[rs-commit] r309 - in /mod_pkcs7/trunk: ./ AUTHORS COPYING ChangeLog INSTALL Makefile.am NEWS README configure.ac mod_pkcs7.c mod_pkcs7.spec.in
rs-commit at redwax.eu
rs-commit at redwax.eu
Tue Feb 25 01:17:27 CET 2020
Author: minfrin at redwax.eu
Date: Tue Feb 25 01:17:26 2020
New Revision: 309
Log:
Initial import of mod_pkcs7.
Added:
mod_pkcs7/trunk/AUTHORS
mod_pkcs7/trunk/COPYING
mod_pkcs7/trunk/ChangeLog
mod_pkcs7/trunk/INSTALL
mod_pkcs7/trunk/Makefile.am
mod_pkcs7/trunk/NEWS
mod_pkcs7/trunk/README
mod_pkcs7/trunk/configure.ac
mod_pkcs7/trunk/mod_pkcs7.c
mod_pkcs7/trunk/mod_pkcs7.spec.in
Modified:
mod_pkcs7/trunk/ (props changed)
Propchange: mod_pkcs7/trunk/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Tue Feb 25 01:17:26 2020
@@ -0,0 +1,18 @@
+aclocal.m4
+compile
+configure
+config.log
+config.h
+Makefile
+Makefile.in
+.project
+.cproject
+.settings
+.autotools
+*.slo
+*.spec
+config.status
+autom4te.cache
+missing
+install-sh
+
Added: mod_pkcs7/trunk/AUTHORS
==============================================================================
--- mod_pkcs7/trunk/AUTHORS (added)
+++ mod_pkcs7/trunk/AUTHORS Tue Feb 25 01:17:26 2020
@@ -0,0 +1,5 @@
+
+(C) 2020 Stichting The Commons Conservancy
+
+Written by: Graham Leggett <minfrin at redwax.eu>
+
Added: mod_pkcs7/trunk/COPYING
==============================================================================
--- mod_pkcs7/trunk/COPYING (added)
+++ mod_pkcs7/trunk/COPYING Tue Feb 25 01:17:26 2020
@@ -0,0 +1,177 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
Added: mod_pkcs7/trunk/ChangeLog
==============================================================================
--- mod_pkcs7/trunk/ChangeLog (added)
+++ mod_pkcs7/trunk/ChangeLog Tue Feb 25 01:17:26 2020
@@ -0,0 +1,5 @@
+
+Changes with v0.2.0
+
+ *) Initial import of mod_pkcs7. [Graham Leggett]
+
Added: mod_pkcs7/trunk/INSTALL
==============================================================================
--- mod_pkcs7/trunk/INSTALL (added)
+++ mod_pkcs7/trunk/INSTALL Tue Feb 25 01:17:26 2020
@@ -0,0 +1,368 @@
+Installation Instructions
+*************************
+
+ Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software
+Foundation, Inc.
+
+ Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved. This file is offered as-is,
+without warranty of any kind.
+
+Basic Installation
+==================
+
+ Briefly, the shell command './configure && make && make install'
+should configure, build, and install this package. The following
+more-detailed instructions are generic; see the 'README' file for
+instructions specific to this package. Some packages provide this
+'INSTALL' file but do not implement all of the features documented
+below. The lack of an optional feature in a given package is not
+necessarily a bug. More recommendations for GNU packages can be found
+in *note Makefile Conventions: (standards)Makefile Conventions.
+
+ The 'configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation. It uses
+those values to create a 'Makefile' in each directory of the package.
+It may also create one or more '.h' files containing system-dependent
+definitions. Finally, it creates a shell script 'config.status' that
+you can run in the future to recreate the current configuration, and a
+file 'config.log' containing compiler output (useful mainly for
+debugging 'configure').
+
+ It can also use an optional file (typically called 'config.cache' and
+enabled with '--cache-file=config.cache' or simply '-C') that saves the
+results of its tests to speed up reconfiguring. Caching is disabled by
+default to prevent problems with accidental use of stale cache files.
+
+ If you need to do unusual things to compile the package, please try
+to figure out how 'configure' could check whether to do them, and mail
+diffs or instructions to the address given in the 'README' so they can
+be considered for the next release. If you are using the cache, and at
+some point 'config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+ The file 'configure.ac' (or 'configure.in') is used to create
+'configure' by a program called 'autoconf'. You need 'configure.ac' if
+you want to change it or regenerate 'configure' using a newer version of
+'autoconf'.
+
+ The simplest way to compile this package is:
+
+ 1. 'cd' to the directory containing the package's source code and type
+ './configure' to configure the package for your system.
+
+ Running 'configure' might take a while. While running, it prints
+ some messages telling which features it is checking for.
+
+ 2. Type 'make' to compile the package.
+
+ 3. Optionally, type 'make check' to run any self-tests that come with
+ the package, generally using the just-built uninstalled binaries.
+
+ 4. Type 'make install' to install the programs and any data files and
+ documentation. When installing into a prefix owned by root, it is
+ recommended that the package be configured and built as a regular
+ user, and only the 'make install' phase executed with root
+ privileges.
