+++ /dev/null
---- httpd-2.2.3/support/apxs.in-orig 2006-11-01 00:59:27.000000000 +0100
-+++ httpd-2.2.3/support/apxs.in 2006-11-01 00:59:54.000000000 +0100
-@@ -35,6 +35,7 @@
- my $exec_prefix = get_vars("exec_prefix");
- my $datadir = get_vars("datadir");
- my $localstatedir = get_vars("localstatedir");
-+my $libdir = get_vars("libdir");
- my $CFG_TARGET = get_vars("progname");
- my $CFG_SYSCONFDIR = get_vars("sysconfdir");
- my $CFG_CFLAGS = join ' ', map { get_vars($_) }
-@@ -44,6 +45,7 @@
- my $CFG_CC = get_vars("CC");
- my $libexecdir = get_vars("libexecdir");
- my $CFG_LIBEXECDIR = eval qq("$libexecdir");
-+my $CFG_DESTDIR = '';
- my $sbindir = get_vars("sbindir");
- my $CFG_SBINDIR = eval qq("$sbindir");
- my $ltflags = $ENV{'LTFLAGS'};
-@@ -171,7 +173,7 @@
- my ($val) = $2;
- my $oldval = eval "\$CFG_$var";
-
-- unless ($var and $oldval) {
-+ unless ($var and defined $oldval) {
- print STDERR "apxs:Error: no config variable $var\n";
- &usage;
- }
-@@ -199,11 +201,10 @@
- ($httpd = $0) =~ s:support/apxs$::;
- }
-
--unless (-x "$httpd") {
-- error("$httpd not found or not executable");
-- exit 1;
-+if (not -x "$httpd") {
-+ print STDERR "Note: $httpd not found or not executable.\n";
- }
--
-+else {
- unless (grep /mod_so/, `. $envvars && $httpd -l`) {
- error("Sorry, no shared object support for Apache");
- error("available under your platform. Make sure");
-@@ -211,7 +212,7 @@
- error("your server binary `$httpd'.");
- exit 1;
- }
--
-+}
- sub get_config_vars{
- my ($file, $rh_config) = @_;
-
-@@ -479,8 +480,8 @@
- $t =~ s|\.[^./\\]+$|\.so|;
- if ($opt_i) {
- push(@cmds, "$installbuilddir/instdso.sh SH_LIBTOOL='" .
-- "$libtool' $f $CFG_LIBEXECDIR");
-- push(@cmds, "chmod 755 $CFG_LIBEXECDIR/$t");
-+ "$libtool' $f $CFG_DESTDIR$CFG_LIBEXECDIR");
-+ push(@cmds, "chmod 755 $CFG_DESTDIR$CFG_LIBEXECDIR/$t");
- }
-
- # determine module symbolname and filename
+++ /dev/null
---- httpd-2.2.14-v/server/mpm/worker/worker.c 2007-07-18 00:48:25.000000000 +1000
-+++ httpd-2.2.14/server/mpm/worker/worker.c 2009-11-02 09:40:23.129750043 +1100
-@@ -32,6 +32,7 @@
- #include "apr_poll.h"
- #define APR_WANT_STRFUNC
- #include "apr_want.h"
-+#include "apr_atomic.h"
-
- #if APR_HAVE_UNISTD_H
- #include <unistd.h>
-@@ -226,10 +227,73 @@
- */
- #define WORKER_SIGNAL AP_SIG_GRACEFUL
-
-+#ifdef HAVE_PTHREAD_KILL
-+/* Variables for suspending the worker threads. */
-+static volatile sig_atomic_t suspend_workers = 0;
-+static apr_uint32_t suspended_workers;
-+static apr_os_thread_t **worker_os_threads;
-+#endif
-+
- /* An array of socket descriptors in use by each thread used to
- * perform a non-graceful (forced) shutdown of the server. */
- static apr_socket_t **worker_sockets;
-
-+#ifdef HAVE_PTHREAD_KILL
-+static void worker_signal_handler(int sig)
-+{
-+ /* wait here if we are being suspended, otherwise just exit */
-+ if (suspend_workers) {
-+ sigset_t sigset;
-+
-+ apr_atomic_inc32(&suspended_workers);
-+
-+ sigfillset(&sigset);
-+ sigdelset(&sigset, WORKER_SIGNAL);
-+ sigsuspend(&sigset);
-+ }
-+}
-+
-+static void close_worker_sockets(void)
-+{
-+ int i, csd;
-+
-+ suspend_workers = 1;
-+ apr_atomic_set32(&suspended_workers, 0);
-+
-+ /* suspend worker threads */
-+ for (i = 0; i < ap_threads_per_child; i++) {
-+ if (worker_os_threads[i]) {
-+ pthread_kill(*worker_os_threads[i], WORKER_SIGNAL);
-+ }
-+ }
-+
-+ /* wait for threads to suspend, but press ahead after a while anyway */
-+ for (i = 0;
-+ apr_atomic_read32(&suspended_workers) < ap_threads_per_child && i < 25;
-+ i++) {
-+ apr_sleep(apr_time_from_sec(1) / 5);
-+ }
-+
-+ /* shut down all client sockets */
-+ for (i = 0; i < ap_threads_per_child; i++) {
-+ if (worker_sockets[i]) {
-+ apr_os_sock_get(&csd, worker_sockets[i]);
-+ if (csd != -1) {
-+ shutdown(csd, SHUT_RDWR);
-+ }
-+ }
-+ }
-+
-+ suspend_workers = 0;
