_apache_log_level) {
55 - max_apache_log_level = server->loglevel;
56 + if (server->log.level > max_apache_log_level) {
57 + max_apache_log_level = server->log.level;
61 diff -ru orig/scripts/mod_ssl_with_npn.patch mod/scripts/mod_ssl_with_npn.patch
62 --- orig/scripts/mod_ssl_with_npn.patch 2013-04-18 18:08:10.000000000 +0200
63 +++ mod/scripts/mod_ssl_with_npn.patch 2013-04-18 19:29:03.000000000 +0200
65 -Index: modules/ssl/ssl_private.h
66 -===================================================================
67 ---- modules/ssl/ssl_private.h (revision 1367982)
68 -+++ modules/ssl/ssl_private.h (working copy)
70 - #ifndef OPENSSL_NO_TLSEXT
71 - int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
73 -+int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
74 +diff -ru modules/ssl/mod_ssl.c modules/ssl/mod_ssl.c
75 +--- modules/ssl/mod_ssl.c 2012-12-11 10:55:03.000000000 +0100
76 ++++ modules/ssl/mod_ssl.c 2013-04-18 19:20:51.000000000 +0200
81 ++/* Implement 'modssl_run_npn_advertise_protos_hook'. */
82 ++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
83 ++ modssl, AP, int, npn_advertise_protos_hook,
84 ++ (conn_rec *connection, apr_array_header_t *protos),
85 ++ (connection, protos), OK, DECLINED);
87 ++/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
88 ++APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
89 ++ modssl, AP, int, npn_proto_negotiated_hook,
90 ++ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
91 ++ (connection, proto_name, proto_name_len), OK, DECLINED);
94 + * the various processing hooks
96 +diff -ru modules/ssl/mod_ssl.h modules/ssl/mod_ssl.h
97 +--- modules/ssl/mod_ssl.h 2011-09-23 15:38:09.000000000 +0200
98 ++++ modules/ssl/mod_ssl.h 2013-04-18 19:20:51.000000000 +0200
101 - /** Session Cache Support */
102 - void ssl_scache_init(server_rec *, apr_pool_t *);
103 -Index: modules/ssl/ssl_engine_init.c
104 -===================================================================
105 ---- modules/ssl/ssl_engine_init.c (revision 1367982)
106 -+++ modules/ssl/ssl_engine_init.c (working copy)
107 -@@ -559,6 +559,11 @@
108 - SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH);
109 + APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *));
111 ++/** The npn_advertise_protos optional hook allows other modules to add entries
112 ++ * to the list of protocol names advertised by the server during the Next
113 ++ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is
114 ++ * given the connection and an APR array; it should push one or more char*'s
115 ++ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
116 ++ * the array and return OK, or do nothing and return DECLINED. */
117 ++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
118 ++ (conn_rec *connection, apr_array_header_t *protos));
120 ++/** The npn_proto_negotiated optional hook allows other modules to discover the
121 ++ * name of the protocol that was chosen during the Next Protocol Negotiation
122 ++ * (NPN) portion of the SSL handshake. Note that this may be the empty string
123 ++ * (in which case modules should probably assume HTTP), or it may be a protocol
124 ++ * that was never even advertised by the server. The hook callee is given the
125 ++ * connection, a non-null-terminated string containing the protocol name, and
126 ++ * the length of the string; it should do something appropriate (i.e. insert or
127 ++ * remove filters) and return OK, or do nothing and return DECLINED. */
128 ++APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
129 ++ (conn_rec *connection, const char *proto_name,
130 ++ apr_size_t proto_name_len));
132 + #endif /* __MOD_SSL_H__ */
134 +diff -ru modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_init.c
135 +--- modules/ssl/ssl_engine_init.c 2012-12-11 10:55:03.000000000 +0100
136 ++++ modules/ssl/ssl_engine_init.c 2013-04-18 19:20:51.000000000 +0200
137 +@@ -725,6 +725,11 @@
140 SSL_CTX_set_info_callback(ctx, ssl_callback_Info);
145 static void ssl_init_ctx_verify(server_rec *s,
146 -Index: modules/ssl/ssl_engine_io.c
147 -===================================================================
148 ---- modules/ssl/ssl_engine_io.c (revision 1367982)
149 -+++ modules/ssl/ssl_engine_io.c (working copy)
151 +diff -ru modules/ssl/ssl_engine_io.c modules/ssl/ssl_engine_io.c
152 +--- modules/ssl/ssl_engine_io.c 2012-09-21 17:10:12.000000000 +0200
153 ++++ modules/ssl/ssl_engine_io.c 2013-04-18 19:20:51.000000000 +0200
156 char buffer[AP_IOBUFSIZE];
157 ssl_filter_ctx_t *filter_ctx;
159 } bio_filter_in_ctx_t;
162 -@@ -1409,6 +1410,27 @@
163 +@@ -1385,6 +1386,27 @@