+
+ 5. Optionally, type 'make installcheck' to repeat any self-tests, but
+ this time using the binaries in their final installed location.
+ This target does not install anything. Running this target as a
+ regular user, particularly if the prior 'make install' required
+ root privileges, verifies that the installation completed
+ correctly.
+
+ 6. You can remove the program binaries and object files from the
+ source code directory by typing 'make clean'. To also remove the
+ files that 'configure' created (so you can compile the package for
+ a different kind of computer), type 'make distclean'. There is
+ also a 'make maintainer-clean' target, but that is intended mainly
+ for the package's developers. If you use it, you may have to get
+ all sorts of other programs in order to regenerate files that came
+ with the distribution.
+
+ 7. Often, you can also type 'make uninstall' to remove the installed
+ files again. In practice, not all packages have tested that
+ uninstallation works correctly, even though it is required by the
+ GNU Coding Standards.
+
+ 8. Some packages, particularly those that use Automake, provide 'make
+ distcheck', which can by used by developers to test that all other
+ targets like 'make install' and 'make uninstall' work correctly.
+ This target is generally not run by end users.
+
+Compilers and Options
+=====================
+
+ Some systems require unusual options for compilation or linking that
+the 'configure' script does not know about. Run './configure --help'
+for details on some of the pertinent environment variables.
+
+ You can give 'configure' initial values for configuration parameters
+by setting variables in the command line or in the environment. Here is
+an example:
+
+ ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+ *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+ You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory. To do this, you can use GNU 'make'. 'cd' to the
+directory where you want the object files and executables to go and run
+the 'configure' script. 'configure' automatically checks for the source
+code in the directory that 'configure' is in and in '..'. This is known
+as a "VPATH" build.
+
+ With a non-GNU 'make', it is safer to compile the package for one
+architecture at a time in the source code directory. After you have
+installed the package for one architecture, use 'make distclean' before
+reconfiguring for another architecture.
+
+ On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple '-arch' options to the
+compiler but only a single '-arch' option to the preprocessor. Like
+this:
+
+ ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+ CPP="gcc -E" CXXCPP="g++ -E"
+
+ This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the 'lipo' tool if you have problems.
+
+Installation Names
+==================
+
+ By default, 'make install' installs the package's commands under
+'/usr/local/bin', include files under '/usr/local/include', etc. You
+can specify an installation prefix other than '/usr/local' by giving
+'configure' the option '--prefix=PREFIX', where PREFIX must be an
+absolute file name.
+
+ You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files. If you
+pass the option '--exec-prefix=PREFIX' to 'configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+ In addition, if you use an unusual directory layout you can give
+options like '--bindir=DIR' to specify different values for particular
+kinds of files. Run 'configure --help' for a list of the directories
+you can set and what kinds of files go in them. In general, the default
+for these options is expressed in terms of '${prefix}', so that
+specifying just '--prefix' will affect all of the other directory
+specifications that were not explicitly provided.
+
+ The most portable way to affect installation locations is to pass the
+correct locations to 'configure'; however, many packages provide one or
+both of the following shortcuts of passing variable assignments to the
+'make install' command line to change installation locations without
+having to reconfigure or recompile.
+
+ The first method involves providing an override variable for each
+affected directory. For example, 'make install
+prefix=/alternate/directory' will choose an alternate location for all
+directory configuration variables that were expressed in terms of
+'${prefix}'. Any directories that were specified during 'configure',
+but not in terms of '${prefix}', must each be overridden at install time
+for the entire installation to be relocated. The approach of makefile
+variable overrides for each directory variable is required by the GNU
+Coding Standards, and ideally causes no recompilation. However, some
+platforms have known limitations with the semantics of shared libraries
+that end up requiring recompilation when using this method, particularly
+noticeable in packages that use GNU Libtool.
+
+ The second method involves providing the 'DESTDIR' variable. For
+example, 'make install DESTDIR=/alternate/directory' will prepend
+'/alternate/directory' before all installation names. The approach of
+'DESTDIR' overrides is not required by the GNU Coding Standards, and
+does not work on platforms that have drive letters. On the other hand,
+it does better at avoiding recompilation issues, and works well even
+when some directory options were not specified in terms of '${prefix}'
+at 'configure' time.
+
+Optional Features
+=================
+
+ If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving 'configure' the
+option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'.
+
+ Some packages pay attention to '--enable-FEATURE' options to
+'configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to '--with-PACKAGE' options, where PACKAGE
+is something like 'gnu-as' or 'x' (for the X Window System). The
+'README' should mention any '--enable-' and '--with-' options that the
+package recognizes.
+
+ For packages that use the X Window System, 'configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the 'configure' options '--x-includes=DIR' and
+'--x-libraries=DIR' to specify their locations.
+
+ Some packages offer the ability to configure how verbose the
+execution of 'make' will be. For these packages, running './configure
+--enable-silent-rules' sets the default to minimal output, which can be
+overridden with 'make V=1'; while running './configure
+--disable-silent-rules' sets the default to verbose, which can be
+overridden with 'make V=0'.
