sslsup.patch

mod_ssl-2.8.31-1.3.41.tar.gz 好用的ssl工具

+				echo "</IfDefine>" >>$(SRC)/.apaci.install.conf; \
+			fi; \
 		done; \
 		echo "" >>$(SRC)/.apaci.install.conf; \
 		echo "#  Reconstruction of the complete module list from all available modules" >>$(SRC)/.apaci.install.conf; \
 		echo "#  (static and shared ones) to achieve correct module execution order." >>$(SRC)/.apaci.install.conf; \
 		echo "#  [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]" >>$(SRC)/.apaci.install.conf; \
 		echo "ClearModuleList" >>$(SRC)/.apaci.install.conf; \
-		egrep "^[ 	]*(Add|Shared)Module" $(SRC)/Configuration.apaci |\
-		sed	-e 's:SharedModule:AddModule:' \
-			-e 's:modules/[^/]*/::' \
-			-e 's:[ 	]lib: mod_:' \
-			-e 's:\.[dsoam].*$$:.c:' >>$(SRC)/.apaci.install.conf; \
+		for mod in `egrep "^[ 	]*(Add|Shared)Module" $(SRC)/Configuration.apaci |\
+		            sed	-e 's:[ 	]*SharedModule::' \
+		                -e 's:[ 	]*AddModule::' \
+		                -e 's:modules/[^/]*/::' \
+		                -e 's:[ 	]lib: mod_:' \
+		                -e 's:\.[soam]*$$:.c:'`; do \
+			if [ ".$$mod" = .mod_ssl.c ]; then \
+				echo "<IfDefine SSL>" >>$(SRC)/.apaci.install.conf; \
+			fi; \
+			echo "AddModule $$mod" >>$(SRC)/.apaci.install.conf; \
+			if [ ".$$mod" = .mod_ssl.c ]; then \
+				echo "</IfDefine>" >>$(SRC)/.apaci.install.conf; \
+			fi; \
+		done; \
 	fi
 	@echo "<=== [programs]"
 