164 APR_BRIGADE_INSERT_TAIL(bb, bucket);
171 -@@ -1753,6 +1775,7 @@
172 +@@ -1866,6 +1888,7 @@
173 inctx->block = APR_BLOCK_READ;
174 inctx->pool = c->pool;
175 inctx->filter_ctx = filter_ctx;
176 + inctx->npn_finished = 0;
179 - void ssl_io_filter_init(conn_rec *c, SSL *ssl)
180 -Index: modules/ssl/ssl_engine_kernel.c
181 -===================================================================
182 ---- modules/ssl/ssl_engine_kernel.c (revision 1367982)
183 -+++ modules/ssl/ssl_engine_kernel.c (working copy)
184 -@@ -2104,3 +2104,84 @@
186 + /* The request_rec pointer is passed in here only to ensure that the
187 +diff -ru modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_kernel.c
188 +--- modules/ssl/ssl_engine_kernel.c 2012-12-11 10:55:03.000000000 +0100
189 ++++ modules/ssl/ssl_engine_kernel.c 2013-04-18 19:20:51.000000000 +0200
190 +@@ -2186,3 +2186,84 @@
194 + #endif /* OPENSSL_NO_SRP */
198 @@ -163,66 +200,11 @@
199 + return SSL_TLSEXT_ERR_OK;
202 -Index: modules/ssl/mod_ssl.c
203 -===================================================================
204 ---- modules/ssl/mod_ssl.c (revision 1367982)
205 -+++ modules/ssl/mod_ssl.c (working copy)
206 -@@ -220,6 +220,18 @@
210 -+/* Implement 'modssl_run_npn_advertise_protos_hook'. */
211 -+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
212 -+ modssl, AP, int, npn_advertise_protos_hook,
213 -+ (conn_rec *connection, apr_array_header_t *protos),
214 -+ (connection, protos), OK, DECLINED);
216 -+/* Implement 'modssl_run_npn_proto_negotiated_hook'. */
217 -+APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(
218 -+ modssl, AP, int, npn_proto_negotiated_hook,
219 -+ (conn_rec *connection, const char *proto_name, apr_size_t proto_name_len),
220 -+ (connection, proto_name, proto_name_len), OK, DECLINED);
223 - * the various processing hooks
225 -Index: modules/ssl/mod_ssl.h
226 -===================================================================
227 ---- modules/ssl/mod_ssl.h (revision 1367982)
228 -+++ modules/ssl/mod_ssl.h (working copy)
231 - APR_DECLARE_OPTIONAL_FN(apr_array_header_t *, ssl_extlist_by_oid, (request_rec *r, const char *oidstr));
233 -+/** The npn_advertise_protos optional hook allows other modules to add entries
234 -+ * to the list of protocol names advertised by the server during the Next
235 -+ * Protocol Negotiation (NPN) portion of the SSL handshake. The hook callee is
236 -+ * given the connection and an APR array; it should push one or more char*'s
237 -+ * pointing to null-terminated strings (such as "http/1.1" or "spdy/2") onto
238 -+ * the array and return OK, or do nothing and return DECLINED. */
239 -+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_advertise_protos_hook,
240 -+ (conn_rec *connection, apr_array_header_t *protos));
242 -+/** The npn_proto_negotiated optional hook allows other modules to discover the
243 -+ * name of the protocol that was chosen during the Next Protocol Negotiation
244 -+ * (NPN) portion of the SSL handshake. Note that this may be the empty string
245 -+ * (in which case modules should probably assume HTTP), or it may be a protocol
246 -+ * that was never even advertised by the server. The hook callee is given the
247 -+ * connection, a non-null-terminated string containing the protocol name, and
248 -+ * the length of the string; it should do something appropriate (i.e. insert or
249 -+ * remove filters) and return OK, or do nothing and return DECLINED. */
250 -+APR_DECLARE_EXTERNAL_HOOK(modssl, AP, int, npn_proto_negotiated_hook,
251 -+ (conn_rec *connection, const char *proto_name,
252 -+ apr_size_t proto_name_len));
254 - #endif /* __MOD_SSL_H__ */
256 -Index: modules/ssl/ssl_toolkit_compat.h
257 -===================================================================
258 ---- modules/ssl/ssl_toolkit_compat.h (revision 1367982)
259 -+++ modules/ssl/ssl_toolkit_compat.h (working copy)
260 -@@ -145,6 +145,11 @@
262 +diff -ru modules/ssl/ssl_private.h modules/ssl/ssl_private.h
263 +--- modules/ssl/ssl_private.h 2012-12-11 10:55:03.000000000 +0100
264 ++++ modules/ssl/ssl_private.h 2013-04-18 19:20:51.000000000 +0200
265 +@@ -149,6 +149,11 @@
266 + #define OPENSSL_NO_EC
269 +#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
271 #ifndef PEM_F_DEF_CALLBACK
272 #ifdef PEM_F_PEM_DEF_CALLBACK
273 /** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
275 + unsigned char aes_key[16];
276 + } modssl_ticket_key_t;
278 ++int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data, unsigned int *len, void *arg);
280 + typedef struct SSLSrvConfigRec SSLSrvConfigRec;