From owner-freebsd-ports Sun Aug 3 11:44:39 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA07710 for ports-outgoing; Sun, 3 Aug 1997 11:44:39 -0700 (PDT) Received: from news1.gtn.com (news1.gtn.com [194.77.0.15]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA07609; Sun, 3 Aug 1997 11:43:42 -0700 (PDT) Received: (from uucp@localhost) by news1.gtn.com (8.7.2/8.7.2) with UUCP id UAA14400; Sun, 3 Aug 1997 20:30:22 +0200 (MET DST) Received: (from andreas@localhost) by klemm.gtn.com (8.8.6/8.8.6) id TAA23760; Sun, 3 Aug 1997 19:28:26 +0200 (CEST) Message-ID: <19970803192826.32841@klemm.gtn.com> Date: Sun, 3 Aug 1997 19:28:26 +0200 From: Andreas Klemm To: markm@FreeBSD.ORG Cc: ports@FreeBSD.ORG Subject: [Lars.Eilebrecht@unix-ag.org: Re: Apache SSL ?] Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=17pEHd4RhPHOinZp X-Mailer: Mutt 0.79 X-Disclaimer: A free society is one where it is safe to be unpopular X-Operating-System: FreeBSD 3.0-CURRENT SMP Sender: owner-freebsd-ports@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk --17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Some voices and patches from the german mailing list. They have apache 1.2.1 and SSL running ! The modified the SSL patches a bit, so that it patches apache-1.2.1 well. Here the mail as attachement, this might save you some work ! Hope it helps you to build a new apache port with working SSL support ! Andreas /// -- Andreas Klemm | klemm.gtn.com - powered by Symmetric MultiProcessor FreeBSD http://www.freebsd.org/~fsmp/SMP/SMP.html http://www.freebsd.org/~fsmp/SMP/benches.html --17pEHd4RhPHOinZp Content-Type: message/rfc822 Content-Description: Forwarded message from Lars Eilebrecht Return-Path: Received: (from uucp@localhost) by klemm.gtn.com (8.8.6/8.8.6) with UUCP id KAA03469 for andreas@klemm.gtn.com; Sat, 2 Aug 1997 10:56:33 +0200 (CEST) Received: from harley.unix-ag.uni-siegen.de (harley.unix-ag.uni-siegen.de [141.99.42.44]) by news1.gtn.com (8.7.2/8.7.2) with ESMTP id SAA15186 for ; Thu, 31 Jul 1997 18:24:58 +0200 (MET DST) Received: (from daemon@localhost) by harley.unix-ag.uni-siegen.de (Mailhost) id SAA06943; Thu, 31 Jul 1997 18:09:43 +0200 Received: from doubleshadow.unix-ag.org (sfx@isdn73.hrz.uni-siegen.de [141.99.174.73]) by harley.unix-ag.uni-siegen.de (Mailhost) with ESMTP id SAA06937 for ; Thu, 31 Jul 1997 18:09:17 +0200 Received: (from sfx@localhost) by doubleshadow.unix-ag.org (Mailhost) id SAA01836 for ml-apache@unix-ag.org; Thu, 31 Jul 1997 18:09:36 +0200 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="_=XFMail.1.1.p0.Linux:970731180935:655=_" Date: Thu, 31 Jul 1997 18:09:00 +0200 (CEST) From: Lars Eilebrecht To: (Mailinglist) Subject: Re: Apache SSL ? Reply-To: ml-apache@unix-ag.org Sender: ml-apache-owner@unix-ag.org Precedence: list This message is in MIME format --_=XFMail.1.1.p0.Linux:970731180935:655=_ Content-Type: text/plain; charset=iso-8859-1 According to Martin Ramsch: [...] > Bis auf den zweiten Patch also harmlose Sachen ... Die Sache mit http_main ist prinzipiell auch harmlos... Wenn man den Patch per Hand hinzufuegt fuehrt das allerdings dazu, dass beim Starten des Apache alle Module zweimal initialisiert werden und somit auch das SSL-Modul (man sieht dann beim Start zweimal die Ausgabe bzgl. Einlesen des Zertifikates), da sich hier von 1.2.0 auf 1.2.1 einige Sachen geaendert haben. Das Problem liess sich allerdings leicht beheben. Ich hab' mal einen komplette 'SSLpatch' fuer Apache 1.2.1 als Attachement an die Mail gehaengt. Wie heisst es so schoen... bei mir funktioniert's. :-) > Mit Hilfe diverser Anleitungen haben wir den Server jetzt auch mit > einem selbstsignierten Zertifikat zum Laufen gebracht, aber da wir bei > FORWISS (bzw. Marcus Junker und ich, die wir den WWW-Server gerade > betreuen) noch praktisch keine Erfahrung mit dem ganzen > Verschlüsselungs- und Zertifizierugskram haben, kann ich dabei nicht > helfen, sondern suche eher selbst noch gute Einführungen und > Erklärungen. Das 'doc'-Verzeichnis von SSLeay ist wirklich einen Blick wert. :-) ciao... Lars -- _____ ____ __ /\___// __// / __ sfx@unix-ag.org \ \ / /_\ / /\_\ http://www.si.unix-ag.org/~sfx/ ___\ \/ __// \ \/_/ /____\/_/ /_/\ \ - Reality is for people \_\ - who can't deal with drugs. --_=XFMail.1.1.p0.Linux:970731180935:655=_ Content-Disposition: attachment; filename="SSLpatch" Content-Transfer-Encoding: 7bit Content-Description: SSLpatch Content-Type: text/plain; charset=us-ascii; name=SSLpatch; SizeOnDisk=36902 diff -C3 -r ../apache_1.2.1/src/Configuration ./src/Configuration *** ../apache_1.2.1/src/Configuration Sun Jul 6 04:19:47 1997 --- ./src/Configuration Thu Jul 31 17:29:59 1997 *************** *** 41,47 **** # Settings