-+
-+ /* resume worker threads */
-+ for (i = 0; i < ap_threads_per_child; i++) {
-+ if (worker_os_threads[i]) {
-+ pthread_kill(*worker_os_threads[i], WORKER_SIGNAL);
-+ }
-+ }
-+}
-+#else
- static void close_worker_sockets(void)
- {
- int i;
-@@ -240,6 +304,7 @@
- }
- }
- }
-+#endif
-
- static void wakeup_listener(void)
- {
-@@ -836,7 +901,7 @@
-
- #ifdef HAVE_PTHREAD_KILL
- unblock_signal(WORKER_SIGNAL);
-- apr_signal(WORKER_SIGNAL, dummy_signal_handler);
-+ apr_signal(WORKER_SIGNAL, worker_signal_handler);
- #endif
-
- while (!workers_may_exit) {
-@@ -977,6 +1042,10 @@
-
- worker_sockets = apr_pcalloc(pchild, ap_threads_per_child
- * sizeof(apr_socket_t *));
-+#ifdef HAVE_PTHREAD_KILL
-+ worker_os_threads = apr_pcalloc(pchild, ap_threads_per_child
-+ * sizeof(*worker_os_threads));
-+#endif
-
- loops = prev_threads_created = 0;
- while (1) {
-@@ -1012,6 +1081,9 @@
- /* let the parent decide how bad this really is */
- clean_child_exit(APEXIT_CHILDSICK);
- }
-+#ifdef HAVE_PTHREAD_KILL
-+ apr_os_thread_get(&worker_os_threads[i], threads[i]);
-+#endif
- threads_created++;
- }
- /* Start the listener only when there are workers available */
+++ /dev/null
-Index: httpd-2.2.x/modules/ssl/ssl_private.h
-===================================================================
---- httpd-2.2.x/modules/ssl/ssl_private.h (revision 833672)
-+++ httpd-2.2.x/modules/ssl/ssl_private.h (working copy)
-@@ -395,6 +395,9 @@ typedef struct {
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
- const char *szCryptoDevice;
- #endif
-+#ifndef OPENSSL_NO_TLSEXT
-+ ssl_enabled_t session_tickets_enabled;
-+#endif
- struct {
- void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
- } rCtx;
-@@ -545,6 +548,7 @@ const char *ssl_cmd_SSLRequire(cmd_parm
- const char *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg);
- const char *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag);
- const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag);
-+const char *ssl_cmd_SSLSessionTicketExtension(cmd_parms *cmd, void *cdfg, int flag);
-
- const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
- const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
-Index: httpd-2.2.x/modules/ssl/ssl_engine_init.c
-===================================================================
---- httpd-2.2.x/modules/ssl/ssl_engine_init.c (revision 833672)
-+++ httpd-2.2.x/modules/ssl/ssl_engine_init.c (working copy)
-@@ -382,6 +382,15 @@ static void ssl_init_ctx_tls_extensions(
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_die();
- }
-+
-+ /*
-+ * Session tickets (stateless resumption)
-+ */
-+ if ((myModConfig(s))->session_tickets_enabled == SSL_ENABLED_FALSE) {
-+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-+ "Disabling TLS session ticket support");
-+ SSL_CTX_set_options(mctx->ssl_ctx, SSL_OP_NO_TICKET);
-+ }
- }
- #endif
-
-@@ -1018,6 +1027,11 @@ void ssl_init_CheckServers(server_rec *b
-
- BOOL conflict = FALSE;
-
-+#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0
-+ unsigned char *tlsext_tick_keys = NULL;
-+ long tick_keys_len;
-+#endif
-+
- /*
- * Give out warnings when a server has HTTPS configured
- * for the HTTP port or vice versa
-@@ -1042,6 +1056,25 @@ void ssl_init_CheckServers(server_rec *b
- ssl_util_vhostid(p, s),
- DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT);
- }
-+
-+#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0
-+ /*
-+ * When using OpenSSL versions 0.9.8f through 0.9.8l, configure
-+ * the same ticket encryption parameters for every SSL_CTX (workaround
-+ * for SNI+SessionTicket extension interoperability issue in these versions)
-+ */
-+ if ((sc->enabled == SSL_ENABLED_TRUE) ||
-+ (sc->enabled == SSL_ENABLED_OPTIONAL)) {
-+ if (!tlsext_tick_keys) {
-+ tick_keys_len = SSL_CTX_ctrl((sc->server->ssl_ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,
