-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_ssl, configure: Require OpenSSL 0.9.8a or later. [Kaspar Brand]
+
*) mod_lua: Let the Inter-VM get/set functions work with a global
shared memory pool instead of a per-process pool. [Daniel Gruno]
fi
fi
- AC_MSG_CHECKING([for OpenSSL version >= 0.9.7])
+ AC_MSG_CHECKING([for OpenSSL version >= 0.9.8a])
AC_TRY_COMPILE([#include <openssl/opensslv.h>],[
#if !defined(OPENSSL_VERSION_NUMBER)
#error "Missing OpenSSL version"
#endif
-#if OPENSSL_VERSION_NUMBER < 0x0090700f
+#if OPENSSL_VERSION_NUMBER < 0x0090801f
#error "Unsupported OpenSSL version " OPENSSL_VERSION_TEXT
#endif],
[AC_MSG_RESULT(OK)
SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
"Strict SNI virtual host checking")
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
SSL_CMD_SRV(SRPVerifierFile, TAKE1,
"SRP verifier file "
"('/path/to/file' - created by srptool)")
mctx->stapling_force_url = NULL;
#endif
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
mctx->srp_vfile = NULL;
mctx->srp_unknown_user_seed = NULL;
mctx->srp_vbase = NULL;
sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET;
sc->proxy_ssl_check_peer_cn = SSL_ENABLED_UNSET;
sc->proxy_ssl_check_peer_name = SSL_ENABLED_UNSET;
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
sc->strict_sni_vhost_check = SSL_ENABLED_UNSET;
#endif
#ifdef HAVE_FIPS
cfgMerge(stapling_force_url, NULL);
#endif
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
cfgMergeString(srp_vfile);
cfgMergeString(srp_unknown_user_seed);
#endif
cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);
cfgMerge(proxy_ssl_check_peer_cn, SSL_ENABLED_UNSET);
cfgMerge(proxy_ssl_check_peer_name, SSL_ENABLED_UNSET);
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
cfgMerge(strict_sni_vhost_check, SSL_ENABLED_UNSET);
#endif
#ifdef HAVE_FIPS
const char *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag)
{
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
sc->strict_sni_vhost_check = flag ? SSL_ENABLED_TRUE : SSL_ENABLED_FALSE;
return NULL;
}
#endif
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg,
const char *arg)
return NULL;
}
-#endif /* OPENSSL_NO_SRP */
+#endif /* HAVE_SRP */
void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
{
** _________________________________________________________________
*/
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
#define KEYTYPES "RSA, DSA or ECC"
#else
#define KEYTYPES "RSA or DSA"
*/
if (mctx->pks->certs[SSL_AIDX_RSA] ||
mctx->pks->certs[SSL_AIDX_DSA]
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
|| mctx->pks->certs[SSL_AIDX_ECC]
#endif
)
}
}
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
static void ssl_init_ctx_tls_extensions(server_rec *s,
apr_pool_t *p,
apr_pool_t *ptemp,
}
#endif
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
/*
* TLS-SRP support
*/
#ifdef SSL_OP_NO_COMPRESSION
/* OpenSSL >= 1.0 only */
SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
-#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
+#else
sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
#endif
}
* Configure additional context ingredients
*/
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
#endif
if (mctx->pks) {
/* XXX: proxy support? */
ssl_init_ctx_cert_chain(s, p, ptemp, mctx);
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
ssl_init_ctx_tls_extensions(s, p, ptemp, mctx);
#endif
}
{
SSLModConfigRec *mc = myModConfig(s);
ssl_asn1_t *asn1;
- MODSSL_D2I_X509_CONST unsigned char *ptr;
+ const unsigned char *ptr;
const char *type = ssl_asn1_keystr(idx);
X509 *cert;
{
SSLModConfigRec *mc = myModConfig(s);
ssl_asn1_t *asn1;
- MODSSL_D2I_PrivateKey_CONST unsigned char *ptr;
+ const unsigned char *ptr;
const char *type = ssl_asn1_keystr(idx);
int pkey_type;
EVP_PKEY *pkey;
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
if (idx == SSL_AIDX_ECC)
pkey_type = EVP_PKEY_EC;
else
modssl_ctx_t *mctx)
{
const char *rsa_id, *dsa_id;
