Merge r1674542, r1675410, r1676842 from trunk:

mod_ssl: Check for RAND_egd() at configure time and only use it if present. Fixes the build with LibreSSL which does not provide this function. Submitted by: Bernard Spil <pil.oss gmail com>, stsp Committed by: stsp mod_ssl: Make the config parser complain if SSLRandomSeed specifies the Entropy Gathering Daemon (EGD) as source while the underlying SSL library does not support EGD (e.g. in case of LibreSSL). Suggested and reviewed by: kbrand Follow up to r1674542 and r1675410: CHANGES entry. Submitted by: stsp, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1679199 13f79535-47bb-0310-9956-ffa450edef68
author: Jim Jagielski <jim@apache.org> 2015-05-13 12:48:13 +0000
committer: Jim Jagielski <jim@apache.org> 2015-05-13 12:48:13 +0000
commit: 429a4ba7e5239f9b8b9f97a1d2b18ada35c4dd9a (patch)
tree: b3945f10358f541e44bf8f4cb4aba8d37065f45a
parent: a7324d62a63a889f61843b4783ffccefcaf9045e (diff)
download: httpd-429a4ba7e5239f9b8b9f97a1d2b18ada35c4dd9a.tar.gz
5 files changed, 15 insertions, 10 deletions
diff --git a/CHANGES b/CHANGES
index c1b3a469f6..cdba0c535e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -34,6 +34,11 @@ Changes with Apache 2.4.13
   *) mod_status: Add more data to machine readable server-status produced
      when using the "?auto" query string.  [Rainer Jung]
 
+  *) mod_ssl: Check for the Entropy Gathering Daemon (EGD) availability at
+     configure time (RAND_egd), and complain if SSLRandomSeed requires using
+     it otherwise.  [Bernard Spil <pil.oss gmail com>, Stefan Sperling,
+     Kaspar Brand]
+
   *) mod_ssl: make sure to consistently output SSLCertificateChainFile
      deprecation warnings, when encountered in a VirtualHost block.
      [Falco Schwarz <hiding falco.me>]
diff --git a/STATUS b/STATUS
index 64a58e63ca..4711a4c266 100644
--- a/STATUS
+++ b/STATUS
@@ -105,15 +105,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_ssl: Check for the Entropy Gathering Daemon (EGD) availability at
-     configure time (RAND_egd), and complain if SSLRandomSeed requires using
-     it otherwise.
-     trunk patch: http://svn.apache.org/r1674542
-                  http://svn.apache.org/r1675410
-                  http://svn.apache.org/r1676842
-     2.4.x patch: trunk works (modulo CHANGES)
-     +1: ylavic, trawick, rjung
-
 
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
diff --git a/acinclude.m4 b/acinclude.m4
index 6fa6382613..d94f8aae6f 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -576,7 +576,7 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[
       liberrors=""
       AC_CHECK_HEADERS([openssl/engine.h])
       AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
-      AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
+      AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines RAND_egd])
       if test "x$liberrors" != "x"; then
         AC_MSG_WARN([OpenSSL libraries are unusable])
       fi
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 0d4e661d5d..756ff227b5 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -606,8 +606,15 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd,
         seed->cpPath = ap_server_root_relative(mc->pPool, arg2+5);
     }
     else if ((arg2len > 4) && strEQn(arg2, "egd:", 4)) {
+#ifdef HAVE_RAND_EGD
         seed->nSrc   = SSL_RSSRC_EGD;
         seed->cpPath = ap_server_root_relative(mc->pPool, arg2+4);
+#else
+        return apr_pstrcat(cmd->pool, "Invalid SSLRandomSeed entropy source `",
+                           arg2, "': This version of " MODSSL_LIBRARY_NAME
+                           " does not support the Entropy Gathering Daemon "
+                           "(EGD).", NULL);
+#endif
     }
     else if (strcEQ(arg2, "builtin")) {
         seed->nSrc   = SSL_RSSRC_BUILTIN;
diff --git a/modules/ssl/ssl_engine_rand.c b/modules/ssl/ssl_engine_rand.c
index df25d8fd63..4e1a9c1cda 100644
--- a/modules/ssl/ssl_engine_rand.c
+++ b/modules/ssl/ssl_engine_rand.c
@@ -81,6 +81,7 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix)
                 nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
                 ssl_util_ppclose(s, p, fp);
             }
+#ifdef HAVE_RAND_EGD
             else if (pRandSeed->nSrc == SSL_RSSRC_EGD) {
                 /*
                  * seed in contents provided by the external
@@ -90,6 +91,7 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix)
                     continue;
                 nDone += n;
             }
+#endif
             else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) {
                 struct {
                     time_t t;
author	Jim Jagielski <jim@apache.org>	2015-05-13 12:48:13 +0000
committer	Jim Jagielski <jim@apache.org>	2015-05-13 12:48:13 +0000
commit	429a4ba7e5239f9b8b9f97a1d2b18ada35c4dd9a (patch)
tree	b3945f10358f541e44bf8f4cb4aba8d37065f45a
parent	a7324d62a63a889f61843b4783ffccefcaf9045e (diff)
download	httpd-429a4ba7e5239f9b8b9f97a1d2b18ada35c4dd9a.tar.gz