here have priority; If not set, Configure will attempt to guess # the C compiler, and set OPTIM to '-O2' # ! EXTRA_CFLAGS= EXTRA_LFLAGS= EXTRA_LIBS= EXTRA_INCLUDES= --- 41,47 ---- # Settings here have priority; If not set, Configure will attempt to guess # the C compiler, and set OPTIM to '-O2' # ! EXTRA_CFLAGS=-w3 -v -g EXTRA_LFLAGS= EXTRA_LIBS= EXTRA_INCLUDES= *************** *** 50,55 **** --- 50,67 ---- #OPTIM=-O2 #RANLIB= + TARGET=httpsd + + # + # SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an + # installed version. + # + SSL_BASE=/usr/lib/ssl + SSL_INCLUDE= -I$(SSL_BASE)/include + SSL_CFLAGS= -DAPACHE_SSL $(SSL_INCLUDE) + SSL_LIB_DIR= $(SSL_BASE) + SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto + ################################################################ # Rules configuration # *************** *** 200,206 **** ## NOTE: You do not want this module UNLESS you are running a proxy; ## it is not needed for normal (origin server) operation. ! # Module proxy_module modules/proxy/libproxy.a ## The Alias module provides simple URL translation and redirection. --- 212,218 ---- ## NOTE: You do not want this module UNLESS you are running a proxy; ## it is not needed for normal (origin server) operation. ! Module proxy_module modules/proxy/libproxy.a ## The Alias module provides simple URL translation and redirection. *************** *** 209,215 **** ## mod_rewrite allows for powerful URI-to-URI and URI-to-filename mapping, ## using regular expressions. ! # Module rewrite_module mod_rewrite.o ## ## Access control and authentication modules. --- 221,227 ---- ## mod_rewrite allows for powerful URI-to-URI and URI-to-filename mapping, ## using regular expressions. ! Module rewrite_module mod_rewrite.o ## ## Access control and authentication modules. *************** *** 220,226 **** ## The anon_auth module allows for anonymous-FTP-style username/ ## password authentication. ! # Module anon_auth_module mod_auth_anon.o ## db_auth and dbm_auth work with Berkeley DB files - make sure there ## is support for DBM files on your system. You may need to grab the GNU --- 232,238 ---- ## The anon_auth module allows for anonymous-FTP-style username/ ## password authentication. ! Module anon_auth_module mod_auth_anon.o ## db_auth and dbm_auth work with Berkeley DB files - make sure there ## is support for DBM files on your system. You may need to grab the GNU *************** *** 228,234 **** ## done by Configure at a later date) # Module db_auth_module mod_auth_db.o ! # Module dbm_auth_module mod_auth_dbm.o ## msql_auth checks against an mSQL database. You must have mSQL installed ## and an "msql.h" available for this to even compile. Additionally, --- 240,246 ---- ## done by Configure at a later date) # Module db_auth_module mod_auth_db.o ! Module dbm_auth_module mod_auth_dbm.o ## msql_auth checks against an mSQL database. You must have mSQL installed ## and an "msql.h" available for this to even compile. Additionally, *************** *** 244,267 **** ## "digest" implements HTTP Digest Authentication rather than the less ## secure Basic Auth used by the other modules. ! # Module digest_module mod_digest.o ## Optional response header manipulation modules. ## ## cern_meta mimics the behavior of the CERN web server with regards to ## metainformation files. ! # Module cern_meta_module mod_cern_meta.o ## The expires module can apply Expires: headers to resources, ## as a function of access time or modification time. ! # Module expires_module mod_expires.o ## The headers module can set arbitrary HTTP response headers, ## as configured in server, vhost, access.conf or .htaccess configs ! # Module headers_module mod_headers.o ## Miscellaneous modules ## --- 256,284 ---- ## "digest" implements HTTP Digest Authentication rather than the less ## secure Basic Auth used by the other modules. ! Module digest_module mod_digest.o ## Optional response header manipulation modules. ## ## cern_meta mimics the behavior of the CERN web server with regards to ## metainformation files. ! Module cern_meta_module mod_cern_meta.o ## The expires module can apply Expires: headers to resources, ## as a function of access time or modification time. ! Module expires_module mod_expires.o ## The headers module can set arbitrary HTTP response headers, ## as configured in server, vhost, access.conf or .htaccess configs ! Module headers_module mod_headers.o ! ! # Damn damn damn. Apache inverts the module list. SSL must go first to fake ! # basic authorization. So, uncomment this line to add SSL. ! ! Module ssl_module apache_ssl.o ## Miscellaneous modules ## diff -C3 -r ../apache_1.2.1/src/Configuration.tmpl ./src/Configuration.tmpl *** ../apache_1.2.1/src/Configuration.tmpl