[rs-commit] r309 - in /mod_pkcs7/trunk: ./ AUTHORS COPYING ChangeLog INSTALL Makefile.am NEWS README configure.ac mod_pkcs7.c mod_pkcs7.spec.in

rs-commit at redwax.eu rs-commit at redwax.eu
Tue Feb 25 01:17:27 CET 2020


Author: minfrin at redwax.eu
Date: Tue Feb 25 01:17:26 2020
New Revision: 309

Log:
Initial import of mod_pkcs7.

Added:
    mod_pkcs7/trunk/AUTHORS
    mod_pkcs7/trunk/COPYING
    mod_pkcs7/trunk/ChangeLog
    mod_pkcs7/trunk/INSTALL
    mod_pkcs7/trunk/Makefile.am
    mod_pkcs7/trunk/NEWS
    mod_pkcs7/trunk/README
    mod_pkcs7/trunk/configure.ac
    mod_pkcs7/trunk/mod_pkcs7.c
    mod_pkcs7/trunk/mod_pkcs7.spec.in
Modified:
    mod_pkcs7/trunk/   (props changed)

Propchange: mod_pkcs7/trunk/
------------------------------------------------------------------------------
--- svn:ignore	(added)
+++ svn:ignore	Tue Feb 25 01:17:26 2020
@@ -0,0 +1,18 @@
+aclocal.m4
+compile
+configure
+config.log
+config.h
+Makefile
+Makefile.in
+.project
+.cproject
+.settings
+.autotools
+*.slo
+*.spec
+config.status
+autom4te.cache
+missing
+install-sh
+

Added: mod_pkcs7/trunk/AUTHORS
==============================================================================
--- mod_pkcs7/trunk/AUTHORS	(added)
+++ mod_pkcs7/trunk/AUTHORS	Tue Feb 25 01:17:26 2020
@@ -0,0 +1,5 @@
+
+(C) 2020 Stichting The Commons Conservancy
+
+Written by: Graham Leggett <minfrin at redwax.eu>
+

Added: mod_pkcs7/trunk/COPYING
==============================================================================
--- mod_pkcs7/trunk/COPYING	(added)
+++ mod_pkcs7/trunk/COPYING	Tue Feb 25 01:17:26 2020
@@ -0,0 +1,177 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+

Added: mod_pkcs7/trunk/ChangeLog
==============================================================================
--- mod_pkcs7/trunk/ChangeLog	(added)
+++ mod_pkcs7/trunk/ChangeLog	Tue Feb 25 01:17:26 2020
@@ -0,0 +1,5 @@
+
+Changes with v0.2.0
+
+ *) Initial import of mod_pkcs7. [Graham Leggett]
+