+
+Particular systems
+==================
+
+ On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC
+is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+ ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+ HP-UX 'make' updates targets which have the same time stamps as their
+prerequisites, which makes it generally unusable when shipped generated
+files such as 'configure' are involved. Use GNU 'make' instead.
+
+ On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its '<wchar.h>' header file. The option '-nodtk' can be used as a
+workaround. If GNU CC is not installed, it is therefore recommended to
+try
+
+ ./configure CC="cc"
+
+and if that doesn't work, try
+
+ ./configure CC="cc -nodtk"
+
+ On Solaris, don't put '/usr/ucb' early in your 'PATH'. This
+directory contains several dysfunctional programs; working variants of
+these programs are available in '/usr/bin'. So, if you need '/usr/ucb'
+in your 'PATH', put it _after_ '/usr/bin'.
+
+ On Haiku, software installed for all users goes in '/boot/common',
+not '/usr/local'. It is recommended to use the following options:
+
+ ./configure --prefix=/boot/common
+
+Specifying the System Type
+==========================
+
+ There may be some features 'configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on. Usually, assuming the package is built to be run on the
+_same_ architectures, 'configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+'--build=TYPE' option. TYPE can either be a short name for the system
+type, such as 'sun4', or a canonical name which has the form:
+
+ CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+ OS
+ KERNEL-OS
+
+ See the file 'config.sub' for the possible values of each field. If
+'config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+ If you are _building_ compiler tools for cross-compiling, you should
+use the option '--target=TYPE' to select the type of system they will
+produce code for.
+
+ If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with '--host=TYPE'.
+
+Sharing Defaults
+================
+
+ If you want to set default values for 'configure' scripts to share,
+you can create a site shell script called 'config.site' that gives
+default values for variables like 'CC', 'cache_file', and 'prefix'.
+'configure' looks for 'PREFIX/share/config.site' if it exists, then
+'PREFIX/etc/config.site' if it exists. Or, you can set the
+'CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all 'configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+ Variables not defined in a site shell script can be set in the
+environment passed to 'configure'. However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost. In order to avoid this problem, you should set
+them in the 'configure' command line, using 'VAR=value'. For example:
+
+ ./configure CC=/usr/local2/bin/gcc
+
+causes the specified 'gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an
+Autoconf limitation. Until the limitation is lifted, you can use this
+workaround:
+
+ CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+'configure' Invocation
+======================
+
+ 'configure' recognizes the following options to control how it
+operates.
+
+'--help'
+'-h'
+ Print a summary of all of the options to 'configure', and exit.
+
+'--help=short'
+'--help=recursive'
+ Print a summary of the options unique to this package's
+ 'configure', and exit. The 'short' variant lists options used only
+ in the top level, while the 'recursive' variant lists options also
+ present in any nested packages.
+
+'--version'
+'-V'
+ Print the version of Autoconf used to generate the 'configure'
+ script, and exit.
+
+'--cache-file=FILE'
+ Enable the cache: use and save the results of the tests in FILE,
+ traditionally 'config.cache'. FILE defaults to '/dev/null' to
+ disable caching.
+
+'--config-cache'
+'-C'
+ Alias for '--cache-file=config.cache'.
+
+'--quiet'
+'--silent'
+'-q'
+ Do not print messages saying which checks are being made. To
+ suppress all normal output, redirect it to '/dev/null' (any error
+ messages will still be shown).
+
+'--srcdir=DIR'
+ Look for the package's source code in directory DIR. Usually
+ 'configure' can determine that directory automatically.
+
+'--prefix=DIR'
+ Use DIR as the installation prefix. *note Installation Names:: for
+ more details, including other options available for fine-tuning the
+ installation locations.
+
+'--no-create'
+'-n'
+ Run the configure checks, but stop before creating any output
+ files.
+
+'configure' also accepts some other, not widely useful, options. Run
+'configure --help' for more details.
Added: mod_pkcs7/trunk/Makefile.am
==============================================================================
--- mod_pkcs7/trunk/Makefile.am (added)
+++ mod_pkcs7/trunk/Makefile.am Tue Feb 25 01:17:26 2020
@@ -0,0 +1,11 @@
+
+
+EXTRA_DIST = mod_pkcs7.c mod_pkcs7.spec
+
+all-local:
+ $(APXS) "-Wc,${CFLAGS}" -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_pkcs7.c
+
+install-exec-local:
+ if test -z "$${LIBEXECDIR}"; then LIBEXECDIR=`$(APXS) -q LIBEXECDIR`; fi;\
+ mkdir -p $(DESTDIR)$${LIBEXECDIR}; \
+ $(APXS) "-Wc,${CFLAGS}" -S LIBEXECDIR=$(DESTDIR)$${LIBEXECDIR} -c -i $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_pkcs7.c
Added: mod_pkcs7/trunk/NEWS
==============================================================================
--- mod_pkcs7/trunk/NEWS (added)
+++ mod_pkcs7/trunk/NEWS Tue Feb 25 01:17:26 2020
@@ -0,0 +1,2 @@
+No news is good news.