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
const char *ecc_id;
#endif
const char *vhost_id = mctx->sc->vhost_id;
int i;
int have_rsa, have_dsa;
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
int have_ecc;
#endif
rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
ecc_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_ECC);
#endif
have_rsa = ssl_server_import_cert(s, mctx, rsa_id, SSL_AIDX_RSA);
have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
have_ecc = ssl_server_import_cert(s, mctx, ecc_id, SSL_AIDX_ECC);
#endif
if (!(have_rsa || have_dsa
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
|| have_ecc
#endif
)) {
have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC);
#endif
if (!(have_rsa || have_dsa
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
|| have_ecc
#endif
)) {
ssl_die(s);
}
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
/* Enable ECDHE by configuring a default curve */
SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
klen = strlen(key);
if ((ps = (server_rec *)apr_hash_get(table, key, klen))) {
-#ifdef OPENSSL_NO_TLSEXT
+#ifndef HAVE_TLSEXT
int level = APLOG_WARNING;
const char *problem = "conflict";
#else
}
if (conflict) {
-#ifdef OPENSSL_NO_TLSEXT
+#ifndef HAVE_TLSEXT
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01917)
"Init: You should not use name-based "
"virtual hosts in conjunction with SSL!!");
{
MODSSL_CFG_ITEM_FREE(SSL_CTX_free, mctx->ssl_ctx);
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
if (mctx->srp_vbase != NULL) {
SRP_VBASE_free(mctx->srp_vbase);
mctx->srp_vbase = NULL;
server = sslconn->server;
if (sslconn->is_proxy) {
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
apr_ipsubnet_t *ip;
#endif
const char *hostname_note = apr_table_get(c->notes,
BOOL proxy_ssl_check_peer_ok = TRUE;
sc = mySrvConfig(server);
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
/*
* Enable SNI for backend requests. Make sure we don't do it for
* pure SSLv3 connections, and also prevent IP addresses
#include "util_md5.h"
static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s);
#endif
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLConnRec *sslconn;
const char *upgrade;
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
const char *servername;
#endif
SSL *ssl;
if (!ssl) {
return DECLINED;
}
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
char *host, *scope_id;
apr_port_t port;
return DECLINED;
}
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
/*
* Support for per-directory reconfigured SSL connection parameters
*
"SSL_SERVER_A_SIG",
"SSL_SESSION_ID",
"SSL_SESSION_RESUMED",
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
"SSL_SRP_USER",
"SSL_SRP_USERINFO",
#endif
SSLDirConfigRec *dc = myDirConfig(r);
apr_table_t *env = r->subprocess_env;
char *var, *val = "";
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
const char *servername;
#endif
STACK_OF(X509) *peer_certs;
/* the always present HTTPS (=HTTP over SSL) flag! */
apr_table_setn(env, "HTTPS", "on");
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
/* add content of SNI TLS extension (if supplied with ClientHello) */
if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
apr_table_set(env, "SSL_TLS_SNI", servername);
}
}
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
/*
* This callback function is executed when OpenSSL encounters an extended
* client hello with a server name indication extension ("SNI", cf. RFC 4366).
return 0;
}
-#endif /* OPENSSL_NO_TLSEXT */
+#endif /* HAVE_TLSEXT */
#ifdef HAVE_TLS_SESSION_TICKETS
/*
#endif /* HAVE_TLS_NPN */
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
{
return SSL_ERROR_NONE;
}
-#endif /* OPENSSL_NO_SRP */
+#endif /* HAVE_SRP */
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01966)
"Init: Failed to create pass phrase pipe '%s'",
sc->server->pphrase_dialog_path);
- PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
+ PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
memset(buf, 0, (unsigned int)bufsize);
return (-1);
}
}
else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */
#ifdef WIN32
- PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
+ PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
memset(buf, 0, (unsigned int)bufsize);
return (-1);
#else
i = EVP_read_pw_string(buf, bufsize, "", FALSE);
}
if (i != 0) {
- PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
+ PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
memset(buf, 0, (unsigned int)bufsize);
return (-1);
}
else if (ssl != NULL && strcEQ(var, "COMPRESS_METHOD")) {
result = ssl_var_lookup_ssl_compress_meth(ssl);
}
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
else if (ssl != NULL && strcEQ(var, "TLS_SNI")) {
result = apr_pstrdup(p, SSL_get_servername(ssl,
TLSEXT_NAMETYPE_host_name));
#endif
result = apr_pstrdup(p, flag ? "true" : "false");
}
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
else if (ssl != NULL && strcEQ(var, "SRP_USER")) {
if ((result = SSL_get_srp_username(ssl)) != NULL) {
result = apr_pstrdup(p, result);
* success and writes the string to the given bio. */
static int dump_extn_value(BIO *bio, ASN1_OCTET_STRING *str)
{
- MODSSL_D2I_ASN1_type_bytes_CONST unsigned char *pp = str->data;
+ const unsigned char *pp = str->data;
ASN1_STRING *ret = ASN1_STRING_new();
int rv = 0;
static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl)
{
char *result = "NULL";
-#if (OPENSSL_VERSION_NUMBER >= 0x00908000) && !defined(OPENSSL_NO_COMP)
+#ifndef OPENSSL_NO_COMP
SSL_SESSION *pSession = SSL_get_session(ssl);
if (pSession) {
#include <openssl/engine.h>
#endif
-#if (OPENSSL_VERSION_NUMBER < 0x0090700f)
-#error mod_ssl requires OpenSSL 0.9.7 or later
+#if (OPENSSL_VERSION_NUMBER < 0x0090801f)
+#error mod_ssl requires OpenSSL 0.9.8a or later
#endif
-/* ...shifting sands of OpenSSL... */
-#if (OPENSSL_VERSION_NUMBER >= 0x0090707f)
-#define MODSSL_D2I_SSL_SESSION_CONST const
-#else
-#define MODSSL_D2I_SSL_SESSION_CONST
-#endif
-
-#if (OPENSSL_VERSION_NUMBER >= 0x00908000)
-#define HAVE_GENERATE_EX
-#define MODSSL_D2I_ASN1_type_bytes_CONST const
-#define MODSSL_D2I_PrivateKey_CONST const
-#define MODSSL_D2I_X509_CONST const
+/**
+ * ...shifting sands of OpenSSL...
+ * Note: when adding support for new OpenSSL features, avoid explicit
+ * version number checks whenever possible, and use "feature-based"
+ * detection instead (check for definitions of constants or functions)
+ */
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000)
+#define MODSSL_SSL_CIPHER_CONST const
+#define MODSSL_SSL_METHOD_CONST const
#else
-#define MODSSL_D2I_ASN1_type_bytes_CONST
-#define MODSSL_D2I_PrivateKey_CONST
-#define MODSSL_D2I_X509_CONST
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x00908080 && !defined(OPENSSL_NO_OCSP) \
- && !defined(OPENSSL_NO_TLSEXT)
-#define HAVE_OCSP_STAPLING
-#if (OPENSSL_VERSION_NUMBER < 0x10000000)
-#define sk_OPENSSL_STRING_pop sk_pop
-#endif
+#define MODSSL_SSL_CIPHER_CONST
+#define MODSSL_SSL_METHOD_CONST
#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x009080a0) && defined(OPENSSL_FIPS)
+#if defined(OPENSSL_FIPS)
#define HAVE_FIPS
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10001000L && !defined(OPENSSL_NO_NEXTPROTONEG) \
- && !defined(OPENSSL_NO_TLSEXT)
-#define HAVE_TLS_NPN
+#if defined(SSL_OP_NO_TLSv1_2)
+#define HAVE_TLSV1_X
#endif
-#ifdef SSL_CONF_FLAG_FILE
+#if defined(SSL_CONF_FLAG_FILE)
#define HAVE_SSL_CONF_CMD
#endif
-#if (OPENSSL_VERSION_NUMBER >= 0x10000000)
-#define MODSSL_SSL_CIPHER_CONST const
-#define MODSSL_SSL_METHOD_CONST const
-#else
-#define MODSSL_SSL_CIPHER_CONST
-#define MODSSL_SSL_METHOD_CONST
-/* ECC support came along in OpenSSL 1.0.0 */
-#define OPENSSL_NO_EC
-#endif
+/**
+ * The following features all depend on TLS extension support.
+ * Within this block, check again for features (not version numbers).