Added: mod_pkcs7/trunk/INSTALL
==============================================================================
--- mod_pkcs7/trunk/INSTALL	(added)
+++ mod_pkcs7/trunk/INSTALL	Tue Feb 25 01:17:26 2020
@@ -0,0 +1,368 @@
+Installation Instructions
+*************************
+
+   Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software
+Foundation, Inc.
+
+   Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.  This file is offered as-is,
+without warranty of any kind.
+
+Basic Installation
+==================
+
+   Briefly, the shell command './configure && make && make install'
+should configure, build, and install this package.  The following
+more-detailed instructions are generic; see the 'README' file for
+instructions specific to this package.  Some packages provide this
+'INSTALL' file but do not implement all of the features documented
+below.  The lack of an optional feature in a given package is not
+necessarily a bug.  More recommendations for GNU packages can be found
+in *note Makefile Conventions: (standards)Makefile Conventions.
+
+   The 'configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation.  It uses
+those values to create a 'Makefile' in each directory of the package.
+It may also create one or more '.h' files containing system-dependent
+definitions.  Finally, it creates a shell script 'config.status' that
+you can run in the future to recreate the current configuration, and a
+file 'config.log' containing compiler output (useful mainly for
+debugging 'configure').
+
+   It can also use an optional file (typically called 'config.cache' and
+enabled with '--cache-file=config.cache' or simply '-C') that saves the
+results of its tests to speed up reconfiguring.  Caching is disabled by
+default to prevent problems with accidental use of stale cache files.
+
+   If you need to do unusual things to compile the package, please try
+to figure out how 'configure' could check whether to do them, and mail
+diffs or instructions to the address given in the 'README' so they can
+be considered for the next release.  If you are using the cache, and at
+some point 'config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+   The file 'configure.ac' (or 'configure.in') is used to create
+'configure' by a program called 'autoconf'.  You need 'configure.ac' if
+you want to change it or regenerate 'configure' using a newer version of
+'autoconf'.
+
+   The simplest way to compile this package is:
+
+  1. 'cd' to the directory containing the package's source code and type
+     './configure' to configure the package for your system.
+
+     Running 'configure' might take a while.  While running, it prints
+     some messages telling which features it is checking for.
+
+  2. Type 'make' to compile the package.
+
+  3. Optionally, type 'make check' to run any self-tests that come with
+     the package, generally using the just-built uninstalled binaries.
+
+  4. Type 'make install' to install the programs and any data files and
+     documentation.  When installing into a prefix owned by root, it is
+     recommended that the package be configured and built as a regular
+     user, and only the 'make install' phase executed with root
+     privileges.
+
+  5. Optionally, type 'make installcheck' to repeat any self-tests, but
+     this time using the binaries in their final installed location.
+     This target does not install anything.  Running this target as a
+     regular user, particularly if the prior 'make install' required
+     root privileges, verifies that the installation completed
+     correctly.
+
+  6. You can remove the program binaries and object files from the
+     source code directory by typing 'make clean'.  To also remove the
+     files that 'configure' created (so you can compile the package for
+     a different kind of computer), type 'make distclean'.  There is
+     also a 'make maintainer-clean' target, but that is intended mainly
+     for the package's developers.  If you use it, you may have to get
+     all sorts of other programs in order to regenerate files that came
+     with the distribution.
+
+  7. Often, you can also type 'make uninstall' to remove the installed
+     files again.  In practice, not all packages have tested that
+     uninstallation works correctly, even though it is required by the
+     GNU Coding Standards.
+
+  8. Some packages, particularly those that use Automake, provide 'make
+     distcheck', which can by used by developers to test that all other
+     targets like 'make install' and 'make uninstall' work correctly.
+     This target is generally not run by end users.
+
+Compilers and Options
+=====================
+
+   Some systems require unusual options for compilation or linking that
+the 'configure' script does not know about.  Run './configure --help'
+for details on some of the pertinent environment variables.
+
+   You can give 'configure' initial values for configuration parameters
+by setting variables in the command line or in the environment.  Here is
+an example:
+
+     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+   *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+   You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory.  To do this, you can use GNU 'make'.  'cd' to the
+directory where you want the object files and executables to go and run
+the 'configure' script.  'configure' automatically checks for the source
+code in the directory that 'configure' is in and in '..'.  This is known
+as a "VPATH" build.
+
+   With a non-GNU 'make', it is safer to compile the package for one
+architecture at a time in the source code directory.  After you have
+installed the package for one architecture, use 'make distclean' before
+reconfiguring for another architecture.
+
+   On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple '-arch' options to the
+compiler but only a single '-arch' option to the preprocessor.  Like
+this:
+
+     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+                 CPP="gcc -E" CXXCPP="g++ -E"
+
+   This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the 'lipo' tool if you have problems.
+
+Installation Names
+==================
+
+   By default, 'make install' installs the package's commands under
+'/usr/local/bin', include files under '/usr/local/include', etc.  You
+can specify an installation prefix other than '/usr/local' by giving
+'configure' the option '--prefix=PREFIX', where PREFIX must be an
+absolute file name.
+
+   You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files.  If you
+pass the option '--exec-prefix=PREFIX' to 'configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+   In addition, if you use an unusual directory layout you can give
+options like '--bindir=DIR' to specify different values for particular
+kinds of files.  Run 'configure --help' for a list of the directories
+you can set and what kinds of files go in them.  In general, the default
+for these options is expressed in terms of '${prefix}', so that
+specifying just '--prefix' will affect all of the other directory
+specifications that were not explicitly provided.
+
+   The most portable way to affect installation locations is to pass the
+correct locations to 'configure'; however, many packages provide one or