Sat May 10 19:14:16 1997 --- ./src/Configuration.tmpl Thu Jul 31 16:09:06 1997 *************** *** 50,55 **** --- 50,67 ---- #OPTIM=-O2 #RANLIB= + TARGET=httpsd + + # + # SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an + # installed version. + # + SSL_BASE=/u/ben/work/scuzzy-ssleay6 + SSL_INCLUDE= -I$(SSL_BASE)/include + SSL_CFLAGS= -DAPACHE_SSL $(SSL_INCLUDE) + SSL_LIB_DIR= $(SSL_BASE) + SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto + ################################################################ # Rules configuration # *************** *** 262,267 **** --- 274,283 ---- ## as configured in server, vhost, access.conf or .htaccess configs # Module headers_module mod_headers.o + + # Damn damn damn. Apache inverts the module list. SSL must go first to fake + # basic authorization. So, uncomment this line to add SSL. + Module ssl_module apache_ssl.o ## Miscellaneous modules ## Only in ./src: Makefile Only in ./src: Makefile.bak Only in ./src: Makefile.config diff -C3 -r ../apache_1.2.1/src/Makefile.tmpl ./src/Makefile.tmpl *** ../apache_1.2.1/src/Makefile.tmpl Tue Jul 1 03:33:11 1997 --- ./src/Makefile.tmpl Thu Jul 31 16:09:06 1997 *************** *** 14,22 **** $(MODULES) .c.o: ! $(CC) -c $(INCLUDES) $(CFLAGS) $(SPACER) $< ! ! all: @@Configuration@@ httpd @@Configuration@@: Configuration.tmpl @echo "@@Configuration@@ older than Configuration.tmpl, or doesn't exist." --- 14,21 ---- $(MODULES) .c.o: ! $(CC) -c $(INCLUDES) $(CFLAGS) $(SPACER) $(SSL_CFLAGS) $< ! all: @@Configuration@@ $(TARGET) @@Configuration@@: Configuration.tmpl @echo "@@Configuration@@ older than Configuration.tmpl, or doesn't exist." *************** *** 28,33 **** --- 27,43 ---- httpd: $(REGLIB) $(OBJS) $(CC) $(LFLAGS) -o httpd $(OBJS) $(REGLIB) $(LIBS) + httpsd: $(REGLIB) $(OBJS) + $(CC) $(LFLAGS) -o httpsd $(OBJS) $(REGLIB) $(SSL_LIBS) $(LIBS) + + certificate: + $(SSL_LIB_DIR)/apps/ssleay req \ + -config $(SSL_LIB_DIR)/apps/ssleay.conf \ + -new -x509 -nodes -out ../SSLconf/conf/httpsd.pem \ + -keyout ../SSLconf/conf/httpsd.pem; \ + ln -sf ../SSLconf/conf/httpsd.pem ../SSLconf/conf/`$(SSL_LIB_DIR)/apps/ssleay \ + x509 -noout -hash < ../SSLconf/conf/httpsd.pem`.0 + regex/libregex.a: (cd regex; $(MAKE) lib CC=$(CC) AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)') *************** *** 36,42 **** $(MAKE) CC=$(CC) AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)') clean: ! rm -f httpd *.o core cd regex; $(MAKE) clean cd modules; $(MAKE) clean --- 46,52 ---- $(MAKE) CC=$(CC) AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)') clean: ! rm -f httpd httpsd *.o core cd regex; $(MAKE) clean cd modules; $(MAKE) clean *************** *** 49,55 **** # Work around broken compilers http_bprintf.o: http_bprintf.c ! $(CC) -c $(INCLUDES) $(CFLAGS) $(BROKEN_BPRINTF_FLAGS) http_bprintf.c # We really don't expect end users to use this rule. It works only with # gcc, and rebuilds Makefile.tmpl. You have to re-run Configure after --- 59,65 ---- # Work around broken compilers http_bprintf.o: http_bprintf.c ! $(CC) -c $(INCLUDES) $(CFLAGS) $(BROKEN_BPRINTF_FLAGS) $(SSL_CFLAGS) http_bpr intf.c # We really don't expect end users to use this rule. It works only with # gcc, and rebuilds Makefile.tmpl. You have to re-run Configure after Only in ./src: apache_ssl.c diff -C3 -r ../apache_1.2.1/src/buff.c ./src/buff.c *** ../apache_1.2.1/src/buff.c Thu May 29 07:20:55 1997 --- ./src/buff.c Thu Jul 31 16:09:06 1997 *************** *** 143,148 **** --- 143,153 ---- fb->fd = -1; fb->fd_in = -1; + #ifdef APACHE_SSL + fb->ssl = NULL; + fb->szClientX509 = NULL; + #endif + return fb; } *************** *** 324,329 **** --- 329,339 ---- } } do { + #ifdef APACHE_SSL + if (fb->ssl) + rv = SSL_read(fb->ssl, buf, nbyte); + else + #endif rv = read( fb->fd_in, buf, nbyte ); } while (rv == -1 && errno == EINTR && !(fb->flags & B_EOUT)); return( rv ); *************** *** 621,627 **** return -1; while (nbyte > 0) { ! i = write(fb->fd, buf, nbyte); if (i < 0) { if (errno != EAGAIN && errno != EINTR) { return -1; --- 631,642 ---- return -1; while (nbyte > 0) { ! #ifdef APACHE_SSL ! if (fb->ssl) ! i = SSL_write(fb->ssl, buf, nbyte); ! else ! #endif ! i = write(fb->fd, buf, nbyte ); if (i < 0) { if (errno != EAGAIN && errno != EINTR) { return -1; *************** *** 657,665 **** return -1; if (!(fb->flags & B_CHUNK)) return write(fb->fd, buf, nbyte); ! #ifdef NO_WRITEV /* without writev() this has poor performance, too bad */ ap_snprintf(chunksize, sizeof(chunksize), "%x\015\012", nbyte); --- 672,685 ---- return -1; if (!