mod_ssl: Check for RAND_egd() at configure time and only use it if present.
Fixes the build with LibreSSL which does not provide this function.
Submitted by: Bernard Spil <pil.oss gmail com>, stsp
Committed by: stsp
mod_ssl: Make the config parser complain if SSLRandomSeed specifies
the Entropy Gathering Daemon (EGD) as source while the underlying
SSL library does not support EGD (e.g. in case of LibreSSL).
Suggested and reviewed by: kbrand
Follow up to r1674542 and r1675410: CHANGES entry.
Submitted by: stsp, ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1679199 13f79535-47bb-0310-9956-
ffa450edef68
*) mod_status: Add more data to machine readable server-status produced
when using the "?auto" query string. [Rainer Jung]
+ *) mod_ssl: Check for the Entropy Gathering Daemon (EGD) availability at
+ configure time (RAND_egd), and complain if SSLRandomSeed requires using
+ it otherwise. [Bernard Spil <pil.oss gmail com>, Stefan Sperling,
+ Kaspar Brand]
+
*) mod_ssl: make sure to consistently output SSLCertificateChainFile
deprecation warnings, when encountered in a VirtualHost block.
[Falco Schwarz <hiding falco.me>]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_ssl: Check for the Entropy Gathering Daemon (EGD) availability at
- configure time (RAND_egd), and complain if SSLRandomSeed requires using
- it otherwise.
- trunk patch: http://svn.apache.org/r1674542
- http://svn.apache.org/r1675410
- http://svn.apache.org/r1676842
- 2.4.x patch: trunk works (modulo CHANGES)
- +1: ylavic, trawick, rjung
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
liberrors=""
AC_CHECK_HEADERS([openssl/engine.h])
AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
- AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
+ AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines RAND_egd])
if test "x$liberrors" != "x"; then
AC_MSG_WARN([OpenSSL libraries are unusable])
fi
seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5);
}
else if ((arg2len > 4) && strEQn(arg2, "egd:", 4)) {
+#ifdef HAVE_RAND_EGD
seed->nSrc = SSL_RSSRC_EGD;
seed->cpPath = ap_server_root_relative(mc->pPool, arg2+4);
+#else
+ return apr_pstrcat(cmd->pool, "Invalid SSLRandomSeed entropy source `",
+ arg2, "': This version of " MODSSL_LIBRARY_NAME
+ " does not support the Entropy Gathering Daemon "
+ "(EGD).", NULL);
+#endif
}
else if (strcEQ(arg2, "builtin")) {
seed->nSrc = SSL_RSSRC_BUILTIN;
nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
ssl_util_ppclose(s, p, fp);
}
+#ifdef HAVE_RAND_EGD
else if (pRandSeed->nSrc == SSL_RSSRC_EGD) {
/*
* seed in contents provided by the external
continue;
nDone += n;
}
+#endif
else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) {
struct {
time_t t;
projects / apache / commitdiff