+both of the following shortcuts of passing variable assignments to the
+'make install' command line to change installation locations without
+having to reconfigure or recompile.
+
+   The first method involves providing an override variable for each
+affected directory.  For example, 'make install
+prefix=/alternate/directory' will choose an alternate location for all
+directory configuration variables that were expressed in terms of
+'${prefix}'.  Any directories that were specified during 'configure',
+but not in terms of '${prefix}', must each be overridden at install time
+for the entire installation to be relocated.  The approach of makefile
+variable overrides for each directory variable is required by the GNU
+Coding Standards, and ideally causes no recompilation.  However, some
+platforms have known limitations with the semantics of shared libraries
+that end up requiring recompilation when using this method, particularly
+noticeable in packages that use GNU Libtool.
+
+   The second method involves providing the 'DESTDIR' variable.  For
+example, 'make install DESTDIR=/alternate/directory' will prepend
+'/alternate/directory' before all installation names.  The approach of
+'DESTDIR' overrides is not required by the GNU Coding Standards, and
+does not work on platforms that have drive letters.  On the other hand,
+it does better at avoiding recompilation issues, and works well even
+when some directory options were not specified in terms of '${prefix}'
+at 'configure' time.
+
+Optional Features
+=================
+
+   If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving 'configure' the
+option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'.
+
+   Some packages pay attention to '--enable-FEATURE' options to
+'configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to '--with-PACKAGE' options, where PACKAGE
+is something like 'gnu-as' or 'x' (for the X Window System).  The
+'README' should mention any '--enable-' and '--with-' options that the
+package recognizes.
+
+   For packages that use the X Window System, 'configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the 'configure' options '--x-includes=DIR' and
+'--x-libraries=DIR' to specify their locations.
+
+   Some packages offer the ability to configure how verbose the
+execution of 'make' will be.  For these packages, running './configure
+--enable-silent-rules' sets the default to minimal output, which can be
+overridden with 'make V=1'; while running './configure
+--disable-silent-rules' sets the default to verbose, which can be
+overridden with 'make V=0'.
+
+Particular systems
+==================
+
+   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU CC
+is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+   HP-UX 'make' updates targets which have the same time stamps as their
+prerequisites, which makes it generally unusable when shipped generated
+files such as 'configure' are involved.  Use GNU 'make' instead.
+
+   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its '<wchar.h>' header file.  The option '-nodtk' can be used as a
+workaround.  If GNU CC is not installed, it is therefore recommended to
+try
+
+     ./configure CC="cc"
+
+and if that doesn't work, try
+
+     ./configure CC="cc -nodtk"
+
+   On Solaris, don't put '/usr/ucb' early in your 'PATH'.  This
+directory contains several dysfunctional programs; working variants of
+these programs are available in '/usr/bin'.  So, if you need '/usr/ucb'
+in your 'PATH', put it _after_ '/usr/bin'.
+
+   On Haiku, software installed for all users goes in '/boot/common',
+not '/usr/local'.  It is recommended to use the following options:
+
+     ./configure --prefix=/boot/common
+
+Specifying the System Type
+==========================
+
+   There may be some features 'configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on.  Usually, assuming the package is built to be run on the
+_same_ architectures, 'configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+'--build=TYPE' option.  TYPE can either be a short name for the system
+type, such as 'sun4', or a canonical name which has the form:
+
+     CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+     OS
+     KERNEL-OS
+
+   See the file 'config.sub' for the possible values of each field.  If
+'config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+   If you are _building_ compiler tools for cross-compiling, you should
+use the option '--target=TYPE' to select the type of system they will
+produce code for.
+
+   If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with '--host=TYPE'.
+
+Sharing Defaults
+================
+
+   If you want to set default values for 'configure' scripts to share,
+you can create a site shell script called 'config.site' that gives
+default values for variables like 'CC', 'cache_file', and 'prefix'.
+'configure' looks for 'PREFIX/share/config.site' if it exists, then
+'PREFIX/etc/config.site' if it exists.  Or, you can set the
+'CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all 'configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+   Variables not defined in a site shell script can be set in the
+environment passed to 'configure'.  However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost.  In order to avoid this problem, you should set
+them in the 'configure' command line, using 'VAR=value'.  For example:
+
+     ./configure CC=/usr/local2/bin/gcc
+
+causes the specified 'gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an
+Autoconf limitation.  Until the limitation is lifted, you can use this
+workaround:
+
+     CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+'configure' Invocation
+======================
+
+   'configure' recognizes the following options to control how it
+operates.
+
+'--help'
+'-h'
+     Print a summary of all of the options to 'configure', and exit.
+
+'--help=short'
+'--help=recursive'
+     Print a summary of the options unique to this package's
+     'configure', and exit.  The 'short' variant lists options used only
+     in the top level, while the 'recursive' variant lists options also
+     present in any nested packages.
+
+'--version'
+'-V'
+     Print the version of Autoconf used to generate the 'configure'
+     script, and exit.
+
+'--cache-file=FILE'
+     Enable the cache: use and save the results of the tests in FILE,
+     traditionally 'config.cache'.  FILE defaults to '/dev/null' to
+     disable caching.
+
+'--config-cache'
+'-C'
+     Alias for '--cache-file=config.cache'.
+
+'--quiet'
+'--silent'
+'-q'
+     Do not print messages saying which checks are being made.  To
+     suppress all normal output, redirect it to '/dev/null' (any error
+     messages will still be shown).
+
+'--srcdir=DIR'
+     Look for the package's source code in directory DIR.  Usually
+     'configure' can determine that directory automatically.
+
+'--prefix=DIR'
+     Use DIR as the installation prefix.  *note Installation Names:: for
+     more details, including other options available for fine-tuning the
+     installation locations.
+
+'--no-create'
+'-n'
+     Run the configure checks, but stop before creating any output
+     files.
+
+'configure' also accepts some other, not widely useful, options.  Run
+'configure --help' for more details.