+
Added: mod_pkcs7/trunk/README
==============================================================================
--- mod_pkcs7/trunk/README (added)
+++ mod_pkcs7/trunk/README Tue Feb 25 01:17:26 2020
@@ -0,0 +1,13 @@
+
+A basic configuration:
+
+<IfModule mod_ca_simple.c>
+ CASimpleCertificate /etc/pki/ca/ca-cert.pem
+</IfModule>
+
+<IfModule mod_pkcs7.c>
+<Location /ca.p7b>
+ SetHandler pkcs7-ca
+</Location>
+</IfModule>
+
Added: mod_pkcs7/trunk/configure.ac
==============================================================================
--- mod_pkcs7/trunk/configure.ac (added)
+++ mod_pkcs7/trunk/configure.ac Tue Feb 25 01:17:26 2020
@@ -0,0 +1,66 @@
+# -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+
+AC_PREREQ(2.59)
+AC_INIT(mod_pkcs7, 0.2.0, dev-rs at redwax.eu)
+AM_INIT_AUTOMAKE([dist-bzip2])
+AC_CONFIG_FILES([Makefile mod_pkcs7.spec])
+AC_CONFIG_SRCDIR([mod_pkcs7.c])
+
+# Checks for programs.
+AC_PROG_CC
+AC_ARG_WITH(apxs,
+ [ --with-apxs=PATH path to Apache apxs],
+ [
+ if test "$withval" = "yes"; then
+ AC_CHECK_PROGS(APXS, apxs /usr/sbin/apxs, reject)
+ else
+ APXS=$withval
+ AC_SUBST(APXS)
+ fi
+ ],
+ [
+ AC_CHECK_PROGS(APXS, apxs /usr/sbin/apxs, reject)
+ ])
+if test "$APXS" = "reject"; then
+ AC_MSG_ERROR([Could not find apxs on the path.])
+fi
+
+# Make sure the Apache include files are found
+CPPFLAGS="$CPPFLAGS -I`$APXS -q INCLUDEDIR`"
+CFLAGS="$CFLAGS -I`$APXS -q INCLUDEDIR`"
+
+AC_ARG_WITH(install,
+ [ --with-install=PATH path to install],
+ [
+ if test "$withval" = "yes"; then
+ AC_CHECK_PROGS(INSTALL, install /usr/sbin/install, reject)
+ else
+ APXS=$withval
+ AC_SUBST(INSTALL)
+ fi
+ ],
+ [
+ AC_CHECK_PROGS(INSTALL, install /usr/sbin/install, reject)
+ ])
+if test "$INSTALL" = "reject"; then
+ AC_MSG_ERROR([Could not find install on the path.])
+fi
+
+# Checks for libraries.
+PKG_CHECK_MODULES(apr, apr-1 >= 1.3)
+PKG_CHECK_MODULES(apu, apr-util-1 >= 1.3)
+PKG_CHECK_MODULES(openssl, openssl >= 0.9.8)
+LIBS="$LIBS $openssl_LIBS $apr_LIBS $apu_LIBS"
+
+# Checks for header files.
+AC_CHECK_HEADERS([mod_ca.h])
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_TYPE_SIZE_T
+
+# Checks for library functions.
+AC_CHECK_FUNCS([strcasecmp])
+
+AC_SUBST(PACKAGE_VERSION)
+AC_OUTPUT
Added: mod_pkcs7/trunk/mod_pkcs7.c
==============================================================================
--- mod_pkcs7/trunk/mod_pkcs7.c (added)
+++ mod_pkcs7/trunk/mod_pkcs7.c Tue Feb 25 01:17:26 2020
@@ -0,0 +1,604 @@
+/* Licensed to Stichting The Commons Conservancy (TCC) under one or more
+ * contributor license agreements. See the AUTHORS file distributed with
+ * this work for additional information regarding copyright ownership.
+ * TCC licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Generate and return certificates backed by mod_ca.