(fb->flags & B_CHUNK)) + #ifdef APACHE_SSL + if (fb->ssl) + return SSL_write(fb->ssl, buf, nbyte); + else + #endif return write(fb->fd, buf, nbyte); ! #if defined(NO_WRITEV) || defined(APACHE_SSL) /* without writev() this has poor performance, too bad */ ap_snprintf(chunksize, sizeof(chunksize), "%x\015\012", nbyte); *************** *** 780,786 **** -1 : fb->outcnt; } else { ! do i = write(fb->fd, fb->outbase, fb->outcnt); while (i == -1 && errno == EINTR && !(fb->flags & B_EOUT)); } if (i <= 0) { --- 800,812 ---- -1 : fb->outcnt; } else { ! do ! #ifdef APACHE_SSL ! if (fb->ssl) ! i = SSL_write(fb->ssl, (char *)fb->outbase, fb->outcnt); ! else ! #endif ! i = write(fb->fd, fb->outbase, fb->outcnt); while (i == -1 && errno == EINTR && !(fb->flags & B_EOUT)); } if (i <= 0) { *************** *** 862,868 **** while (fb->outcnt > 0) { /* the buffer must be full */ ! do i = write(fb->fd, fb->outbase, fb->outcnt); while (i == -1 && errno == EINTR && !(fb->flags & B_EOUT)); if (i == 0) { errno = EAGAIN; --- 888,900 ---- while (fb->outcnt > 0) { /* the buffer must be full */ ! do ! #ifdef APACHE_SSL ! if (fb->ssl) ! i = SSL_write(fb->ssl, (char *)fb->outbase, fb->outcnt); ! else ! #endif ! i = write(fb->fd, fb->outbase, fb->outcnt); while (i == -1 && errno == EINTR && !(fb->flags & B_EOUT)); if (i == 0) { errno = EAGAIN; *************** *** 919,924 **** --- 951,963 ---- fb->flags |= B_EOF | B_EOUT; fb->fd = -1; fb->fd_in = -1; + + #ifdef APACHE_SSL + if (fb->ssl) { + SSL_free(fb->ssl); + fb->ssl = NULL; + } + #endif if (rc1 != 0) return rc1; else if (rc2 != 0) return rc2; diff -C3 -r ../apache_1.2.1/src/buff.h ./src/buff.h *** ../apache_1.2.1/src/buff.h Mon Feb 10 16:49:34 1997 --- ./src/buff.h Thu Jul 31 16:09:06 1997 *************** *** 52,57 **** --- 52,62 ---- #include + #ifdef APACHE_SSL + #include + #include + #endif + /* Reading is buffered */ #define B_RD (1) /* Writing is buffered */ *************** *** 94,99 **** --- 99,111 ---- /* could also put pointers to the basic I/O routines here */ int fd; /* the file descriptor */ int fd_in; /* input file descriptor, if different */ + + #ifdef APACHE_SSL + /* Add some context for SSL */ + SSL *ssl; + char *szClientX509; + int nVerifyError; + #endif }; /* Options to bset/getopt */ diff -C3 -r ../apache_1.2.1/src/http_config.c ./src/http_config.c *** ../apache_1.2.1/src/http_config.c Sun Jun 29 20:08:16 1997 --- ./src/http_config.c Thu Jul 31 16:09:06 1997 *************** *** 1050,1056 **** --- 1050,1060 ---- { server_rec *s = (server_rec *)pcalloc (p, sizeof (server_rec)); + #ifdef APACHE_SSL + s->port=0; + #else s->port = DEFAULT_PORT; + #endif s->server_admin = DEFAULT_ADMIN; s->server_hostname = NULL; s->error_fname = DEFAULT_ERRORLOG; *************** *** 1088,1093 **** --- 1092,1099 ---- process_resource_config (s, s->access_confname, p, ptemp); fixup_virtual_hosts (p, s); + + default_server_hostnames(s); return s; } diff -C3 -r ../apache_1.2.1/src/http_main.c ./src/http_main.c *** ../apache_1.2.1/src/http_main.c Sun Jun 29 20:08:17 1997 --- ./src/http_main.c Thu Jul 31 17:07:15 1997 *************** *** 1848,1853 **** --- 1848,1863 ---- (struct sockaddr_in *)&sa_server, child_num); + #ifdef APACHE_SSL + /* + * This returns false if the connection cannot be setup, + * so maybe we should do something with this here... + * however it also blocks the BUFF connections + * so the next bit should fall out anyway! + */ + ApacheSSLSetupConnection(current_conn); + #endif + /* * Read and process each request found on our connection * until no requests are left or we decide to close. *************** *** 2113,2118 **** --- 2123,2129 ---- { struct sockaddr_in sa_server; int saved_sd; + static BOOL bFirst=TRUE; int remaining_children_to_start; standalone = 1; *************** *** 2134,2143 **** kill_cleanups_for_fd (pconf, scoreboard_fd); } #endif ! clear_pool (pconf); ! ptrans = make_sub_pool (pconf); ! ! server_conf = read_config (pconf, ptrans, server_confname); if (listeners == NULL) { if (!is_graceful) { --- 2145,2156 ---- kill_cleanups_for_fd (pconf, scoreboard_fd); } #endif ! if(!bFirst) ! { ! clear_pool (pconf); ! ptrans = make_sub_pool (pconf); ! server_conf = read_config(pconf, ptrans, server_confname); ! } if (listeners == NULL) { if (!is_graceful) { *************** *** 2172,2178 **** sd = -1; } ! init_modules (pconf, server_conf); open_logs (server_conf, pconf); set_group_privs (); accept_mutex_init (pconf); --- 2185,2195 ---- sd = -1; } ! if(!bFirst) ! init_modules (pconf, server_conf); ! else ! bFirst=FALSE; ! open_logs (server_conf, pconf); set_group_privs (); accept_mutex_init (pconf); *************** *** 2186,2192 **** } #endif ! default_server_hostnames (server_conf); set_signals (); log_pid (pconf, pid_fname); --- 2203,2209 ---- } #endif ! /* default_server_hostnames (server_conf);*/ set_signals (); log_pid (pconf, pid_fname); *************** *** 2399,2405 **** init_modules (pconf, server_conf); if(standalone) { ! clear_pool (pconf); /* standalone_main rereads... */ standalone_main(argc, argv); } else { --- 2416,2422 ---- init_modules (pconf, server_conf); if(standalone) { ! /* clear_pool (pconf); /* standalone_main rereads... */ standalone_main(argc, argv); } else { diff -C3 -r ../apache_1.2.1/src/http_protocol.c ./src/http_protocol.c *** ../apache_1.2.1/src/http_protocol.c Tue Jul 1 08:50:09 1997 --- ./src/http_protocol.c Thu Jul 31 16:09:06 1997 *************** *** 551,559 **** unsigned port; /* This routine parses full URLs, if they match the server */ ! if (strncmp(uri, "http://", 7)) return uri; ! name = pstrdup(r->pool, uri + 7); ! /* Find the hostname, assuming a valid request */ i = ind(name, '/'); name[i] = '\0'; --- 551,563 ---- unsigned port; /* This routine parses full URLs, if they match the server */ ! char *method=http_method(r); ! int mlen=strlen(method); ! ! if(strncmp(uri,method,mlen)) ! return uri; ! name = pstrdup(r->pool, uri + mlen); ! /* Find the hostname, assuming a valid request */ i = ind(name, '/'); name[i] = '\0'; *************** *** 561,567 **** /* Find the port */ host = getword_nc(r->pool, &name, ':'); if (*name) port = atoi(name); ! else port = 80; /* Make sure ports patch */ if (port != r->server->port) return uri; --- 565,571 ---- /* Find the port */ host = getword_nc(r->pool, &name, ':'); if (*name) port = atoi(name); ! else port=default_port(r); /* Make sure ports patch */ if (port != r->server->port) return uri; *************** *** 678,684 **** static void check_hostalias (request_rec *r) { const char *hostname=r->hostname; char *host = getword(r->pool, &hostname, ':'); /* Get rid of port */ ! unsigned port = (*hostname) ? atoi(hostname) : 80; server_rec *s; int l; --- 682,688 ---- static void check_hostalias (request_rec *r) { const char *hostname=r->hostname; char *host = getword(r->pool, &hostname, ':'); /* Get rid of port */ ! unsigned port = (*hostname) ? atoi(hostname) : default_port(r); server_rec *s; int l; diff -C3 -r ../apache_1.2.1/src/httpd.h ./src/httpd.h *** ../apache_1.2.1/src/httpd.h Sun Jul 6 04:04:02 1997 --- ./src/httpd.h Thu Jul 31 17:27:07 1997 *************** *** 60,65 **** --- 60,66 ---- #include "alloc.h" #include "buff.h" + /* ----------------------------- config dir ------------------------------ */ /* Define this to be the default server home dir. Anything later in this *************** *** 97,105 **** */ ! /* -------------- Port number for server running standalone --------------- */ ! ! #define DEFAULT_PORT 80 /* --------- Default user name and group name running standalone ---------- */ /* --- These may be specified as numbers by placing a # before a number --- */ --- 98,116 ---- */ ! /* -------------- Port number and protocol for server running standalone -- */ ! #ifdef APACHE_SSL ! #define HTTP_PORT 80 ! #define HTTPS_PORT 443 ! #define default_port(r) ((r)->connection->client->ssl ? HTTPS_PORT : HTTP_POR T) ! #define is_default_port(port,r) ((port) == default_port(r)) ! #define http_method(r) ((r)->connection->client->ssl ? "https" : "http") ! #else ! #define DEFAULT_PORT 80 ! #define default_port(r) DEFAULT_PORT ! #define is_default_port(port,r) ((port) == DEFAULT_PORT) ! #define http_method(r) "http" ! #endif /* --------- Default user name and group name running standalone ---------- */ /* --- These may be specified as numbers by placing a # before a number --- */ *************** *** 256,262 **** * Example: "Apache/1.1.0 MrWidget/0.1-alpha" */ ! #define SERVER_BASEVERSION "Apache/1.2.1" /* SEE COMMENTS ABOVE */ #ifdef SERVER_SUBVERSION #define SERVER_VERSION SERVER_BASEVERSION " " SERVER_SUBVERSION #else --- 267,273 ---- * Example: "Apache/1.1.0 MrWidget/0.1-alpha" */ ! #define SERVER_BASEVERSION "Apache/1.2.1 Ben-SSL/1.8.1unoff" /* SEE COMMENTS A BOVE */ #ifdef SERVER_SUBVERSION #define SERVER_VERSION SERVER_BASEVERSION " " SERVER_SUBVERSION #else *************** *** 577,582 **** --- 588,601 ---- #define DEFAULT_VHOST_ADDR 0xfffffffful typedef struct server_addr_rec server_addr_rec; + + typedef unsigned int BOOL; + #define TRUE 1 + #define FALSE 0 + + #ifdef APACHE_SSL + int ApacheSSLSetupConnection(conn_rec * conn); + #endif struct server_addr_rec { server_addr_rec *next; struct in_addr host_addr; /* The bound address, for this server */ *************** *** 677,684 **** char *os_escape_path(pool *p,const char *path,int partial); #define escape_uri(ppool,path) os_escape_path(ppool,path,1) extern char *escape_html(pool *p, const char *s); ! char *construct_server(pool *p, const char *hostname, unsigned port); ! char *construct_url (pool *p, const char *path, const server_rec *s); char *escape_shell_cmd (pool *p, const char *s); int count_dirs(const char *path); --- 696,703 ---- char *os_escape_path(pool *p,const char *path,int partial); #define escape_uri(ppool,path) os_escape_path(ppool,path,1) extern char *escape_html(pool *p, const char *s); ! char *construct_server(pool *p, const char *hostname, unsigned port, const req uest_rec *r); ! char *construct_url (pool *p, const char *path, const request_rec *r); char *escape_shell_cmd (pool *p, const char *s); int count_dirs(const char *path); diff -C3 -r ../apache_1.2.1/src/md5.h ./src/md5.h *** ../apache_1.2.1/src/md5.h Wed Jan 1 19:10:03 1997 --- ./src/md5.h Thu Jul 31 16:09:06 1997 *************** *** 91,99 **** UINT4 state[4]; /* state (ABCD) */ UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ unsigned char buffer[64]; /* input buffer */ ! } MD5_CTX; ! extern void MD5Init(MD5_CTX *context); ! extern void MD5Update(MD5_CTX *context, const unsigned char *input, unsigned int inputLen); ! extern void MD5Final(unsigned char digest[16], MD5_CTX *context); --- 91,99 ---- UINT4 state[4]; /* state (ABCD) */ UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */ unsigned char buffer[64]; /* input buffer */ ! } APACHE_MD5_CTX; ! extern void MD5Init(APACHE_MD5_CTX *context); ! extern void MD5Update(APACHE_MD5_CTX *context, const unsigned char *input, unsigned int inputLen); ! extern void MD5Final(unsigned char digest[16], APACHE_MD5_CTX *context); diff -C3 -r ../apache_1.2.1/src/md5c.c ./src/md5c.c *** ../apache_1.2.1/src/md5c.c Wed Jan 1 19:10:04 1997 --- ./src/md5c.c Thu Jul 31 16:09:06 1997 *************** *** 158,164 **** /* MD5 initialization. Begins an MD5 operation, writing a new context. */ void ! MD5Init(MD5_CTX *context) { context->count[0] = context->count[1] = 0; /* Load magic initialization constants. */ --- 158,164 ---- /* MD5 initialization. Begins an MD5 operation, writing a new context. */ void ! MD5Init(APACHE_MD5_CTX *context) { context->count[0] = context->count[1] = 0; /* Load magic initialization constants. */ *************** *** 173,179 **** context. */ void ! MD5Update(MD5_CTX *context, const unsigned char *input, unsigned int inputLen) { unsigned int i, index, partLen; --- 173,179 ---- context. */ void ! MD5Update(APACHE_MD5_CTX *context, const unsigned char *input, unsigned int in putLen) { unsigned int i, index, partLen; *************** *** 209,215 **** the message digest and zeroizing the context. */ void ! MD5Final(unsigned char digest[16], MD5_CTX *context) { unsigned char bits[8]; unsigned int index, padLen; --- 209,215 ---- the message digest and zeroizing the context. */ void ! MD5Final(unsigned char digest[16], APACHE_MD5_CTX *context) { unsigned char bits[8]; unsigned int index, padLen; diff -C3 -r ../apache_1.2.1/src/mod_auth.c ./src/mod_auth.c *** ../apache_1.2.1/src/mod_auth.c Thu Apr 24 12:16:34 1997 --- ./src/mod_auth.c Thu Jul 31 16:09:06 1997 *************** *** 70,76 **** --- 70,82 ---- #include "http_log.h" #include "http_protocol.h" #if defined(HAVE_CRYPT_H) + #if defined(APACHE_SSL) + #define des_encrypt BASE_des_encrypt #include + #undef des_encrypt + #else + #include + #endif /* APACHE_SSL */ #endif typedef struct auth_config_struct { diff -C3 -r ../apache_1.2.1/src/mod_dir.c ./src/mod_dir.c *** ../apache_1.2.1/src/mod_dir.c Fri Jun 27 04:21:02 1997 --- ./src/mod_dir.c Thu Jul 31 16:09:07 1997 *************** *** 810,816 **** "/", NULL); table_set (r->headers_out, "Location", ! construct_url(r->pool, ifile, r->server)); return HTTP_MOVED_PERMANENTLY; } --- 810,816 ---- "/", NULL); table_set (r->headers_out, "Location", ! construct_url(r->pool, ifile, r)); return HTTP_MOVED_PERMANENTLY; } diff -C3 -r ../apache_1.2.1/src/mod_imap.c ./src/mod_imap.c *** ../apache_1.2.1/src/mod_imap.c Sat Apr 12 06:24:38 1997 --- ./src/mod_imap.c Thu Jul 31 16:09:07 1997 *************** *** 367,379 **** char my_base[SMALLBUF] = {'\0'}; if ( ! strcasecmp(value, "map" ) || ! strcasecmp(value, "menu") ) { ! if (r->server->port == DEFAULT_PORT ) { ! ap_snprintf(url, SMALLBUF, ! "http://%s%s", r->server->server_hostname, r->uri); } else { ! ap_snprintf(url, SMALLBUF, "http://%s:%d%s", r->server->server_hostname, ! r->server->port, r->uri); } return; } --- 367,379 ---- char my_base[SMALLBUF] = {'\0'}; if ( ! strcasecmp(value, "map" ) || ! strcasecmp(value, "menu") ) { ! if (is_default_port(r->server->port,r)) { ! ap_snprintf(url, SMALLBUF, ! "%s://%s%s", http_method(r), r->server->server_hostname, r->uri); } else { ! ap_snprintf(url, SMALLBUF, "%s://%s:%d%s", http_method(r), r->server->se rver_hostname, ! r->server->port, r->uri); } return; } *************** *** 411,421 **** url[SMALLBUF-1] = '\0'; } else { ! if (r->server->port == DEFAULT_PORT ) { ! ap_snprintf(url, SMALLBUF, "http://%s/", r->server->server_hostname); ! } ! if (r->server->port != DEFAULT_PORT ) { ! ap_snprintf(url, SMALLBUF, "http://%s:%d/", r->server->server_hostname, r->server->port); } /* no base, no value: pick a simple default */ } --- 411,420 ---- url[SMALLBUF-1] = '\0'; } else { ! if (is_default_port(r->server->port, r)) { ! ap_snprintf(url, SMALLBUF, "%s://%s/", http_method(r), r->server->server_host name); ! } else { ! ap_snprintf(url, SMALLBUF, "%s://%s:%d/", http_method(r), r->server->server_hostname, r->server->port); } /* no base, no value: pick a simple default */ } diff -C3 -r ../apache_1.2.1/src/mod_log_config.c ./src/mod_log_config.c *** ../apache_1.2.1/src/mod_log_config.c Sun May 4 22:47:27 1997 --- ./src/mod_log_config.c Thu Jul 31 16:09:07 1997 *************** *** 118,123 **** --- 118,132 ---- * %...l: remote logname (from identd, if supplied) * %...{Foobar}n: The contents of note "Foobar" from another module. * %...{Foobar}o: The contents of Foobar: header line(s) in the reply. + * + * Additional SSL directives: + * + * %...{cipher}c: cipher used (SSL_get_cipher) + * %...{clientcert}c: client certificate information + * %...{errcode}c: X509 verify error code + * %...{errstr}c: X509 verify error string + * %...{version}c: SSL version (SSLeay 0.8.0 and above) + * * %...p: the port the request was served to * %...P: the process ID of the child that serviced the request. * %...r: first line of request *************** *** 162,167 **** --- 171,180 ---- #include "http_config.h" #include "http_core.h" /* For REMOTE_NAME */ + #ifdef APACHE_SSL + #include + #endif + module config_log_module; static int xfer_flags = ( O_WRONLY | O_APPEND | O_CREAT ); *************** *** 340,345 **** --- 353,363 ---- ap_snprintf(pidnum, sizeof(pidnum), "%ld", (long)getpid()); return pstrdup(r->pool, pidnum); } + + #ifdef APACHE_SSL + extern char *log_ssl_info(request_rec *r, char *a); + #endif + /***************************************************************** * * Parsing the log format string *************** *** 367,372 **** --- 385,393 ---- { 'v', log_virtual_host, 0 }, { 'p', log_server_port, 0 }, { 'P', log_child_pid, 0 }, + #ifdef APACHE_SSL + { 'c', log_ssl_info, 0 }, + #endif { '\0' } }; *************** *** 487,492 **** --- 508,560 ---- return a; } + #ifdef APACHE_SSL + char *log_ssl_info(request_rec *r, char *a) + { + char str[MAX_STRING_LEN]; + + if(!r->connection->client->ssl) + return NULL; + + if(!strcmp(a, "cipher")) + return SSL_get_cipher(r->connection->client->ssl); + + if(!strcmp(a, "clientcert")) + return r->connection->client->szClientX509; + + if(!strcmp(a, "errcode")) + if(r->connection->client->nVerifyError) + { + sprintf(str, "%d", r->connection->client->nVerifyError); + return pstrdup(r->pool,str); + } + else + return NULL; + + if(!strcmp(a, "errstr")) + if(r->connection->client->nVerifyError) + #if SSLEAY_VERSION_NUMBER < 0x0800 + return X509_cert_verify_error_string(r->connection->client->nVerifyError) ; + #else + return X509_verify_cert_error_string(r->connection->client->nVerifyError) ; + #endif + else + return NULL; + + #if SSLEAY_VERSION_NUMBER >= 0x0800 + if(!strcmp(a, "version")) + { + static char v[2]; + + v[0]='0'+r->connection->client->ssl->session->ssl_version; + v[1]='\0'; + return v; + } + #endif + + return NULL; + } + #endif /***************************************************************** * * Actually logging. diff -C3 -r ../apache_1.2.1/src/mod_rewrite.c ./src/mod_rewrite.c *** ../apache_1.2.1/src/mod_rewrite.c Fri Jun 27 04:26:10 1997 --- ./src/mod_rewrite.c Thu Jul 31 16:09:07 1997 *************** *** 890,901 **** /* add the canonical URI of this URL */ thisserver = r->server->server_hostname; ! #ifdef APACHE_SSL ! if (((!r->connection->client->ssl) && (r->server->port == DEFAULT_PORT)) | | ! ((r->connection->client->ssl) && (r->server->port == 443))) ! #else ! if (r->server->port == DEFAULT_PORT) ! #endif thisport = ""; else { ap_snprintf(buf, sizeof(buf), ":%u", r->server->port); --- 890,896 ---- /* add the canonical URI of this URL */ thisserver = r->server->server_hostname; ! if(is_default_port(r->server->port,r)) thisport = ""; else { ap_snprintf(buf, sizeof(buf), ":%u", r->server->port); *************** *** 1631,1642 **** && !(strlen(r->filename) > 6 && strncmp(r->filename, "ftp://", 6) == 0) ) { ! #ifdef APACHE_SSL ! if ((!r->connection->client->ssl && r->server->port == DEFAULT _PORT) || ! ( r->connection->client->ssl && r->server->port == 443) ) ! #else ! if (r->server->port == DEFAULT_PORT) ! #endif port[0] = '\0'; else ap_snprintf(port, sizeof(port), ":%u", r->server->port); --- 1626,1632 ---- && !