Added: mod_pkcs7/trunk/Makefile.am
==============================================================================
--- mod_pkcs7/trunk/Makefile.am	(added)
+++ mod_pkcs7/trunk/Makefile.am	Tue Feb 25 01:17:26 2020
@@ -0,0 +1,11 @@
+
+
+EXTRA_DIST = mod_pkcs7.c mod_pkcs7.spec
+
+all-local:
+	$(APXS) "-Wc,${CFLAGS}" -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_pkcs7.c
+
+install-exec-local: 
+	if test -z "$${LIBEXECDIR}"; then LIBEXECDIR=`$(APXS) -q LIBEXECDIR`; fi;\
+	mkdir -p $(DESTDIR)$${LIBEXECDIR}; \
+	$(APXS) "-Wc,${CFLAGS}" -S LIBEXECDIR=$(DESTDIR)$${LIBEXECDIR} -c -i $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_pkcs7.c

Added: mod_pkcs7/trunk/NEWS
==============================================================================
--- mod_pkcs7/trunk/NEWS	(added)
+++ mod_pkcs7/trunk/NEWS	Tue Feb 25 01:17:26 2020
@@ -0,0 +1,2 @@
+No news is good news.
+

Added: mod_pkcs7/trunk/README
==============================================================================
--- mod_pkcs7/trunk/README	(added)
+++ mod_pkcs7/trunk/README	Tue Feb 25 01:17:26 2020
@@ -0,0 +1,13 @@
+
+A basic configuration:
+
+<IfModule mod_ca_simple.c>
+  CASimpleCertificate /etc/pki/ca/ca-cert.pem
+</IfModule>
+
+<IfModule mod_pkcs7.c>
+<Location /ca.p7b>
+  SetHandler pkcs7-ca
+</Location>
+</IfModule>
+

Added: mod_pkcs7/trunk/configure.ac
==============================================================================
--- mod_pkcs7/trunk/configure.ac	(added)
+++ mod_pkcs7/trunk/configure.ac	Tue Feb 25 01:17:26 2020
@@ -0,0 +1,66 @@
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+AC_PREREQ(2.59)
+AC_INIT(mod_pkcs7, 0.2.0, dev-rs at redwax.eu)
+AM_INIT_AUTOMAKE([dist-bzip2])
+AC_CONFIG_FILES([Makefile mod_pkcs7.spec])
+AC_CONFIG_SRCDIR([mod_pkcs7.c])
+
+# Checks for programs.
+AC_PROG_CC
+AC_ARG_WITH(apxs,
+    [  --with-apxs=PATH        path to Apache apxs],
+    [
+        if test "$withval" = "yes"; then
+            AC_CHECK_PROGS(APXS, apxs /usr/sbin/apxs, reject)
+        else
+            APXS=$withval
+            AC_SUBST(APXS)
+        fi
+    ],
+    [
+        AC_CHECK_PROGS(APXS, apxs /usr/sbin/apxs, reject)
+    ])
+if test "$APXS" = "reject"; then
+  AC_MSG_ERROR([Could not find apxs on the path.])
+fi
+
+# Make sure the Apache include files are found
+CPPFLAGS="$CPPFLAGS -I`$APXS -q INCLUDEDIR`"
+CFLAGS="$CFLAGS -I`$APXS -q INCLUDEDIR`"
+
+AC_ARG_WITH(install,
+    [  --with-install=PATH     path to install],
+    [
+        if test "$withval" = "yes"; then
+            AC_CHECK_PROGS(INSTALL, install /usr/sbin/install, reject)
+        else
+            APXS=$withval
+            AC_SUBST(INSTALL)
+        fi
+    ],
+    [
+        AC_CHECK_PROGS(INSTALL, install /usr/sbin/install, reject)
+    ])
+if test "$INSTALL" = "reject"; then
+  AC_MSG_ERROR([Could not find install on the path.])
+fi
+
+# Checks for libraries.
+PKG_CHECK_MODULES(apr, apr-1 >= 1.3)
+PKG_CHECK_MODULES(apu, apr-util-1 >= 1.3)
+PKG_CHECK_MODULES(openssl, openssl >= 0.9.8)
+LIBS="$LIBS $openssl_LIBS $apr_LIBS $apu_LIBS"
+
+# Checks for header files.
+AC_CHECK_HEADERS([mod_ca.h])
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_TYPE_SIZE_T
+
+# Checks for library functions.
+AC_CHECK_FUNCS([strcasecmp])
+
+AC_SUBST(PACKAGE_VERSION)
+AC_OUTPUT