+ *
+ * Author: Graham Leggett
+ *
+ */
+#include <apr_lib.h>
+#include <apr_sha1.h>
+#include <apr_strings.h>
+#include <apr_hash.h>
+#include <apr_uuid.h>
+#include <apr_base64.h>
+
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_protocol.h"
+#include "http_request.h"
+#include "util_script.h"
+
+#include "mod_ca.h"
+
+module AP_MODULE_DECLARE_DATA pkcs7_module;
+
+typedef enum
+{
+ ENCODING_DER, ENCODING_PEM, ENCODING_XPEM
+} encoding_t;
+
+#define DEFAULT_CERT_ENCODING ENCODING_DER
+#define DEFAULT_FRESHNESS 2
+#define DEFAULT_FRESHNESS_MAX 3600*24
+
+typedef struct
+{
+ encoding_t encoding;
+ int encoding_set;
+ int freshness;
+ int freshness_max;
+ int freshness_set;
+ const char *location;
+ int location_set;
+} cert_config_rec;
+
+static void *create_pkcs7_dir_config(apr_pool_t *p, char *d)
+{
+ cert_config_rec *conf = apr_pcalloc(p, sizeof(cert_config_rec));
+
+ conf->encoding = DEFAULT_CERT_ENCODING;
+ conf->freshness = DEFAULT_FRESHNESS;
+ conf->freshness_max = DEFAULT_FRESHNESS_MAX;
+
+ return conf;
+}
+
+static void *merge_pkcs7_dir_config(apr_pool_t *p, void *basev, void *addv)
+{
+ cert_config_rec *new = (cert_config_rec *) apr_pcalloc(p,
+ sizeof(cert_config_rec));
+ cert_config_rec *add = (cert_config_rec *) addv;
+ cert_config_rec *base = (cert_config_rec *) basev;
+
+ new->encoding = (add->encoding_set == 0) ? base->encoding : add->encoding;
+ new->encoding_set = add->encoding_set || base->encoding_set;
+ new->freshness =
+ (add->freshness_set == 0) ? base->freshness : add->freshness;
+ new->freshness_max =
+ (add->freshness_set == 0) ? base->freshness_max :
+ add->freshness_max;
+ new->freshness_set = add->freshness_set || base->freshness_set;
+ new->location = (add->location_set == 0) ? base->location : add->location;
+ new->location_set = add->location_set || base->location_set;
+
+ return new;
+}
+
+static const char *set_pkcs7_encoding(cmd_parms *cmd, void *dconf,
+ const char *arg)
+{
+ cert_config_rec *conf = dconf;
+
+ if (!strcmp(arg, "der")) {
+ conf->encoding = ENCODING_DER;
+ }
+ else if (!strcmp(arg, "pem")) {
+ conf->encoding = ENCODING_PEM;
+ }
+ else if (!strcmp(arg, "x-pem")) {
+ conf->encoding = ENCODING_XPEM;
+ }
+ else {
+ return apr_psprintf(cmd->pool,
+ "The encoding '%s' wasn't 'pem', 'x-pem' or 'der'.", arg);
+ }
+ conf->encoding_set = 1;
+
+ return NULL;
+}
+
+static const char *set_pkcs7_freshness(cmd_parms *cmd, void *dconf,
+ const char *arg, const char *max)
+{
+ cert_config_rec *conf = dconf;
+
+ conf->freshness = atoi(arg);
+ if (max) {
+ conf->freshness_max = atoi(max);
+ }
+ conf->freshness_set = 1;
+
+ if (conf->freshness < 0 || conf->freshness_max < 0) {
+ return "CertFreshness must specify a positive integer (or integers)";
+ }
+
+ return NULL;
+}
+
+static const char *set_location(cmd_parms *cmd, void *dconf, const char *arg)
+{
+ cert_config_rec *conf = dconf;
+
+ conf->location = arg;
+ conf->location_set = 1;
+
+ return NULL;
+}
+
+static const command_rec pkcs7_cmds[] =
+{
+ AP_INIT_TAKE1("Pkcs7Encoding",
+ set_pkcs7_encoding, NULL, RSRC_CONF | ACCESS_CONF,
+ "Set to the default encoding to be returned if not specified. Must be \"pem\", \"x-pem\" or \"der\". Defaults to \"der\"."),
+ AP_INIT_TAKE12("Pkcs7Freshness",
+ set_pkcs7_freshness, NULL, RSRC_CONF | ACCESS_CONF,
+ "The age of the certificate will be divided by this factor when added as a max-age, set to zero to disable. Defaults to \"2\". An optional maximum value can be specified, defaults to one day."),
+ AP_INIT_TAKE1("Pkcs7Location",
+ set_location, NULL, RSRC_CONF | ACCESS_CONF,
+ "Set to the location of the certificate service."),
+ { NULL }
+};
+
+static void log_message(request_rec *r, apr_status_t status,
+ const char *message)
+{
+ int len;
+ BIO *mem = BIO_new(BIO_s_mem());
+ char *err = apr_palloc(r->pool, HUGE_STRING_LEN);
+
+ ERR_print_errors(mem);
+
+ len = BIO_gets(mem, err, HUGE_STRING_LEN - 1);
+ if (len > -1) {
+ err[len] = 0;
+ }
+
+ apr_table_setn(r->notes, "error-notes",
+ apr_pstrcat(r->pool, "Certificate could not be returned: ", ap_escape_html(
+ r->pool, message), NULL));