@@ -471,6 +545,15 @@
 		 echo ""; \
 		 cat $(TOP)/conf/$${conf}-dist ) |\
 		 sed -e '/# LoadModule/r $(TOP)/$(SRC)/.apaci.install.conf' \
+			-e "s;logs/ssl_mutex;$(runtimedir)/$${target_prefix}ssl_mutex;" \
+			-e "s;logs/ssl_scache;$(runtimedir)/$${target_prefix}ssl_scache;" \
+			-e "s;logs/ssl_engine_log;$(logfiledir)/$${target_prefix}ssl_engine_log;" \
+			-e "s;logs/ssl_request_log;$(logfiledir)/$${target_prefix}ssl_request_log;" \
+			-e 's;@@ServerRoot@@/conf/ssl.crt;$(sysconfdir)/ssl.crt;' \
+			-e 's;@@ServerRoot@@/conf/ssl.crl;$(sysconfdir)/ssl.crl;' \
+			-e 's;@@ServerRoot@@/conf/ssl.csr;$(sysconfdir)/ssl.csr;' \
+			-e 's;@@ServerRoot@@/conf/ssl.key;$(sysconfdir)/ssl.key;' \
+			-e 's;@@ServerRoot@@/conf/ssl.prm;$(sysconfdir)/ssl.prm;' \
 			-e 's;@@ServerRoot@@/htdocs/manual;$(manualdir);' \
 			-e 's;@@ServerRoot@@/htdocs;$(htdocsdir);' \
 			-e 's;@@ServerRoot@@/icons;$(iconsdir);' \
@@ -493,9 +576,12 @@
 			-e 's;Group #-1;Group $(conf_group);' \
 			-e 's;^Group "#-1";Group $(conf_group);' \
 			-e 's;Port 80;Port $(conf_port);' \
+			-e 's;Listen 80;Listen $(conf_port);' \
+			-e 's;Listen 443;Listen $(conf_port_ssl);' \
 			-e 's;ServerAdmin you@your.address;ServerAdmin $(conf_serveradmin);' \
 			-e 's;ServerName new.host.name;ServerName $(conf_servername);' \
-			> $(TOP)/$(SRC)/.apaci.install.tmp && \
+			-e 's;VirtualHost _default_:443;VirtualHost _default_:$(conf_port_ssl);' \
+        	> $(TOP)/$(SRC)/.apaci.install.tmp && \
 		echo "$(INSTALL_DATA) $(TOP)/conf/$${conf}-dist[*] $(root)$(sysconfdir)/$${target_conf}.default"; \
 		$(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sysconfdir)/$${target_conf}.default; \
 		if [ ! -f "$(root)$(sysconfdir)/$${target_conf}" ]; then \
@@ -515,6 +601,91 @@
 			echo "[PRESERVING EXISTING CONFIG FILE: $(root)$(sysconfdir)/$${conf}]"; \
 		fi; \
 	done
+	-@if [ ".$(ssl)" = .1 ]; then \
+		echo "chmod 755 $(root)$(sysconfdir)/ssl.crt"; \
+		chmod 755 $(root)$(sysconfdir)/ssl.crt; \
+		echo "chmod 755 $(root)$(sysconfdir)/ssl.crl"; \
+		chmod 755 $(root)$(sysconfdir)/ssl.crl; \
+		echo "chmod 755 $(root)$(sysconfdir)/ssl.csr"; \
+		chmod 755 $(root)$(sysconfdir)/ssl.csr; \
+		echo "chmod 700 $(root)$(sysconfdir)/ssl.key"; \
+		chmod 700 $(root)$(sysconfdir)/ssl.key; \
+		echo "chmod 755 $(root)$(sysconfdir)/ssl.prm"; \
+		chmod 755 $(root)$(sysconfdir)/ssl.prm; \
+		if [ ! -f "$(root)$(sysconfdir)/ssl.crt/README.CRT" ]; then \
+			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.crt/README.CRT $(root)$(sysconfdir)/ssl.crt/README.CRT"; \
+			$(INSTALL) $(TOP)/conf/ssl.crt/README.CRT $(root)$(sysconfdir)/ssl.crt/README.CRT; \
+			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.crt/Makefile $(root)$(sysconfdir)/ssl.crt/Makefile"; \
+			$(INSTALL) $(TOP)/conf/ssl.crt/Makefile $(root)$(sysconfdir)/ssl.crt/Makefile; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/ca-bundle.crt $(root)$(sysconfdir)/ssl.crt/ca-bundle.crt"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/ca-bundle.crt $(root)$(sysconfdir)/ssl.crt/ca-bundle.crt; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/snakeoil-ca-rsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-ca-rsa.crt"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/snakeoil-ca-rsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-ca-rsa.crt; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/snakeoil-ca-dsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-ca-dsa.crt"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/snakeoil-ca-dsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-ca-dsa.crt; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/snakeoil-rsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-rsa.crt"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/snakeoil-rsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-rsa.crt; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/snakeoil-dsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-dsa.crt"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/snakeoil-dsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-dsa.crt; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/server.crt $(root)$(sysconfdir)/ssl.crt/server.crt"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/server.crt $(root)$(sysconfdir)/ssl.crt/server.crt; \
+			if [ -f "$(TOP)/conf/ssl.crt/ca.crt" ]; then \
+				echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/ca.crt $(root)$(sysconfdir)/ssl.crt/ca.crt"; \