Added: mod_pkcs7/trunk/mod_pkcs7.c
==============================================================================
--- mod_pkcs7/trunk/mod_pkcs7.c	(added)
+++ mod_pkcs7/trunk/mod_pkcs7.c	Tue Feb 25 01:17:26 2020
@@ -0,0 +1,604 @@
+/* Licensed to Stichting The Commons Conservancy (TCC) under one or more
+ * contributor license agreements.  See the AUTHORS file distributed with
+ * this work for additional information regarding copyright ownership.
+ * TCC licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Generate and return certificates backed by mod_ca.
+ *
+ *  Author: Graham Leggett
+ *
+ */
+#include <apr_lib.h>
+#include <apr_sha1.h>
+#include <apr_strings.h>
+#include <apr_hash.h>
+#include <apr_uuid.h>
+#include <apr_base64.h>
+
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_protocol.h"
+#include "http_request.h"
+#include "util_script.h"
+
+#include "mod_ca.h"
+
+module AP_MODULE_DECLARE_DATA pkcs7_module;
+
+typedef enum
+{
+    ENCODING_DER, ENCODING_PEM, ENCODING_XPEM
+} encoding_t;
+
+#define DEFAULT_CERT_ENCODING ENCODING_DER
+#define DEFAULT_FRESHNESS 2
+#define DEFAULT_FRESHNESS_MAX 3600*24
+
+typedef struct
+{
+    encoding_t encoding;
+    int encoding_set;
+    int freshness;
+    int freshness_max;
+    int freshness_set;
+    const char *location;
+    int location_set;
+} cert_config_rec;
+
+static void *create_pkcs7_dir_config(apr_pool_t *p, char *d)
+{
+    cert_config_rec *conf = apr_pcalloc(p, sizeof(cert_config_rec));
+
+    conf->encoding = DEFAULT_CERT_ENCODING;
+    conf->freshness = DEFAULT_FRESHNESS;
+    conf->freshness_max = DEFAULT_FRESHNESS_MAX;
+
+    return conf;
+}
+
+static void *merge_pkcs7_dir_config(apr_pool_t *p, void *basev, void *addv)
+{
+    cert_config_rec *new = (cert_config_rec *) apr_pcalloc(p,
+            sizeof(cert_config_rec));
+    cert_config_rec *add = (cert_config_rec *) addv;
+    cert_config_rec *base = (cert_config_rec *) basev;
+
+    new->encoding = (add->encoding_set == 0) ? base->encoding : add->encoding;
+    new->encoding_set = add->encoding_set || base->encoding_set;
+    new->freshness =
+            (add->freshness_set == 0) ? base->freshness : add->freshness;
+    new->freshness_max =
+            (add->freshness_set == 0) ? base->freshness_max :
+                    add->freshness_max;
+    new->freshness_set = add->freshness_set || base->freshness_set;
+    new->location = (add->location_set == 0) ? base->location : add->location;
+    new->location_set = add->location_set || base->location_set;
+
+    return new;
+}
+
+static const char *set_pkcs7_encoding(cmd_parms *cmd, void *dconf,
+        const char *arg)
+{
+    cert_config_rec *conf = dconf;
+
+    if (!strcmp(arg, "der")) {
+        conf->encoding = ENCODING_DER;
+    }
+    else if (!strcmp(arg, "pem")) {
+        conf->encoding = ENCODING_PEM;
+    }
+    else if (!strcmp(arg, "x-pem")) {
+        conf->encoding = ENCODING_XPEM;
+    }
+    else {
+        return apr_psprintf(cmd->pool,
+                "The encoding '%s' wasn't 'pem', 'x-pem' or 'der'.", arg);
+    }
+    conf->encoding_set = 1;
+
+    return NULL;
+}
+
+static const char *set_pkcs7_freshness(cmd_parms *cmd, void *dconf,
+        const char *arg, const char *max)
+{
+    cert_config_rec *conf = dconf;
+
+    conf->freshness = atoi(arg);
+    if (max) {
+        conf->freshness_max = atoi(max);
+    }
+    conf->freshness_set = 1;
+
+    if (conf->freshness < 0 || conf->freshness_max < 0) {
+        return "CertFreshness must specify a positive integer (or integers)";
+    }
+
+    return NULL;
+}
+
+static const char *set_location(cmd_parms *cmd, void *dconf, const char *arg)
+{
+    cert_config_rec *conf = dconf;
+
+    conf->location = arg;
+    conf->location_set = 1;
+
+    return NULL;
+}
+
+static const command_rec pkcs7_cmds[] =
+{
+    AP_INIT_TAKE1("Pkcs7Encoding",
+        set_pkcs7_encoding, NULL, RSRC_CONF | ACCESS_CONF,
+        "Set to the default encoding to be returned if not specified. Must be \"pem\", \"x-pem\" or \"der\". Defaults to \"der\"."),
+    AP_INIT_TAKE12("Pkcs7Freshness",
+        set_pkcs7_freshness, NULL, RSRC_CONF | ACCESS_CONF,
+        "The age of the certificate will be divided by this factor when added as a max-age, set to zero to disable. Defaults to \"2\". An optional maximum value can be specified, defaults to one day."),
+    AP_INIT_TAKE1("Pkcs7Location",
+        set_location, NULL, RSRC_CONF | ACCESS_CONF,
+        "Set to the location of the certificate service."),
+    { NULL }
+};
+
+static void log_message(request_rec *r, apr_status_t status,
+        const char *message)
+{
+    int len;
+    BIO *mem = BIO_new(BIO_s_mem());
+    char *err = apr_palloc(r->pool, HUGE_STRING_LEN);
+
+    ERR_print_errors(mem);
+
+    len = BIO_gets(mem, err, HUGE_STRING_LEN - 1);
+    if (len > -1) {
+        err[len] = 0;
+    }
+
+    apr_table_setn(r->notes, "error-notes",
+            apr_pstrcat(r->pool, "Certificate could not be returned: ", ap_escape_html(
+                    r->pool, message), NULL));
+
+    /* Allow "error-notes" string to be printed by ap_send_error_response() */
+    apr_table_setn(r->notes, "verbose-error-to", "*");
+
+    if (len > 0) {
+        ap_log_rerror(
+                APLOG_MARK, APLOG_ERR, status, r, "%s (%s)", message, err);
+    }
+    else {
+        ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, "%s", message);
+    }
+
+    BIO_free(mem);
+}
+
+static apr_status_t pkcs7_BIO_cleanup(void *data)
+{
+    BIO_free((BIO *) data);
+    return APR_SUCCESS;
+}
+
+static apr_status_t pkcs7_X509_cleanup(void *data)
+{
+    X509_free((X509 *) data);
+    return APR_SUCCESS;
+}
+
+static apr_status_t pkcs7_PKCS7_cleanup(void *data)
+{
+    PKCS7_free((PKCS7 *) data);
+    return APR_SUCCESS;
+}
+
+static encoding_t detect_encoding(request_rec *r)
+{
+    cert_config_rec *conf = ap_get_module_config(r->per_dir_config,
+            &pkcs7_module);
+
+	encoding_t encoding = conf->encoding;
+    const char *accept_encoding = apr_table_get(r->headers_in,
+            "Accept-Encoding");
+    const char *vary = apr_table_get(r->headers_out, "Vary");
+
+    /* what content encoding have we been asked for? */
+    if (!accept_encoding) {