-+ (-1),(NULL));
-+ tlsext_tick_keys = (unsigned char *)apr_palloc(p, tick_keys_len);
-+ RAND_bytes(tlsext_tick_keys, tick_keys_len);
-+ }
-+ SSL_CTX_ctrl((sc->server->ssl_ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,
-+ (tick_keys_len),(tlsext_tick_keys));
-+ }
-+#endif
- }
-
- /*
-Index: httpd-2.2.x/modules/ssl/ssl_engine_config.c
-===================================================================
---- httpd-2.2.x/modules/ssl/ssl_engine_config.c (revision 833672)
-+++ httpd-2.2.x/modules/ssl/ssl_engine_config.c (working copy)
-@@ -75,6 +75,9 @@ SSLModConfigRec *ssl_config_global_creat
- #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
- mc->szCryptoDevice = NULL;
- #endif
-+#ifndef OPENSSL_NO_TLSEXT
-+ mc->session_tickets_enabled = SSL_ENABLED_UNSET;
-+#endif
-
- memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys));
-
-@@ -1471,6 +1474,26 @@ const char *ssl_cmd_SSLStrictSNIVHostCh
- #endif
- }
-
-+const char *ssl_cmd_SSLSessionTicketExtension(cmd_parms *cmd, void *dcfg, int flag)
-+{
-+#ifndef OPENSSL_NO_TLSEXT
-+ const char *err;
-+ SSLModConfigRec *mc = myModConfig(cmd->server);
-+
-+ if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
-+ return err;
-+ }
-+
-+ mc->session_tickets_enabled = flag ? SSL_ENABLED_TRUE : SSL_ENABLED_FALSE;
-+
-+ return NULL;
-+#else
-+ return "SSLSessionTicketExtension failed; OpenSSL is not built with support "
-+ "for TLS extensions. Refer to the documentation, and build "
-+ "a compatible version of OpenSSL.";
-+#endif
-+}
-+
- void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
- {
- if (!ap_exists_config_define("DUMP_CERTS")) {
-Index: httpd-2.2.x/modules/ssl/ssl_engine_kernel.c
-===================================================================
---- httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (revision 833672)
-+++ httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (working copy)
-@@ -29,6 +29,7 @@
- time I was too famous.''
- -- Unknown */
- #include "ssl_private.h"
-+#include "util_md5.h"
-
- static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
- #ifndef OPENSSL_NO_TLSEXT
-@@ -2010,6 +2011,7 @@ static int ssl_find_vhost(void *serverna
- apr_array_header_t *names;
- int i;
- SSLConnRec *sslcon;
-+ char *sid_ctx;
-
- /* check ServerName */
- if (!strcasecmp(servername, s->server_hostname)) {
-@@ -2074,6 +2076,21 @@ static int ssl_find_vhost(void *serverna
- SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),
- SSL_CTX_get_verify_callback(ssl->ctx));
- }
-+ /*
-+ * Adjust the session id context. ssl_init_ssl_connection()
-+ * always picks the configuration of the first vhost when
-+ * calling SSL_new(), but we want to tie the session to the
-+ * vhost we have just switched to. Again, we have to make sure
-+ * that we're not overwriting a session id context which was
-+ * possibly set in ssl_hook_Access(), before triggering
-+ * a renegotation.
-+ */
-+ if (!SSL_num_renegotiations(ssl)) {
-+ sid_ctx = ap_md5_binary(c->pool, (unsigned char*)sc->vhost_id,
-+ sc->vhost_id_len);
-+ SSL_set_session_id_context(ssl, (unsigned char *)sid_ctx,
-+ APR_MD5_DIGESTSIZE*2);
-+ }
-
- /*
- * Save the found server into our SSLConnRec for later
-Index: httpd-2.2.x/modules/ssl/mod_ssl.c
-===================================================================
---- httpd-2.2.x/modules/ssl/mod_ssl.c (revision 833672)
-+++ httpd-2.2.x/modules/ssl/mod_ssl.c (working copy)
-@@ -92,6 +92,8 @@ static const command_rec ssl_config_cmds
- SSL_CMD_SRV(RandomSeed, TAKE23,
- "SSL Pseudo Random Number Generator (PRNG) seeding source "
- "(`startup|connect builtin|file:/path|exec:/path [bytes]')")
-+ SSL_CMD_SRV(SessionTicketExtension, FLAG,
-+ "TLS Session Ticket extension support")
-
- /*
- * Per-server context configuration directives
TLD / packages / apache.git / commitdiff