+				$(INSTALL) -m 400 $(TOP)/conf/ssl.crt/ca.crt $(root)$(sysconfdir)/ssl.crt/ca.crt; \
+			fi; \
+		else \
+			echo "[PRESERVING EXISTING CERTIFICATE FILES: $(root)$(sysconfdir)/ssl.crt/*]"; \
+		fi; \
+		echo "Updating hash symlinks in $(root)$(sysconfdir)/ssl.crt/:"; \
+		SSL_PROGRAM="`grep '^SSL_PROGRAM=' $(TOP)/$(SRC)/Makefile.config | sed -e 's:^.*=::'`"; \
+		(cd $(root)$(sysconfdir)/ssl.crt/ && $(MAKE) $(MFLAGS) SSL_PROGRAM=$$SSL_PROGRAM); \
+		if [ ! -f "$(root)$(sysconfdir)/ssl.csr/README.CSR" ]; then \
+			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.csr/README.CSR $(root)$(sysconfdir)/ssl.csr/README.CSR"; \
+			$(INSTALL) $(TOP)/conf/ssl.csr/README.CSR $(root)$(sysconfdir)/ssl.csr/README.CSR; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.csr/server.csr $(root)$(sysconfdir)/ssl.csr/server.csr"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.csr/server.csr $(root)$(sysconfdir)/ssl.csr/server.csr; \
+		else \
+			echo "[PRESERVING EXISTING CSR FILES: $(root)$(sysconfdir)/ssl.csr/*]"; \
+		fi; \
+		if [ ! -f "$(root)$(sysconfdir)/ssl.crl/README.CRL" ]; then \
+			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.crl/README.CRL $(root)$(sysconfdir)/ssl.crl/README.CRL"; \
+			$(INSTALL) $(TOP)/conf/ssl.crl/README.CRL $(root)$(sysconfdir)/ssl.crl/README.CRL; \
+			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.crl/Makefile $(root)$(sysconfdir)/ssl.crl/Makefile"; \
+			$(INSTALL) $(TOP)/conf/ssl.crl/Makefile $(root)$(sysconfdir)/ssl.crl/Makefile; \
+		else \
+			echo "[PRESERVING EXISTING CRL FILES: $(root)$(sysconfdir)/ssl.crl/*]"; \
+		fi; \
+		if [ ! -f "$(root)$(sysconfdir)/ssl.key/README.KEY" ]; then \
+			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.key/README.KEY $(root)$(sysconfdir)/ssl.key/README.KEY"; \
+			$(INSTALL) $(TOP)/conf/ssl.key/README.KEY $(root)$(sysconfdir)/ssl.key/README.KEY; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/snakeoil-ca-rsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-ca-rsa.key"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.key/snakeoil-ca-rsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-ca-rsa.key; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/snakeoil-ca-dsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-ca-dsa.key"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.key/snakeoil-ca-dsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-ca-dsa.key; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/snakeoil-rsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-rsa.key"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.key/snakeoil-rsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-rsa.key; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/snakeoil-dsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-dsa.key"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.key/snakeoil-dsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-dsa.key; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/server.key $(root)$(sysconfdir)/ssl.key/server.key"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.key/server.key $(root)$(sysconfdir)/ssl.key/server.key; \
+			if [ -f "$(TOP)/conf/ssl.key/ca.key" ]; then \
+				echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/ca.key $(root)$(sysconfdir)/ssl.key/ca.key"; \
+				$(INSTALL) -m 400 $(TOP)/conf/ssl.key/ca.key $(root)$(sysconfdir)/ssl.key/ca.key; \
+			fi; \
+		else \
+			echo "[PRESERVING EXISTING KEY FILES: $(root)$(sysconfdir)/ssl.key/*]"; \
+		fi; \
+		if [ ! -f "$(root)$(sysconfdir)/ssl.prm/README.PRM" ]; then \
+			echo "$(INSTALL_DATA) $(TOP)/conf/ssl.prm/README.PRM $(root)$(sysconfdir)/ssl.prm/README.PRM"; \
+			$(INSTALL) $(TOP)/conf/ssl.prm/README.PRM $(root)$(sysconfdir)/ssl.prm/README.PRM; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.prm/snakeoil-ca-dsa.prm $(root)$(sysconfdir)/ssl.prm/snakeoil-ca-dsa.prm"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.prm/snakeoil-ca-dsa.prm $(root)$(sysconfdir)/ssl.prm/snakeoil-ca-dsa.prm; \
+			echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.prm/snakeoil-dsa.prm $(root)$(sysconfdir)/ssl.prm/snakeoil-dsa.prm"; \
+			$(INSTALL) -m 400 $(TOP)/conf/ssl.prm/snakeoil-dsa.prm $(root)$(sysconfdir)/ssl.prm/snakeoil-dsa.prm; \
+		else \
+			echo "[PRESERVING EXISTING PRM FILES: $(root)$(sysconfdir)/ssl.prm/*]"; \
+		fi; \
+	fi
 	@echo "<=== [config]"
 