+        encoding = conf->encoding;
+    }
+    else {
+        char *last, *token, *value;
+        if (!vary) {
+            apr_table_setn(r->headers_out, "Vary", "Accept-Encoding");
+        }
+        else {
+            if (!ap_find_list_item(r->pool, vary, "encoding")) {
+                apr_table_setn(r->headers_out, "Vary",
+                        apr_pstrcat(r->pool, vary, ",", "Accept-Encoding",
+                                NULL));
+            }
+        }
+
+        token = apr_strtok(apr_pstrdup(r->pool, accept_encoding), ",", &last);
+        while (token) {
+            char *param = strchr(token, ';');
+
+            if (param) {
+                value = apr_pstrndup(r->pool, token, param - token);
+            }
+            else {
+                value = token;
+            }
+
+            if (!strcmp(value, "identity")) {
+                encoding = ENCODING_DER;
+            }
+            else if (!strcmp(value, "pem")) {
+                encoding = ENCODING_PEM;
+            }
+            else if (!strcmp(value, "x-pem")) {
+                encoding = ENCODING_XPEM;
+            }
+            token = apr_strtok(NULL, ",", &last);
+        }
+    }
+
+    return encoding;
+}
+
+static int get_pkcs7(request_rec *r, const unsigned char *der, apr_size_t len,
+		apr_time_t validity)
+{
+    apr_sha1_ctx_t sha1;
+    apr_byte_t digest[APR_SHA1_DIGESTSIZE];
+
+    apr_bucket_brigade *bb = apr_brigade_create(r->pool,
+            r->connection->bucket_alloc);
+    apr_bucket *e;
+    char *etag;
+    const unsigned char *tmp;
+
+    PKCS7 *p7 = NULL;
+    X509 *cert = NULL;
+
+    cert_config_rec *conf = ap_get_module_config(r->per_dir_config,
+            &pkcs7_module);
+
+    apr_off_t offset;
+    apr_status_t status;
+    int rv;
+	encoding_t encoding;
+
+    /* discard the request body */
+    if ((rv = ap_discard_request_body(r)) != OK) {
+        return rv;
+    }
+
+    /* create a new signed data PKCS#7 */
+    p7 = PKCS7_new();
+    if (!p7) {
+        log_message(r, APR_SUCCESS,
+                "could not create a PKCS7 degenerate response");
+
+        return HTTP_INTERNAL_SERVER_ERROR;
+    }
+    else {
+        apr_pool_cleanup_register(r->pool, p7, pkcs7_PKCS7_cleanup,
+                apr_pool_cleanup_null);
+    }
+
+    PKCS7_set_type(p7, NID_pkcs7_signed);
+    PKCS7_content_new(p7, NID_pkcs7_data);
+
+    tmp = der;
+    if (!d2i_X509(&cert, &tmp, len)) {
+        log_message(r, APR_SUCCESS, "could not DER decode the CA certificate");
+
+        return HTTP_INTERNAL_SERVER_ERROR;
+    }
+    apr_pool_cleanup_register(r->pool, cert, pkcs7_X509_cleanup,
+            apr_pool_cleanup_null);
+
+    if (!PKCS7_add_certificate(p7, cert)) {
+        log_message(r, APR_SUCCESS,
+                "could not add the CA certificate to the degenerate PKCS7 response");
+
+        return HTTP_INTERNAL_SERVER_ERROR;
+    }
+
+
+    encoding = detect_encoding(r);
+
+    /* handle delivery */
+    apr_sha1_init(&sha1);
+    switch (encoding) {
+    case ENCODING_PEM:
+    case ENCODING_XPEM: {
+        char buf[APR_BUCKET_BUFF_SIZE];
+
+        /* write out the PEM encoded pkcs7 structure */
+        BIO *out = BIO_new(BIO_s_mem());
+        apr_pool_cleanup_register(r->pool, out, pkcs7_BIO_cleanup,
+                apr_pool_cleanup_null);
+
+        if (!PEM_write_bio_PKCS7(out, p7)) {
+            log_message(r, APR_SUCCESS,
+                    "could not PEM encode the PKCS7 certificate response");
+
+            return HTTP_INTERNAL_SERVER_ERROR;
+        }
+
+        /* content type */
+        ap_set_content_type(r, "application/pkcs7-mime");
+        apr_table_set(r->headers_out, "Content-Disposition",
+                "inline, filename=ca-cert.p7b");
+        apr_table_setn(r->headers_out, "Content-Encoding",
+                encoding == ENCODING_PEM ? "pem" : "x-pem");
+
+        ap_set_content_length(r, BIO_ctrl_pending(out));
+        while ((offset = BIO_read(out, buf, sizeof(buf))) > 0) {
+            apr_sha1_update(&sha1, buf, offset);
+            apr_brigade_write(bb, NULL, NULL, buf, offset);
+        }
+
+        break;
+    }
+    case ENCODING_DER: {
+
+        ap_set_content_type(r, "application/x-pkcs7-certificates");
+        apr_sha1_update_binary(&sha1, der, len);
+        ap_set_content_length(r, len);
+
+        e = apr_bucket_pool_create((const char *) der, len, r->pool,
+                r->connection->bucket_alloc);
+        APR_BRIGADE_INSERT_TAIL(bb, e);
+
+        break;
+    }
+    }
+
+    apr_sha1_final(digest, &sha1);
+    etag = apr_palloc(r->pool, 31);
+    apr_base64_encode_binary(etag + 1, digest, sizeof(digest));
+    etag[0] = '\"';
+    etag[29] = '\"';
+    etag[30] = 0;
+
+    apr_table_setn(r->headers_out, "ETag", etag);
+
+    /* handle freshness lifetime for caching */
+    if (!apr_table_get(r->headers_out, "Cache-Control")) {
+        apr_off_t delta = apr_time_sec(validity - apr_time_now());
+        delta = delta > 0 ? conf->freshness ? delta / conf->freshness : 0 : 0;
+        delta = delta < conf->freshness_max ? delta : conf->freshness_max;
+        apr_table_setn(r->headers_out, "Cache-Control",
+                apr_psprintf(r->pool, "max-age=%" APR_OFF_T_FMT, delta));
+    }
+
+    if ((rv = ap_meets_conditions(r)) != OK) {
+        r->status = rv;
+        apr_brigade_cleanup(bb);
+    }
+    else {
+        apr_brigade_length(bb, 1, &offset);
+        len = offset;
+    }
+
+    e = apr_bucket_eos_create(r->connection->bucket_alloc);
+    APR_BRIGADE_INSERT_TAIL(bb, e);
+
+    status = ap_pass_brigade(r->output_filters, bb);
+    if (status == APR_SUCCESS || r->status != HTTP_OK
+            || r->connection->aborted) {
+        return OK;
+    }
+    else {
+        /* no way to know what type of error occurred */
+        ap_log_rerror(
+                APLOG_MARK, APLOG_DEBUG, status, r, "pkcs7_handler: ap_pass_brigade returned %i", status);
+        return HTTP_INTERNAL_SERVER_ERROR;
+    }
+
+    /* ready to leave */
+    return OK;
+}
+
+static int options_wadl(request_rec *r, cert_config_rec *conf)
+{
+    int rv;
+
+    /* discard the request body */
+    if ((rv = ap_discard_request_body(r)) != OK) {
+        return rv;
+    }
+
