[rs-commit] r43 - in /mod_spkac/trunk: ChangeLog Makefile.in configure configure.ac mod_spkac.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Fri Apr 19 19:56:50 CEST 2019
Author: minfrin at redwax.eu
Date: Fri Apr 19 19:56:50 2019
New Revision: 43
Log:
Work around OpenSSL regression https://github.com/openssl/openssl/issues/8553
Modified:
mod_spkac/trunk/ChangeLog
mod_spkac/trunk/Makefile.in
mod_spkac/trunk/configure
mod_spkac/trunk/configure.ac
mod_spkac/trunk/mod_spkac.c
Modified: mod_spkac/trunk/ChangeLog
==============================================================================
--- mod_spkac/trunk/ChangeLog (original)
+++ mod_spkac/trunk/ChangeLog Fri Apr 19 19:56:50 2019
@@ -1,5 +1,8 @@
Changes with v0.2.0
+
+ *) Work around OpenSSL regression https://github.com/openssl/openssl/issues/8553
+ [Graham Leggett]
*) Honour CFLAGS during build. [Graham Leggett]
Modified: mod_spkac/trunk/Makefile.in
==============================================================================
--- mod_spkac/trunk/Makefile.in (original)
+++ mod_spkac/trunk/Makefile.in Fri Apr 19 19:56:50 2019
@@ -95,6 +95,7 @@
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
CONFIG_CLEAN_FILES = mod_spkac.spec
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_ at AM_V@)
@@ -116,10 +117,31 @@
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/mod_spkac.spec.in \
- AUTHORS COPYING ChangeLog INSTALL NEWS README compile \
- install-sh missing
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
+ $(LISP)config.h.in
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+CSCOPE = cscope
+AM_RECURSIVE_TARGETS = cscope
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
+ $(srcdir)/mod_spkac.spec.in AUTHORS COPYING ChangeLog INSTALL \
+ NEWS README compile install-sh missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@@ -231,7 +253,8 @@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
EXTRA_DIST = mod_spkac.c mod_spkac.spec
-all: all-am
+all: config.h
+ $(MAKE) $(AM_MAKEFLAGS) all-am
.SUFFIXES:
am--refresh: Makefile
@@ -267,14 +290,82 @@
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+ @test -f $@ || rm -f stamp-h1
+ @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+ @rm -f stamp-h1
+ cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in: $(am__configure_deps)
+ ($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+ rm -f stamp-h1
+ touch $@
+
+distclean-hdr:
+ -rm -f config.h stamp-h1
mod_spkac.spec: $(top_builddir)/config.status $(srcdir)/mod_spkac.spec.in
cd $(top_builddir) && $(SHELL) ./config.status $@
-tags TAGS:
-
-ctags CTAGS:
-
-cscope cscopelist:
-
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscope: cscope.files
+ test ! -s cscope.files \
+ || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS)
+clean-cscope:
+ -rm -f cscope.files
+cscope.files: clean-cscope cscopelist
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+ -rm -f cscope.out cscope.in.out cscope.po.out cscope.files
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
@@ -443,7 +534,7 @@
exit 1; } >&2
check-am: all-am
check: check-am
-all-am: Makefile all-local
+all-am: Makefile config.h all-local
installdirs:
install: install-am
install-exec: install-exec-am
@@ -482,7 +573,7 @@
distclean: distclean-am
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-rm -f Makefile
-distclean-am: clean-am distclean-generic
+distclean-am: clean-am distclean-generic distclean-hdr distclean-tags
dvi: dvi-am
@@ -544,21 +635,22 @@
uninstall-am:
-.MAKE: install-am install-strip
-
-.PHONY: all all-am all-local am--refresh check check-am clean \
- clean-generic cscopelist-am ctags-am dist dist-all dist-bzip2 \
- dist-gzip dist-lzip dist-shar dist-tarZ dist-xz dist-zip \
- distcheck distclean distclean-generic distcleancheck distdir \
- distuninstallcheck dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-exec-local \
- install-html install-html-am install-info install-info-am \
- install-man install-pdf install-pdf-am install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags-am \
- uninstall uninstall-am
+.MAKE: all install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am all-local am--refresh check \
+ check-am clean clean-cscope clean-generic cscope cscopelist-am \
+ ctags ctags-am dist dist-all dist-bzip2 dist-gzip dist-lzip \
+ dist-shar dist-tarZ dist-xz dist-zip distcheck distclean \
+ distclean-generic distclean-hdr distclean-tags distcleancheck \
+ distdir distuninstallcheck dvi dvi-am html html-am info \
+ info-am install install-am install-data install-data-am \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-exec-local install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
+ pdf-am ps ps-am tags tags-am uninstall uninstall-am
.PRECIOUS: Makefile
Modified: mod_spkac/trunk/configure
==============================================================================
--- mod_spkac/trunk/configure (original)
+++ mod_spkac/trunk/configure Fri Apr 19 19:56:50 2019
@@ -2834,6 +2834,8 @@
ac_config_files="$ac_config_files Makefile mod_spkac.spec"
+ac_config_headers="$ac_config_headers config.h"