+ */
+#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name)
-#ifndef PEM_F_DEF_CALLBACK
-#ifdef PEM_F_PEM_DEF_CALLBACK
-/** In OpenSSL 0.9.8 PEM_F_DEF_CALLBACK was renamed */
-#define PEM_F_DEF_CALLBACK PEM_F_PEM_DEF_CALLBACK
-#endif
+#define HAVE_TLSEXT
+
+/* ECC: make sure we have at least 1.0.0 */
+#if !defined(OPENSSL_NO_EC) && defined(TLSEXT_ECPOINTFORMAT_uncompressed)
+#define HAVE_ECC
#endif
-#ifndef OPENSSL_NO_TLSEXT
-#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
-#define OPENSSL_NO_TLSEXT
+/* OCSP stapling */
+#if !defined(OPENSSL_NO_OCSP) && defined(SSL_CTX_set_tlsext_status_cb)
+#define HAVE_OCSP_STAPLING
+#ifndef sk_OPENSSL_STRING_pop
+#define sk_OPENSSL_STRING_pop sk_pop
#endif
#endif
-#ifndef OPENSSL_NO_TLSEXT
-#ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
+/* TLS session tickets */
+#if defined(SSL_CTX_set_tlsext_ticket_key_cb)
#define HAVE_TLS_SESSION_TICKETS
#define TLSEXT_TICKET_KEY_LEN 48
#ifndef tlsext_tick_md
#endif
#endif
#endif
-#endif
-
-#ifdef SSL_OP_NO_TLSv1_2
-#define HAVE_TLSV1_X
-#endif
-#if !defined(OPENSSL_NO_COMP) && !defined(SSL_OP_NO_COMPRESSION) \
- && OPENSSL_VERSION_NUMBER < 0x00908000L
-#define OPENSSL_NO_COMP
+/* Next Protocol Negotiation */
+#if !defined(OPENSSL_NO_NEXTPROTONEG) && defined(OPENSSL_NPN_NEGOTIATED)
+#define HAVE_TLS_NPN
#endif
-/* SRP support came in OpenSSL 1.0.1 */
-#ifndef OPENSSL_NO_SRP
-#ifdef SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB
+/* Secure Remote Password */
+#if !defined(OPENSSL_NO_SRP) && defined(SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB)
+#define HAVE_SRP
#include <openssl/srp.h>
-#else
-#define OPENSSL_NO_SRP
-#endif
#endif
+#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
+
/* mod_ssl headers */
#include "ssl_util_ssl.h"
#define SSL_ALGO_UNKNOWN (0)
#define SSL_ALGO_RSA (1<<0)
#define SSL_ALGO_DSA (1<<1)
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
#define SSL_ALGO_ECC (1<<2)
#define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA|SSL_ALGO_ECC)
#else
#define SSL_AIDX_RSA (0)
#define SSL_AIDX_DSA (1)
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
#define SSL_AIDX_ECC (2)
#define SSL_AIDX_MAX (3)
#else
const char *stapling_force_url;
#endif
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
char *srp_vfile;
char *srp_unknown_user_seed;
SRP_VBASE *srp_vbase;
ssl_enabled_t proxy_ssl_check_peer_expire;
ssl_enabled_t proxy_ssl_check_peer_cn;
ssl_enabled_t proxy_ssl_check_peer_name;
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
ssl_enabled_t strict_sni_vhost_check;
#endif
#ifdef HAVE_FIPS
const char *ssl_cmd_SSLOpenSSLConfCmd(cmd_parms *cmd, void *dcfg, const char *arg1, const char *arg2);
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, const char *arg);
const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg, const char *arg);
#endif
SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
void ssl_callback_Info(const SSL *, int, int);
-#ifndef OPENSSL_NO_TLSEXT
+#ifdef HAVE_TLSEXT
int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
#endif
#ifdef HAVE_TLS_SESSION_TICKETS
void ssl_stapling_ex_init(void);
int ssl_stapling_init_cert(server_rec *s, modssl_ctx_t *mctx, X509 *x);
#endif
-#ifndef OPENSSL_NO_SRP
+#ifdef HAVE_SRP
int ssl_callback_SRPServerParams(SSL *, int *, void *);
#endif
SSLModConfigRec *mc = myModConfig(s);
unsigned char dest[SSL_SESSION_MAX_DER];
unsigned int destlen = SSL_SESSION_MAX_DER;
- MODSSL_D2I_SSL_SESSION_CONST unsigned char *ptr;
+ const unsigned char *ptr;
apr_status_t rv;
if (mc->sesscache->flags & AP_SOCACHE_FLAG_NOTMPSAFE) {
case EVP_PKEY_DSA:
t = SSL_ALGO_DSA;
break;
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
case EVP_PKEY_EC:
t = SSL_ALGO_ECC;
break;
case SSL_ALGO_DSA:
cp = "DSA";
break;
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
case SSL_ALGO_ECC:
cp = "ECC";
break;
apr_hash_set(table, key, klen, NULL);
}
-#ifndef OPENSSL_NO_EC
+#ifdef HAVE_ECC
static const char *ssl_asn1_key_types[] = {"RSA", "DSA", "ECC"};
#else
static const char *ssl_asn1_key_types[] = {"RSA", "DSA"};
projects / apache / commitdiff