+    ap_set_content_type(r, "application/vnd.sun.wadl+xml");
+
+    ap_rprintf(r,
+            "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+                    "<wadl:application xmlns:wadl=\"http://wadl.dev.java.net/2009/02\"\n"
+                    "                  xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n"
+                    "                  xsi:schemaLocation=\"http://wadl.dev.java.net/2009/02 file:wadl.xsd\">\n"
+                    " <wadl:resources base=\"%s\">\n"
+                    "  <wadl:resource path=\"/\">\n"
+                    "   <wadl:method name=\"GET\" id=\"cert\">\n"
+                    "    <wadl:request>\n"
+                    "    </wadl:request>\n"
+                    "    <wadl:response status=\"500\">\n"
+                    "     <wadl:representation mediaType=\"text/html\">\n"
+                    "      <wadl:doc>On a configuration error, 500 Internal Server Error will be returned,\n"
+                    "                and the server error log will contain full details of the\n"
+                    "                error.</wadl:doc>\n"
+                    "     </wadl:representation>\n"
+                    "    </wadl:response>\n"
+                    "    <wadl:response status=\"304\">\n"
+                    "     <wadl:representation mediaType=\"application/x-pkcs7-certificates\">\n"
+                    "      <wadl:doc>If the ETag specified within the If-None-Match header is unmodified\n"
+                    "                compared to the current ETag, 304 Not Modified is returned with no body..</wadl:doc>\n"
+                    "     </wadl:representation>\n"
+                    "    </wadl:response>\n"
+                    "    <wadl:response status=\"200\">\n"
+                    "     <wadl:representation mediaType=\"application/x-pkcs7-certificates\">\n"
+                    "      <wadl:doc>When the certificate is available, 200 OK will be returned\n"
+                    "                with the body containing the ASN.1 DER-encoded X509 certificate.</wadl:doc>\n"
+                    "     </wadl:representation>\n"
+                    "    </wadl:response>\n"
+                    "   </wadl:method>\n"
+                    "  </wadl:resource>\n"
+                    " </wadl:resources>\n"
+                    "</wadl:application>\n",
+            conf->location ? conf->location :
+                    apr_pstrcat(r->pool, ap_http_scheme(r), "://",
+                            r->server->server_hostname, r->uri, NULL));
+
+    return OK;
+}
+
+static int pkcs7_getca_handler(request_rec *r)
+{
+    cert_config_rec *conf = ap_get_module_config(r->per_dir_config,
+            &pkcs7_module);
+
+    if (!conf || !r->handler || r->handler[0] != 'c'
+            || strcmp(r->handler, "cert-ca")) {
+        return DECLINED;
+    }
+
+    /* A GET should return the certificates, OPTIONS should return the WADL */
+    ap_allow_methods(r, 1, "GET", "OPTIONS", NULL);
+    if (!strcmp(r->method, "GET")) {
+
+        apr_size_t len;
+        const unsigned char *der;
+        apr_time_t validity;
+        int rv;
+
+        /* get the ca certificate */
+        rv = ap_run_ca_getca(r, &der, &len, &validity);
+        if (rv == DECLINED) {
+            log_message(r, APR_SUCCESS,
+                    "No module configured to return the CA certificate");
+
+            return HTTP_NOT_FOUND;
+        }
+        if (rv > OK) {
+            return rv;
+        }
+        if (!len) {
+            log_message(r, APR_SUCCESS,
+                    "No CA certificate is available");
+
+            return HTTP_NOT_FOUND;
+        }
+
+        return get_pkcs7(r, der, len, validity);
+    }
+    else if (!strcmp(r->method, "OPTIONS")) {
+        return options_wadl(r, conf);
+    }
+    else {
+        return HTTP_METHOD_NOT_ALLOWED;
+    }
+
+}
+
+static int pkcs7_getnextca_handler(request_rec *r)
+{
+    cert_config_rec *conf = ap_get_module_config(r->per_dir_config,
+            &pkcs7_module);
+
+    if (!conf || !r->handler || r->handler[0] != 'c'
+            || strcmp(r->handler, "cert-nextca")) {
+        return DECLINED;
+    }
+
+    /* A GET should return the certificates, OPTIONS should return the WADL */
+    ap_allow_methods(r, 1, "GET", "OPTIONS", NULL);
+    if (!strcmp(r->method, "GET")) {
+
+        apr_size_t len;
+        const unsigned char *der;
+        apr_time_t validity;
+        int rv;
+
+        /* get the next ca certificate */
+        rv = ap_run_ca_getnextca(r, &der, &len, &validity);
+        if (rv == DECLINED) {
+            log_message(r, APR_SUCCESS,
+                    "No module configured to return the next CA certificate");
+
+            return HTTP_NOT_FOUND;
+        }
+        if (rv > OK) {
+            return rv;
+        }
+        if (!len) {
+            log_message(r, APR_SUCCESS,
+                    "No next CA certificate is available");
+
+            return HTTP_NOT_FOUND;
+        }
+
+        return get_pkcs7(r, der, len, validity);
+    }
+    else if (!strcmp(r->method, "OPTIONS")) {
+        return options_wadl(r, conf);
+    }
+    else {
+        return HTTP_METHOD_NOT_ALLOWED;
+    }
+
+}
+
+static apr_status_t pkcs7_cleanup(void *data)
+{
+    ERR_free_strings();
+    EVP_cleanup();
+    return APR_SUCCESS;
+}
+
+static int pkcs7_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
+        apr_pool_t *ptemp)
+{
+    OpenSSL_add_all_algorithms();
+    ERR_load_crypto_strings();
+
+    apr_pool_cleanup_register(pconf, NULL, pkcs7_cleanup, apr_pool_cleanup_null);
+
+    return APR_SUCCESS;
+}
+
+static void register_hooks(apr_pool_t *p)
+{
+    ap_hook_pre_config(pkcs7_pre_config, NULL, NULL, APR_HOOK_MIDDLE);
+    ap_hook_handler(pkcs7_getca_handler, NULL, NULL, APR_HOOK_MIDDLE);
+    ap_hook_handler(pkcs7_getnextca_handler, NULL, NULL, APR_HOOK_MIDDLE);
+}
+
+module AP_MODULE_DECLARE_DATA pkcs7_module =
+{
+    STANDARD20_MODULE_STUFF, create_pkcs7_dir_config, /* dir config creater */
+    merge_pkcs7_dir_config, /* dir merger --- default is to override */
+    NULL, /* server config */
+    NULL, /* merge server config */
+    pkcs7_cmds, /* command apr_table_t */
+    register_hooks /* register hooks */
+};