+
+ /* Allow "error-notes" string to be printed by ap_send_error_response() */
+ apr_table_setn(r->notes, "verbose-error-to", "*");
+
+ if (len > 0) {
+ ap_log_rerror(
+ APLOG_MARK, APLOG_ERR, status, r, "%s (%s)", message, err);
+ }
+ else {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, "%s", message);
+ }
+
+ BIO_free(mem);
+}
+
+static apr_status_t pkcs7_BIO_cleanup(void *data)
+{
+ BIO_free((BIO *) data);
+ return APR_SUCCESS;
+}
+
+static apr_status_t pkcs7_X509_cleanup(void *data)
+{
+ X509_free((X509 *) data);
+ return APR_SUCCESS;
+}
+
+static apr_status_t pkcs7_PKCS7_cleanup(void *data)
+{
+ PKCS7_free((PKCS7 *) data);
+ return APR_SUCCESS;
+}
+
+static encoding_t detect_encoding(request_rec *r)
+{
+ cert_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &pkcs7_module);
+
+ encoding_t encoding = conf->encoding;
+ const char *accept_encoding = apr_table_get(r->headers_in,
+ "Accept-Encoding");
+ const char *vary = apr_table_get(r->headers_out, "Vary");
+
+ /* what content encoding have we been asked for? */
+ if (!accept_encoding) {
+ encoding = conf->encoding;
+ }
+ else {
+ char *last, *token, *value;
+ if (!vary) {
+ apr_table_setn(r->headers_out, "Vary", "Accept-Encoding");
+ }
+ else {
+ if (!ap_find_list_item(r->pool, vary, "encoding")) {
+ apr_table_setn(r->headers_out, "Vary",
+ apr_pstrcat(r->pool, vary, ",", "Accept-Encoding",
+ NULL));
+ }
+ }
+
+ token = apr_strtok(apr_pstrdup(r->pool, accept_encoding), ",", &last);
+ while (token) {
+ char *param = strchr(token, ';');
+
+ if (param) {
+ value = apr_pstrndup(r->pool, token, param - token);
+ }
+ else {
+ value = token;
+ }
+
+ if (!strcmp(value, "identity")) {
+ encoding = ENCODING_DER;
+ }
+ else if (!strcmp(value, "pem")) {
+ encoding = ENCODING_PEM;
+ }
+ else if (!strcmp(value, "x-pem")) {
+ encoding = ENCODING_XPEM;
+ }
+ token = apr_strtok(NULL, ",", &last);
+ }
+ }
+
+ return encoding;
+}
+
+static int get_pkcs7(request_rec *r, const unsigned char *der, apr_size_t len,
+ apr_time_t validity)
+{
+ apr_sha1_ctx_t sha1;
+ apr_byte_t digest[APR_SHA1_DIGESTSIZE];
+
+ apr_bucket_brigade *bb = apr_brigade_create(r->pool,
+ r->connection->bucket_alloc);
+ apr_bucket *e;
+ char *etag;
+ const unsigned char *tmp;
+
+ PKCS7 *p7 = NULL;
+ X509 *cert = NULL;
+
+ cert_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &pkcs7_module);
+
+ apr_off_t offset;
+ apr_status_t status;
+ int rv;
+ encoding_t encoding;
+
+ /* discard the request body */
+ if ((rv = ap_discard_request_body(r)) != OK) {
+ return rv;
+ }
+
+ /* create a new signed data PKCS#7 */
+ p7 = PKCS7_new();
+ if (!p7) {
+ log_message(r, APR_SUCCESS,
+ "could not create a PKCS7 degenerate response");
+
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+ else {
+ apr_pool_cleanup_register(r->pool, p7, pkcs7_PKCS7_cleanup,
+ apr_pool_cleanup_null);
+ }
+
+ PKCS7_set_type(p7, NID_pkcs7_signed);
+ PKCS7_content_new(p7, NID_pkcs7_data);
+
+ tmp = der;
+ if (!d2i_X509(&cert, &tmp, len)) {
+ log_message(r, APR_SUCCESS, "could not DER decode the CA certificate");
+
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+ apr_pool_cleanup_register(r->pool, cert, pkcs7_X509_cleanup,
+ apr_pool_cleanup_null);
+
+ if (!PKCS7_add_certificate(p7, cert)) {
+ log_message(r, APR_SUCCESS,
+ "could not add the CA certificate to the degenerate PKCS7 response");
+
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+
+ encoding = detect_encoding(r);
+
+ /* handle delivery */
+ apr_sha1_init(&sha1);
+ switch (encoding) {
+ case ENCODING_PEM:
+ case ENCODING_XPEM: {
+ char buf[APR_BUCKET_BUFF_SIZE];
+
+ /* write out the PEM encoded pkcs7 structure */
+ BIO *out = BIO_new(BIO_s_mem());
+ apr_pool_cleanup_register(r->pool, out, pkcs7_BIO_cleanup,
+ apr_pool_cleanup_null);
+
+ if (!PEM_write_bio_PKCS7(out, p7)) {
+ log_message(r, APR_SUCCESS,
+ "could not PEM encode the PKCS7 certificate response");
+
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ /* content type */
+ ap_set_content_type(r, "application/pkcs7-mime");
+ apr_table_set(r->headers_out, "Content-Disposition",