+
# Checks for programs.
ac_ext=c
@@ -4732,12 +4734,12 @@
# Checks for library functions.
-for ac_func in strcasecmp
+for ac_func in ASN1_STRING_get0_data
do :
- ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp"
-if test "x$ac_cv_func_strcasecmp" = xyes; then :
+ ac_fn_c_check_func "$LINENO" "ASN1_STRING_get0_data" "ac_cv_func_ASN1_STRING_get0_data"
+if test "x$ac_cv_func_ASN1_STRING_get0_data" = xyes; then :
cat >>confdefs.h <<_ACEOF
-#define HAVE_STRCASECMP 1
+#define HAVE_ASN1_STRING_GET0_DATA 1
_ACEOF
fi
@@ -4835,43 +4837,7 @@
# Let make expand exec_prefix.
test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
-# Transform confdefs.h into DEFS.
-# Protect against shell expansion while executing Makefile rules.
-# Protect against Makefile macro expansion.
-#
-# If the first sed substitution is executed (which looks for macros that
-# take arguments), then branch to the quote section. Otherwise,
-# look for a macro that doesn't take arguments.
-ac_script='
-:mline
-/\\$/{
- N
- s,\\\n,,
- b mline
-}
-t clear
-:clear
-s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g
-t quote
-s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g
-t quote
-b any
-:quote
-s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g
-s/\[/\\&/g
-s/\]/\\&/g
-s/\$/$$/g
-H
-:any
-${
- g
- s/^\n//
- s/\n/ /g
- p
-}
-'
-DEFS=`sed -n "$ac_script" confdefs.h`
-
+DEFS=-DHAVE_CONFIG_H
ac_libobjs=
ac_ltlibobjs=
@@ -5329,11 +5295,15 @@
"*) set x $ac_config_files; shift; ac_config_files=$*;;
esac
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
# Files that config.status was made for.
config_files="$ac_config_files"
+config_headers="$ac_config_headers"
config_commands="$ac_config_commands"
_ACEOF
@@ -5355,9 +5325,14 @@
--recheck update $as_me by reconfiguring in the same conditions
--file=FILE[:TEMPLATE]
instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
Configuration files:
$config_files
+
+Configuration headers:
+$config_headers
Configuration commands:
$config_commands
@@ -5425,7 +5400,18 @@
esac
as_fn_append CONFIG_FILES " '$ac_optarg'"
ac_need_defaults=false;;
- --he | --h | --help | --hel | -h )
+ --header | --heade | --head | --hea )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --he | --h)
+ # Conflict between --help and --header
+ as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+ --help | --hel | -h )
$as_echo "$ac_cs_usage"; exit ;;
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil | --si | --s)
@@ -5488,6 +5474,7 @@
case $ac_config_target in
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
"mod_spkac.spec") CONFIG_FILES="$CONFIG_FILES mod_spkac.spec" ;;
+ "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
"depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
@@ -5501,6 +5488,7 @@
# bizarre bug on SunOS 4.1.3.
if $ac_need_defaults; then
test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
fi
@@ -5689,8 +5677,116 @@
cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
fi # test -n "$CONFIG_FILES"
-
-eval set X " :F $CONFIG_FILES :C $CONFIG_COMMANDS"
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+ ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_tt"; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any. Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[ ]*#[ ]*define[ ][ ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ for (key in D) D_is_set[key] = 1
+ FS = "�"
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+ line = \$ 0
+ split(line, arg, " ")
+ if (arg[1] == "#") {
+ defundef = arg[2]
+ mac1 = arg[3]
+ } else {
+ defundef = substr(arg[1], 2)
+ mac1 = arg[2]
+ }
+ split(mac1, mac2, "(") #)
+ macro = mac2[1]
+ prefix = substr(line, 1, index(line, defundef) - 1)
+ if (D_is_set[macro]) {
+ # Preserve the white space surrounding the "#".
+ print prefix "define", macro P[macro] D[macro]
+ next
+ } else {
+ # Replace #undef with comments. This is necessary, for example,
+ # in the case of _POSIX_SOURCE, which is predefined and required
+ # on some systems where configure will not decide to define it.
