From af5c1e7ffa36a2b61d00671a83620879d4df270b Mon Sep 17 00:00:00 2001 From: Andrew McNab Date: Tue, 30 Mar 2010 14:52:22 +0000 Subject: [PATCH] Patch from Jan Just Keijser --- org.gridsite.core/CHANGES | 8 ++++ org.gridsite.core/VERSION | 2 +- org.gridsite.core/src/mod_gridsite.c | 69 +++++++++++++++++++++++++++------ org.gridsite.core/src/mod_ssl-private.h | 12 ++++++ 4 files changed, 79 insertions(+), 12 deletions(-) diff --git a/org.gridsite.core/CHANGES b/org.gridsite.core/CHANGES index 506673b..4bff845 100644 --- a/org.gridsite.core/CHANGES +++ b/org.gridsite.core/CHANGES @@ -1,6 +1,14 @@ +* Tue Mar 30 2010 Andrew McNab +- Apply patch to mod_gridsite.c from Jan Just Keijser + to detect change to + SSLSrvConfigRec etc in "sslireneg" patch to mod_ssl +* Tue Mar 30 2010 Andrew McNab +- ==== GridSite version 1.1.20 ==== * Thu Sep 18 2008 - Changed makefile and spec file to include platform independent use of lib/lib64. +* Thu Sep 18 2008 +- ==== GridSite version 1.1.19 ==== * Mon Apr 24 2006 Andrew McNab - Merge delegation functions from before 1.1.18 with fixes and mod_gridsite improvements from 1.1.18 diff --git a/org.gridsite.core/VERSION b/org.gridsite.core/VERSION index 139741d..846aa54 100644 --- a/org.gridsite.core/VERSION +++ b/org.gridsite.core/VERSION @@ -1,4 +1,4 @@ MAJOR_VERSION=1 MINOR_VERSION=1.1 -PATCH_VERSION=1.1.19 +PATCH_VERSION=1.1.20 VERSION=$(PATCH_VERSION) diff --git a/org.gridsite.core/src/mod_gridsite.c b/org.gridsite.core/src/mod_gridsite.c index deff9f3..1d5ed2e 100644 --- a/org.gridsite.core/src/mod_gridsite.c +++ b/org.gridsite.core/src/mod_gridsite.c @@ -1417,7 +1417,7 @@ static void *create_gridsite_srv_config(apr_pool_t *p, server_rec *s) sitecastgroups[i].port = 0; /* GridSiteCastGroup mcast-list */ - for (i=1; i <= GRST_SITECAST_ALIASES; ++i) + for (i=0; i <= GRST_SITECAST_ALIASES; ++i) { sitecastaliases[i].sitecast_url = NULL; sitecastaliases[i].local_path = NULL; @@ -3026,16 +3026,50 @@ void sitecast_responder(server_rec *main_server) } /* **** end of main listening loop **** */ } +SSL_CTX *mod_gridsite_get_ssl_context( server_rec *this_server) +{ + SSLSrvConfigRec *sc; + SSL_CTX *ctx = NULL; + + sc = ap_get_module_config(this_server->module_config, &ssl_module); + + if ((sc != NULL) && + (sc->enabled) && + (sc->server != NULL) && + (sc->server->ssl_ctx != NULL)) + ctx = sc->server->ssl_ctx; + + return ctx; +} + +SSL_CTX *mod_gridsite_get_ssl_context2(server_rec *this_server) +{ + SSLSrvConfigRec2 *sc; + SSL_CTX *ctx = NULL; + + sc = ap_get_module_config(this_server->module_config, &ssl_module); + + if ((sc != NULL) && + (sc->enabled) && + (sc->server != NULL) && + (sc->server->ssl_ctx != NULL)) + ctx = sc->server->ssl_ctx; + + return ctx; +} + static int mod_gridsite_server_post_config(apr_pool_t *pPool, apr_pool_t *pLog, apr_pool_t *pTemp, server_rec *main_server) { SSL_CTX *ctx; - SSLSrvConfigRec *sc; + int i =0; + int mod_ssl_with_insecure_reneg = 0; server_rec *this_server; apr_proc_t *procnew = NULL; apr_status_t status; char *path; const char *userdata_key = "sitecast_init"; + const char *insecure_reneg = "SSLInsecureRenegotiation"; apr_pool_userdata_get((void **) &procnew, userdata_key, main_server->process->pool); @@ -3078,20 +3112,33 @@ static int mod_gridsite_server_post_config(apr_pool_t *pPool, ap_add_version_component(pPool, apr_psprintf(pPool, "mod_gridsite/%s", VERSION)); + + /* look for a SSLInsecureRenegotiation flag - if it exists then the mod_ssl + internal variable 'SSLSrvConfigRec' is different */ + while ( ssl_module.cmds[i].name && !mod_ssl_with_insecure_reneg) + { + mod_ssl_with_insecure_reneg = (strncmp( ssl_module.cmds[i].name, + insecure_reneg, sizeof(insecure_reneg) ) == 0); + i++; + } + + + ap_log_error(APLOG_MARK, APLOG_NOTICE, status, main_server, + "mod_gridsite: mod_ssl_with_insecure_reneg = %d", mod_ssl_with_insecure_reneg); + for (this_server = main_server; this_server != NULL; this_server = this_server->next) { /* we do some GridSite OpenSSL magic for HTTPS servers */ - - sc = ap_get_module_config(this_server->module_config, &ssl_module); + + if (mod_ssl_with_insecure_reneg) + ctx = mod_gridsite_get_ssl_context2(this_server); + else + ctx = mod_gridsite_get_ssl_context(this_server); - if ((sc != NULL) && - (sc->enabled) && - (sc->server != NULL) && - (sc->server->ssl_ctx != NULL)) - { - ctx = sc->server->ssl_ctx; + if (ctx) + { /* in 0.9.7 we could set the issuer-checking callback directly */ // ctx->cert_store->check_issued = GRST_X509_check_issued_wrapper; @@ -3108,7 +3155,7 @@ static int mod_gridsite_server_post_config(apr_pool_t *pPool, if (main_server->loglevel >= APLOG_DEBUG) ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, main_server, "Set mod_ssl verify callbacks to GridSite wrappers"); - } + } } /* create sessions directory if necessary */ diff --git a/org.gridsite.core/src/mod_ssl-private.h b/org.gridsite.core/src/mod_ssl-private.h index 7b0b784..d6c8854 100644 --- a/org.gridsite.core/src/mod_ssl-private.h +++ b/org.gridsite.core/src/mod_ssl-private.h @@ -103,4 +103,16 @@ typedef struct { modssl_ctx_t *proxy; } SSLSrvConfigRec; +typedef struct { + void *mc; + unsigned int enabled; + unsigned int proxy_enabled; + const char *vhost_id; + int vhost_id_len; + int session_cache_timeout; + int insecure_reneg; + modssl_ctx_t *server; + modssl_ctx_t *proxy; +} SSLSrvConfigRec2; + extern module AP_MODULE_DECLARE_DATA ssl_module; -- 1.8.2.3