+ "inline, filename=ca-cert.p7b");
+ apr_table_setn(r->headers_out, "Content-Encoding",
+ encoding == ENCODING_PEM ? "pem" : "x-pem");
+
+ ap_set_content_length(r, BIO_ctrl_pending(out));
+ while ((offset = BIO_read(out, buf, sizeof(buf))) > 0) {
+ apr_sha1_update(&sha1, buf, offset);
+ apr_brigade_write(bb, NULL, NULL, buf, offset);
+ }
+
+ break;
+ }
+ case ENCODING_DER: {
+
+ ap_set_content_type(r, "application/x-pkcs7-certificates");
+ apr_sha1_update_binary(&sha1, der, len);
+ ap_set_content_length(r, len);
+
+ e = apr_bucket_pool_create((const char *) der, len, r->pool,
+ r->connection->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, e);
+
+ break;
+ }
+ }
+
+ apr_sha1_final(digest, &sha1);
+ etag = apr_palloc(r->pool, 31);
+ apr_base64_encode_binary(etag + 1, digest, sizeof(digest));
+ etag[0] = '\"';
+ etag[29] = '\"';
+ etag[30] = 0;
+
+ apr_table_setn(r->headers_out, "ETag", etag);
+
+ /* handle freshness lifetime for caching */
+ if (!apr_table_get(r->headers_out, "Cache-Control")) {
+ apr_off_t delta = apr_time_sec(validity - apr_time_now());
+ delta = delta > 0 ? conf->freshness ? delta / conf->freshness : 0 : 0;
+ delta = delta < conf->freshness_max ? delta : conf->freshness_max;
+ apr_table_setn(r->headers_out, "Cache-Control",
+ apr_psprintf(r->pool, "max-age=%" APR_OFF_T_FMT, delta));
+ }
+
+ if ((rv = ap_meets_conditions(r)) != OK) {
+ r->status = rv;
+ apr_brigade_cleanup(bb);
+ }
+ else {
+ apr_brigade_length(bb, 1, &offset);
+ len = offset;
+ }
+
+ e = apr_bucket_eos_create(r->connection->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, e);
+
+ status = ap_pass_brigade(r->output_filters, bb);
+ if (status == APR_SUCCESS || r->status != HTTP_OK
+ || r->connection->aborted) {
+ return OK;
+ }
+ else {
+ /* no way to know what type of error occurred */
+ ap_log_rerror(
+ APLOG_MARK, APLOG_DEBUG, status, r, "pkcs7_handler: ap_pass_brigade returned %i", status);
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ /* ready to leave */
+ return OK;
+}
+
+static int options_wadl(request_rec *r, cert_config_rec *conf)
+{
+ int rv;
+
+ /* discard the request body */
+ if ((rv = ap_discard_request_body(r)) != OK) {
+ return rv;
+ }
+
+ ap_set_content_type(r, "application/vnd.sun.wadl+xml");
+
+ ap_rprintf(r,
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+ "<wadl:application xmlns:wadl=\"http://wadl.dev.java.net/2009/02\"\n"
+ " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n"
+ " xsi:schemaLocation=\"http://wadl.dev.java.net/2009/02 file:wadl.xsd\">\n"
+ " <wadl:resources base=\"%s\">\n"
+ " <wadl:resource path=\"/\">\n"
+ " <wadl:method name=\"GET\" id=\"cert\">\n"
+ " <wadl:request>\n"
+ " </wadl:request>\n"
+ " <wadl:response status=\"500\">\n"
+ " <wadl:representation mediaType=\"text/html\">\n"
+ " <wadl:doc>On a configuration error, 500 Internal Server Error will be returned,\n"
+ " and the server error log will contain full details of the\n"
+ " error.</wadl:doc>\n"
+ " </wadl:representation>\n"
+ " </wadl:response>\n"
+ " <wadl:response status=\"304\">\n"
+ " <wadl:representation mediaType=\"application/x-pkcs7-certificates\">\n"
+ " <wadl:doc>If the ETag specified within the If-None-Match header is unmodified\n"
+ " compared to the current ETag, 304 Not Modified is returned with no body..</wadl:doc>\n"
+ " </wadl:representation>\n"
+ " </wadl:response>\n"
+ " <wadl:response status=\"200\">\n"
+ " <wadl:representation mediaType=\"application/x-pkcs7-certificates\">\n"
+ " <wadl:doc>When the certificate is available, 200 OK will be returned\n"
+ " with the body containing the ASN.1 DER-encoded X509 certificate.</wadl:doc>\n"
+ " </wadl:representation>\n"
+ " </wadl:response>\n"
+ " </wadl:method>\n"
+ " </wadl:resource>\n"
+ " </wadl:resources>\n"
+ "</wadl:application>\n",
+ conf->location ? conf->location :
+ apr_pstrcat(r->pool, ap_http_scheme(r), "://",
+ r->server->server_hostname, r->uri, NULL));
+
+ return OK;
+}
+
+static int pkcs7_getca_handler(request_rec *r)
+{
+ cert_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &pkcs7_module);
+
