[SCM] Debian packaging for apache2 branch, master, updated. debian/2.2.22-3-51-gf4c9309
Stefan Fritsch
sf at sfritsch.de
Mon Jul 30 20:40:03 UTC 2012
The following commit has been merged in the master branch:
commit c7243019a11fa227c1cc2bcb2bcb3823e5fc5956
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Mon Jul 30 22:22:07 2012 +0200
Fix and simplify patch
diff --git a/debian/patches/SSLProtocol-tls11-12.2.patch b/debian/patches/SSLProtocol-tls11-12.2.patch
index f483728..3c1c925 100644
--- a/debian/patches/SSLProtocol-tls11-12.2.patch
+++ b/debian/patches/SSLProtocol-tls11-12.2.patch
@@ -1,6 +1,6 @@
Description: Support TLSv1.1 and TLSv1.2 in SSLProtocol directive
Forwarded: not-needed
-Author: kbrand at apache.org, wrowe at apache.org
+Author: Stefan Fritsch
Last-Update: 2012-07-30
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682897
#
@@ -30,29 +30,20 @@ Index: apache2/modules/ssl/ssl_private.h
#include "ssl_util_ssl.h"
/** The #ifdef macros are only defined AFTER including the above
-@@ -215,13 +220,22 @@
- * Define the SSL Protocol options
- */
- #define SSL_PROTOCOL_NONE (0)
-+#ifndef OPENSSL_NO_SSL2
+@@ -218,10 +223,14 @@
#define SSL_PROTOCOL_SSLV2 (1<<0)
-+#endif
#define SSL_PROTOCOL_SSLV3 (1<<1)
#define SSL_PROTOCOL_TLSV1 (1<<2)
--#ifndef OPENSSL_NO_SSL2
--#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-+#ifdef OPENSSL_NO_SSL2
-+#define SSL_MOST_ALL SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1
-+#else
-+#define SSL_MOST_ALL SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1
-+#endif
-+#ifdef HAVE_TLSV1_X
+#define SSL_PROTOCOL_TLSV1_1 (1<<3)
+#define SSL_PROTOCOL_TLSV1_2 (1<<4)
-+#define SSL_PROTOCOL_ALL (SSL_MOST_ALL|SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
+ #ifndef OPENSSL_NO_SSL2
+-#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
++#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|\
++ SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
#else
-#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-+#define SSL_PROTOCOL_ALL (SSL_MOST_ALL)
++#define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|\
++ SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
#endif
typedef int ssl_proto_t;
@@ -60,13 +51,8 @@ Index: apache2/modules/ssl/ssl_engine_init.c
===================================================================
--- apache2.orig/modules/ssl/ssl_engine_init.c
+++ apache2/modules/ssl/ssl_engine_init.c
-@@ -456,9 +456,15 @@
- }
-
- cp = apr_pstrcat(p,
-+#ifndef OPENSSL_NO_SSL2
+@@ -459,6 +459,10 @@
(protocol & SSL_PROTOCOL_SSLV2 ? "SSLv2, " : ""),
-+#endif
(protocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""),
(protocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""),
+#ifdef HAVE_TLSV1_X
@@ -76,7 +62,7 @@ Index: apache2/modules/ssl/ssl_engine_init.c
NULL);
cp[strlen(cp)-2] = NUL;
-@@ -474,6 +480,19 @@
+@@ -474,6 +478,21 @@
}
else
#endif
@@ -85,30 +71,20 @@ Index: apache2/modules/ssl/ssl_engine_init.c
+ method = mctx->pkp ?
+ TLSv1_1_client_method() : /* proxy */
+ TLSv1_1_server_method(); /* server */
++ ctx = SSL_CTX_new(method);
+ }
+ else if (protocol == SSL_PROTOCOL_TLSV1_2) {
+ method = mctx->pkp ?
+ TLSv1_2_client_method() : /* proxy */
+ TLSv1_2_server_method(); /* server */
++ ctx = SSL_CTX_new(method);
+ }
+ else
+#endif
{
method = mctx->pkp ?
SSLv23_client_method() : /* proxy */
-@@ -485,9 +504,11 @@
-
- SSL_CTX_set_options(ctx, SSL_OP_ALL);
-
-+#ifndef OPENSSL_NO_SSL2
- if (!(protocol & SSL_PROTOCOL_SSLV2)) {
- SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
- }
-+#endif
-
- if (!(protocol & SSL_PROTOCOL_SSLV3)) {
- SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
-@@ -497,6 +518,16 @@
+@@ -497,6 +516,16 @@
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
}
@@ -129,18 +105,7 @@ Index: apache2/modules/ssl/ssl_engine_config.c
===================================================================
--- apache2.orig/modules/ssl/ssl_engine_config.c
+++ apache2/modules/ssl/ssl_engine_config.c
-@@ -1277,8 +1277,9 @@
- if (action != '-') {
- return "SSLv2 not supported by this version of OpenSSL";
- }
--#endif
-+#else
- thisopt = SSL_PROTOCOL_SSLV2;
-+#endif
- }
- else if (strcEQ(w, "SSLv3")) {
- thisopt = SSL_PROTOCOL_SSLV3;
-@@ -1286,6 +1287,14 @@
+@@ -1286,6 +1286,14 @@
else if (strcEQ(w, "TLSv1")) {
thisopt = SSL_PROTOCOL_TLSV1;
}
--
Debian packaging for apache2
More information about the Pkg-apache-commits
mailing list