Added: mod_pkcs7/trunk/mod_pkcs7.spec.in
==============================================================================
--- mod_pkcs7/trunk/mod_pkcs7.spec.in	(added)
+++ mod_pkcs7/trunk/mod_pkcs7.spec.in	Tue Feb 25 01:17:26 2020
@@ -0,0 +1,36 @@
+# RPM Spec file for @PACKAGE_NAME@
+
+Name:      @PACKAGE_NAME@
+Version:   @PACKAGE_VERSION@
+Release:   1%{?dist}
+Summary:   Redwax Apache certificate revocation list module
+License:   ASL 2.0
+Group:     System Environment/Daemons
+Source:    https://archive.redwax.eu/dist/rs/%{name}/%{name}-%{version}/%{name}-%{version}.tar.bz2
+Url:       https://redwax.eu/rs/
+BuildRequires: gcc, pkgconfig(apr-1), pkgconfig(apr-util-1), pkgconfig(openssl), mod_ca-devel
+Requires:  mod_ca
+
+%if 0%{?is_opensuse}
+%define moduledir %{_libdir}/apache2
+%else
+%define moduledir %{_libdir}/httpd/modules
+%endif
+
+%description
+The Apache mod_pkcs7 module exposes CA and other certificates within mod_ca
+as either PEM or DER encoded PKCS7 files.
+
+%prep
+%setup -q
+%build
+%configure
+%make_build
+
+%install
+%make_install
+
+%files
+%{moduledir}/%{name}.so
+
+



More information about the rs-commit mailing list