+ if (!conf || !r->handler || r->handler[0] != 'c'
+ || strcmp(r->handler, "cert-ca")) {
+ return DECLINED;
+ }
+
+ /* A GET should return the certificates, OPTIONS should return the WADL */
+ ap_allow_methods(r, 1, "GET", "OPTIONS", NULL);
+ if (!strcmp(r->method, "GET")) {
+
+ apr_size_t len;
+ const unsigned char *der;
+ apr_time_t validity;
+ int rv;
+
+ /* get the ca certificate */
+ rv = ap_run_ca_getca(r, &der, &len, &validity);
+ if (rv == DECLINED) {
+ log_message(r, APR_SUCCESS,
+ "No module configured to return the CA certificate");
+
+ return HTTP_NOT_FOUND;
+ }
+ if (rv > OK) {
+ return rv;
+ }
+ if (!len) {
+ log_message(r, APR_SUCCESS,
+ "No CA certificate is available");
+
+ return HTTP_NOT_FOUND;
+ }
+
+ return get_pkcs7(r, der, len, validity);
+ }
+ else if (!strcmp(r->method, "OPTIONS")) {
+ return options_wadl(r, conf);
+ }
+ else {
+ return HTTP_METHOD_NOT_ALLOWED;
+ }
+
+}
+
+static int pkcs7_getnextca_handler(request_rec *r)
+{
+ cert_config_rec *conf = ap_get_module_config(r->per_dir_config,
+ &pkcs7_module);
+
+ if (!conf || !r->handler || r->handler[0] != 'c'
+ || strcmp(r->handler, "cert-nextca")) {
+ return DECLINED;
+ }
+
+ /* A GET should return the certificates, OPTIONS should return the WADL */
+ ap_allow_methods(r, 1, "GET", "OPTIONS", NULL);
+ if (!strcmp(r->method, "GET")) {
+
+ apr_size_t len;
+ const unsigned char *der;
+ apr_time_t validity;
+ int rv;
+
+ /* get the next ca certificate */
+ rv = ap_run_ca_getnextca(r, &der, &len, &validity);
+ if (rv == DECLINED) {
+ log_message(r, APR_SUCCESS,
+ "No module configured to return the next CA certificate");
+
+ return HTTP_NOT_FOUND;
+ }
+ if (rv > OK) {
+ return rv;
+ }
+ if (!len) {
+ log_message(r, APR_SUCCESS,
+ "No next CA certificate is available");
+
+ return HTTP_NOT_FOUND;
+ }
+
+ return get_pkcs7(r, der, len, validity);
+ }
+ else if (!strcmp(r->method, "OPTIONS")) {
+ return options_wadl(r, conf);
+ }
+ else {
+ return HTTP_METHOD_NOT_ALLOWED;
+ }
+
+}
+
+static apr_status_t pkcs7_cleanup(void *data)
+{
+ ERR_free_strings();
+ EVP_cleanup();
+ return APR_SUCCESS;
+}
+
+static int pkcs7_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
+ apr_pool_t *ptemp)
+{
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ apr_pool_cleanup_register(pconf, NULL, pkcs7_cleanup, apr_pool_cleanup_null);
+
+ return APR_SUCCESS;
+}
+
+static void register_hooks(apr_pool_t *p)
+{
+ ap_hook_pre_config(pkcs7_pre_config, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_hook_handler(pkcs7_getca_handler, NULL, NULL, APR_HOOK_MIDDLE);
+ ap_hook_handler(pkcs7_getnextca_handler, NULL, NULL, APR_HOOK_MIDDLE);
+}
+
+module AP_MODULE_DECLARE_DATA pkcs7_module =
+{
+ STANDARD20_MODULE_STUFF, create_pkcs7_dir_config, /* dir config creater */
+ merge_pkcs7_dir_config, /* dir merger --- default is to override */
+ NULL, /* server config */
+ NULL, /* merge server config */
+ pkcs7_cmds, /* command apr_table_t */
+ register_hooks /* register hooks */
+};
Added: mod_pkcs7/trunk/mod_pkcs7.spec.in
==============================================================================
--- mod_pkcs7/trunk/mod_pkcs7.spec.in (added)
+++ mod_pkcs7/trunk/mod_pkcs7.spec.in Tue Feb 25 01:17:26 2020
@@ -0,0 +1,36 @@
+# RPM Spec file for @PACKAGE_NAME@
+
+Name: @PACKAGE_NAME@
+Version: @PACKAGE_VERSION@
+Release: 1%{?dist}
+Summary: Redwax Apache certificate revocation list module
+License: ASL 2.0
+Group: System Environment/Daemons
+Source: https://archive.redwax.eu/dist/rs/%{name}/%{name}-%{version}/%{name}-%{version}.tar.bz2
+Url: https://redwax.eu/rs/
+BuildRequires: gcc, pkgconfig(apr-1), pkgconfig(apr-util-1), pkgconfig(openssl), mod_ca-devel
+Requires: mod_ca
+
+%if 0%{?is_opensuse}
+%define moduledir %{_libdir}/apache2
+%else
+%define moduledir %{_libdir}/httpd/modules
+%endif
+
+%description
+The Apache mod_pkcs7 module exposes CA and other certificates within mod_ca
+as either PEM or DER encoded PKCS7 files.
+
+%prep
+%setup -q
+%build
+%configure
+%make_build
+
+%install
+%make_install
+
+%files
+%{moduledir}/%{name}.so
+
+
More information about the rs-commit
mailing list