(strlen(r->filename) > 6 && strncmp(r->filename, "ftp://", 6) == 0) ) { ! if(is_default_port(r->server->port,r)) port[0] = '\0'; else ap_snprintf(port, sizeof(port), ":%u", r->server->port); *************** *** 1877,1883 **** EOS_PARANOIA(host); *cp = '/'; /* set port */ ! port = DEFAULT_PORT; /* set remaining url */ url = cp; } --- 1867,1873 ---- EOS_PARANOIA(host); *cp = '/'; /* set port */ ! port = default_port(r); /* set remaining url */ url = cp; } *************** *** 1886,1892 **** strncpy(host, hostp, sizeof(host)-1); EOS_PARANOIA(host); /* set port */ ! port = DEFAULT_PORT; /* set remaining url */ url = "/"; } --- 1876,1882 ---- strncpy(host, hostp, sizeof(host)-1); EOS_PARANOIA(host); /* set port */ ! port = default_port(r); /* set remaining url */ url = "/"; } Only in ./src/modules: Makefile diff -C3 -r ../apache_1.2.1/src/modules/proxy/proxy_util.c ./src/modules/proxy/p roxy_util.c *** ../apache_1.2.1/src/modules/proxy/proxy_util.c Wed Jun 4 23:20:07 1997 --- ./src/modules/proxy/proxy_util.c Thu Jul 31 16:09:08 1997 *************** *** 552,558 **** void proxy_hash(const char *it, char *val,int ndepth,int nlength) { ! MD5_CTX context; unsigned char digest[16]; char tmp[22]; int i, k, d; --- 552,558 ---- void proxy_hash(const char *it, char *val,int ndepth,int nlength) { ! APACHE_MD5_CTX context; unsigned char digest[16]; char tmp[22]; int i, k, d; Only in ./src/modules/proxy: proxy_util.c.orig Only in ./src: modules.c Only in ./src: modules.c.bak diff -C3 -r ../apache_1.2.1/src/util.c ./src/util.c *** ../apache_1.2.1/src/util.c Fri Jun 27 03:47:27 1997 --- ./src/util.c Thu Jul 31 16:09:07 1997 *************** *** 782,792 **** else return OK; } ! char *construct_server(pool *p, const char *hostname, unsigned port) { ! char portnum[22]; /* Long enough, even if port > 16 bits for some reason */ ! if (port == DEFAULT_PORT) return (char *)hostname; else { ap_snprintf (portnum, sizeof(portnum), "%u", port); --- 782,793 ---- else return OK; } ! char *construct_server(pool *p, const char *hostname, unsigned port, const req uest_rec *r) { ! char portnum[22]; /* Long enough, even if port > 16 bits for some reason */ + server_rec *s=r->server; ! if (is_default_port(port, r)) return (char *)hostname; else { ap_snprintf (portnum, sizeof(portnum), "%u", port); *************** *** 794,802 **** } } ! char *construct_url(pool *p, const char *uri, const server_rec *s) { ! return pstrcat (p, "http://", ! construct_server(p, s->server_hostname, s->port), uri, NULL); } --- 795,804 ---- } } ! char *construct_url(pool *p, const char *uri, const request_rec *r) { ! server_rec *s=r->server; ! return pstrcat (p, http_method(r), "://", ! construct_server(p, s->server_hostname, s->port, r), uri, NULL); } diff -C3 -r ../apache_1.2.1/src/util_md5.c ./src/util_md5.c *** ../apache_1.2.1/src/util_md5.c Wed Jan 1 19:10:26 1997 --- ./src/util_md5.c Thu Jul 31 16:09:07 1997 *************** *** 84,90 **** char *md5 (pool *p, unsigned char *string) { ! MD5_CTX my_md5; unsigned char hash[16]; char *r, result[33]; int i; --- 84,90 ---- char *md5 (pool *p, unsigned char *string) { ! APACHE_MD5_CTX my_md5; unsigned char hash[16]; char *r, result[33]; int i; *************** *** 149,155 **** static char basis_64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; ! char *md5contextTo64(pool *a, MD5_CTX *context) { unsigned char digest[18]; char *encodedDigest; --- 149,155 ---- static char basis_64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; ! char *md5contextTo64(pool *a, APACHE_MD5_CTX *context) { unsigned char digest[18]; char *encodedDigest; *************** *** 176,182 **** char *md5digest(pool *p, FILE *infile) { ! MD5_CTX context; unsigned char buf[1000]; long length = 0; int nbytes; --- 176,182 ---- char *md5digest(pool *p, FILE *infile) { ! APACHE_MD5_CTX context; unsigned char buf[1000]; long length = 0; int nbytes; diff -C3 -r ../apache_1.2.1/src/util_md5.h ./src/util_md5.h *** ../apache_1.2.1/src/util_md5.h Wed Jan 1 19:10:26 1997 --- ./src/util_md5.h Thu Jul 31 16:09:07 1997 *************** *** 53,58 **** #include "md5.h" char *md5(pool *a, unsigned char *string); ! char *md5contextTo64(pool *p, MD5_CTX *context); char *md5digest(pool *p, FILE *infile); --- 53,58 ---- #include "md5.h" char *md5(pool *a, unsigned char *string); ! char *md5contextTo64(pool *p, APACHE_MD5_CTX *context); char *md5digest(pool *p, FILE *infile); --_=XFMail.1.1.p0.Linux:970731180935:655=_-- End of MIME message -------------------------------------------------------------------------- APACHE mailinglist (un)subscribe requests to ml-apache-request@unix-ag.org (send 'help' to listserv@unix-ag.org in case of problems) -------------------------------------------------------------------------- --17pEHd4RhPHOinZp--