+ if (defundef == "undef") {
+ print "/*", prefix defundef, macro, "*/"
+ next
+ }
+ }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS"
shift
for ac_tag
do
@@ -5909,7 +6005,64 @@
esac \
|| as_fn_error $? "could not create $ac_file" "$LINENO" 5
;;
-
+ :H)
+ #
+ # CONFIG_HEADER
+ #
+ if test x"$ac_file" != x-; then
+ {
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
+ } >"$ac_tmp/config.h" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+ else
+ rm -f "$ac_file"
+ mv "$ac_tmp/config.h" "$ac_file" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ fi
+ else
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
+ || as_fn_error $? "could not create -" "$LINENO" 5
+ fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $_am_arg | $_am_arg:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$_am_arg" : 'X\(//\)[^/]' \| \
+ X"$_am_arg" : 'X\(//\)$' \| \
+ X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
:C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
$as_echo "$as_me: executing $ac_file commands" >&6;}
Modified: mod_spkac/trunk/configure.ac
==============================================================================
--- mod_spkac/trunk/configure.ac (original)
+++ mod_spkac/trunk/configure.ac Fri Apr 19 19:56:50 2019
@@ -6,6 +6,7 @@
AM_INIT_AUTOMAKE([dist-bzip2])
AC_CONFIG_FILES([Makefile mod_spkac.spec])
AC_CONFIG_SRCDIR([mod_spkac.c])
+AC_CONFIG_HEADERS([config.h])
# Checks for programs.
AC_PROG_CC
@@ -61,7 +62,7 @@
AC_TYPE_SIZE_T
# Checks for library functions.
-AC_CHECK_FUNCS([strcasecmp])
+AC_CHECK_FUNCS([ASN1_STRING_get0_data])
AC_SUBST(PACKAGE_VERSION)
AC_OUTPUT
Modified: mod_spkac/trunk/mod_spkac.c
==============================================================================
--- mod_spkac/trunk/mod_spkac.c (original)
+++ mod_spkac/trunk/mod_spkac.c Fri Apr 19 19:56:50 2019
@@ -43,10 +43,20 @@
#include "mod_ca.h"
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+#include "config.h"
+
#define DEFAULT_SPKAC_SIZE 128*1024
#define DEFAULT_SPKAC_NAME "key"
module AP_MODULE_DECLARE_DATA spkac_module;
+
+EVP_PKEY *pknull;
+const EVP_MD *mdnull;
typedef struct
{
@@ -857,11 +867,21 @@
}
X509_REQ_set_pubkey(creq, pktmp);
+ /* sign the X509_REQ with a dummy signature to work around serialisation bugs in openssl */
+ X509_REQ_sign(creq, pknull, mdnull);
+
+ /* alternative workaround - duplicate the signature algorithm */
+ // creq->sig_alg = X509_ALGOR_dup(req->sig_alg);
+
/* extract the challenge, if present */
if (spki->spkac->challenge) {
if (!X509_REQ_add1_attr_by_txt(creq, "challengePassword",
ASN1_STRING_type(spki->spkac->challenge),
+#if HAVE_ASN1_STRING_GET0_DATA
+ ASN1_STRING_get0_data(spki->spkac->challenge),
+#else
ASN1_STRING_data(spki->spkac->challenge),
+#endif
ASN1_STRING_length(spki->spkac->challenge))) {
log_message(r, APR_SUCCESS,
"could not add the challenge to the certificate request");
@@ -1081,6 +1101,9 @@
static apr_status_t spkac_cleanup(void *data)
{
+ EVP_PKEY_free(pknull);
+ pknull = NULL;
+
ERR_free_strings();
EVP_cleanup();
return APR_SUCCESS;
@@ -1089,11 +1112,41 @@
static int spkac_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
apr_pool_t *ptemp)
{
+ EVP_PKEY_CTX *ctx;
+ int rv;
+
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
apr_pool_cleanup_register(pconf, NULL, spkac_cleanup,
apr_pool_cleanup_null);
+
+ /* create a once off null key for signing X509_REQ structures where a key is not available */
+ ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
+ if (!ctx) {
+ ap_log_error(APLOG_MARK,APLOG_CRIT, 0, NULL,
+ "EVP_PKEY_CTX_new_id() returned a NULL context, aborting");
+ return DONE;
+ }
+ if ((rv = EVP_PKEY_keygen_init(ctx)) <= 0) {
+ ap_log_error(APLOG_MARK,APLOG_CRIT, 0, NULL,
+ "EVP_PKEY_keygen_init() returned %d, aborting", rv);
+ return DONE;
+ }
+ if ((rv = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048)) <= 0) {
+ ap_log_error(APLOG_MARK,APLOG_CRIT, 0, NULL,
+ "EVP_PKEY_CTX_set_rsa_keygen_bits() returned %d, aborting", rv);
+ return DONE;
+ }
+
+ /* Generate key */
+ if ((rv = EVP_PKEY_keygen(ctx, &pknull)) <= 0) {
+ ap_log_error(APLOG_MARK,APLOG_CRIT, 0, NULL,
+ "EVP_PKEY_keygen() returned %d, aborting", rv);
+ return DONE;
+ }
+
+ mdnull = EVP_sha256();
return APR_SUCCESS;
}
More information about the rs-commit
mailing list