 

+---------------------------------------------------------------------------
| Add the `certificate' Make target which can be used to create
| various forms of server certificates through the mkcert.sh
| script.
+---------------------------------------------------------------------------
Index: src/Makefile.tmpl
--- src/Makefile.tmpl	18 Jul 2003 15:44:29 -0000	1.1.1.12
+++ src/Makefile.tmpl	18 Jul 2003 15:56:58 -0000	1.21
@@ -11,6 +11,12 @@
   $(OSDIR)/libos.a \
   ap/libap.a
 
+TYPE=
+ALGO=
+CRT=
+KEY=
+VIEW=
+
 .c.o:
 	$(CC) -c $(INCLUDES) $(CFLAGS) $<
 
@@ -60,6 +66,13 @@
 		done; \
 	fi
 
+certificate:   
+	@./support/mkcert.sh \
+		"$(MAKE)" "$(MFLAGS) $(MFLAGS_STATIC)" \
+		"$(SSL_PROGRAM)" ./support \
+		"$(TYPE)" "$(ALGO)" "$(CRT)" "$(KEY)" "$(VIEW)"
+	@cd ../conf/ssl.crt; $(MAKE) $(MFLAGS_STATIC) SSL_PROGRAM=$(SSL_PROGRAM) >/dev/null 2>&1
+
 subdirs:
 	@for i in $(SUBDIRS); do \
 		echo "===> $(SDP)$$i"; \

+---------------------------------------------------------------------------
| Provide an additional `startssl' command to supplement the
| standard `start' command. The difference is just that
| `startssl' adds a -DSSL define when starting httpd.
+---------------------------------------------------------------------------
Index: src/support/apachectl
--- src/support/apachectl	28 Jul 2006 13:55:24 -0000	1.1.1.10
+++ src/support/apachectl	28 Jul 2006 13:56:29 -0000	1.12
@@ -91,6 +91,18 @@
 	    ERROR=3
 	fi
 	;;
+    startssl|sslstart|start-SSL)
+	if [ $RUNNING -eq 1 ]; then
+	    echo "$0 $ARG: httpd (pid $PID) already running"
+	    continue
+	fi
+	if $HTTPD -DSSL; then
+	    echo "$0 $ARG: httpd started"
+	else
+	    echo "$0 $ARG: httpd could not be started"
+	    ERROR=3
+	fi
+	;;
     stop)
 	if [ $RUNNING -eq 0 ]; then
 	    echo "$0 $ARG: $STATUS"
@@ -169,6 +181,7 @@
 	cat <<EOF
 
 start      - start httpd
+startssl   - start httpd with SSL enabled
 stop       - stop httpd
 restart    - restart httpd if running by sending a SIGHUP or start if 
              not running

+---------------------------------------------------------------------------
| Add support for the HTTPS scheme and the additional SSL_XXXX
| environment variables mod_ssl provides to CGI scripts.
+---------------------------------------------------------------------------
Index: src/support/suexec.c
--- src/support/suexec.c	28 Jul 2006 13:55:23 -0000	1.1.1.13
+++ src/support/suexec.c	28 Jul 2006 13:56:30 -0000	1.14
@@ -91,6 +91,11 @@
 {
     /* variable name starts with */
     "HTTP_",
+#ifdef MOD_SSL
+    "HTTPS=",
+    "HTTPS_",
+    "SSL_",
+#endif
 
     /* variable name is */
     "AUTH_TYPE=",