[mod_nss] Some changes were needed to allow mod_nss to work with httpd 2.4. The issues that needed to be fixed
mharmsen
mharmsen at fedoraproject.org
Tue Jun 12 20:52:14 UTC 2012
commit f0160da060d307810bb0fd55324a09d31395b33e
Author: Matthew Harmsen <mharmsen at redhat.com>
Date: Tue Jun 12 13:51:49 2012 -0700
Some changes were needed to allow mod_nss to work with httpd 2.4.
The issues that needed to be fixed were:
- mpm.h was removed, so we shouldn't include it.
- conn_rec->remote_ip was renamed to conn_rec->client_ip
- server_rec no longer has a loglevel member. Instead, there is
a log struct that contains the level.
- ap_get_server_version() was deprecated and removed. We should
use ap_get_server_banner() instead.
- APLOG_MARK now has a third parameter added to it that indicates
the module index. Functions that mod_nss implements where we
pass APLOG_MARK as a parameter need to expect this new parameter.
mod_nss-httpd24.patch | 135 +++++++++++++++++++++++++++++++++++++++++++++++++
mod_nss.spec | 9 +++-
2 files changed, 143 insertions(+), 1 deletions(-)
---
diff --git a/mod_nss-httpd24.patch b/mod_nss-httpd24.patch
new file mode 100644
index 0000000..4863140
--- /dev/null
+++ b/mod_nss-httpd24.patch
@@ -0,0 +1,135 @@
+diff -ru mod_nss/mod_nss.c mod_nss-1.0.8/mod_nss.c
+--- mod_nss/mod_nss.c 2012-06-12 12:23:29.961000000 -0700
++++ mod_nss-1.0.8/mod_nss.c 2012-06-12 12:00:35.957002099 -0700
+@@ -349,7 +349,7 @@
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
+ "Connection to child %ld established "
+ "(server %s, client %s)", c->id, sc->vhost_id,
+- c->remote_ip ? c->remote_ip : "unknown");
++ c->client_ip ? c->client_ip : "unknown");
+
+ mctx = sslconn->is_proxy ? sc->proxy : sc->server;
+
+diff -ru mod_nss/mod_nss.h mod_nss-1.0.8/mod_nss.h
+--- mod_nss/mod_nss.h 2012-06-12 12:23:29.962000000 -0700
++++ mod_nss-1.0.8/mod_nss.h 2012-06-12 12:00:35.955002240 -0700
+@@ -27,7 +27,6 @@
+ #include "http_protocol.h"
+ #include "util_script.h"
+ #include "util_filter.h"
+-#include "mpm.h"
+ #include "apr.h"
+ #include "apr_strings.h"
+ #define APR_WANT_STRFUNC
+@@ -490,7 +489,7 @@
+ SECStatus nss_Init_Tokens(server_rec *s);
+
+ /* Logging */
+-void nss_log_nss_error(const char *file, int line, int level, server_rec *s);
++void nss_log_nss_error(const char *file, int line, int module_index, int level, server_rec *s);
+ void nss_die(void);
+
+ /* NSS callback */
+diff -ru mod_nss/nss_engine_init.c mod_nss-1.0.8/nss_engine_init.c
+--- mod_nss/nss_engine_init.c 2012-06-12 12:23:29.962000000 -0700
++++ mod_nss-1.0.8/nss_engine_init.c 2012-06-12 12:00:35.955002240 -0700
+@@ -15,7 +15,7 @@
+
+ #include "mod_nss.h"
+ #include "apr_thread_proc.h"
+-#include "ap_mpm.h"
++#include "mpm_common.h"
+ #include "secmod.h"
+ #include "sslerr.h"
+ #include "pk11func.h"
+diff -ru mod_nss/nss_engine_io.c mod_nss-1.0.8/nss_engine_io.c
+--- mod_nss/nss_engine_io.c 2012-06-12 12:23:29.963000000 -0700
++++ mod_nss-1.0.8/nss_engine_io.c 2012-06-12 12:00:35.956002167 -0700
+@@ -621,13 +621,13 @@
+ PR_Close(ssl);
+
+ /* log the fact that we've closed the connection */
+- if (c->base_server->loglevel >= APLOG_INFO) {
++ if (c->base_server->log.level >= APLOG_INFO) {
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
+ "Connection to child %ld closed "
+ "(server %s, client %s)",
+ c->id,
+ nss_util_vhostid(c->pool, c->base_server),
+- c->remote_ip ? c->remote_ip : "unknown");
++ c->client_ip ? c->client_ip : "unknown");
+ }
+
+ /* deallocate the SSL connection */
+@@ -1165,7 +1165,7 @@
+ filter_ctx = (nss_filter_ctx_t *)(fd->secret);
+ c = filter_ctx->c;
+
+- return PR_StringToNetAddr(c->remote_ip, addr);
++ return PR_StringToNetAddr(c->client_ip, addr);
+ }
+
+ /*
+diff -ru mod_nss/nss_engine_kernel.c mod_nss-1.0.8/nss_engine_kernel.c
+--- mod_nss/nss_engine_kernel.c 2012-06-12 12:23:29.963000000 -0700
++++ mod_nss-1.0.8/nss_engine_kernel.c 2012-06-12 12:00:35.954002314 -0700
+@@ -73,7 +73,7 @@
+ /*
+ * Log information about incoming HTTPS requests
+ */
+- if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
++ if (r->server->log.level >= APLOG_INFO && ap_is_initial_req(r)) {
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+ "%s HTTPS request received for child %ld (server %s)",
+ (r->connection->keepalives <= 0 ?
+@@ -530,7 +530,7 @@
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+ "Access to %s denied for %s "
+ "(requirement expression not fulfilled)",
+- r->filename, r->connection->remote_ip);
++ r->filename, r->connection->client_ip);
+
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+ "Failed expression: %s", req->cpExpr);
+diff -ru mod_nss/nss_engine_log.c mod_nss-1.0.8/nss_engine_log.c
+--- mod_nss/nss_engine_log.c 2012-06-12 12:23:29.964000000 -0700
++++ mod_nss-1.0.8/nss_engine_log.c 2012-06-12 12:00:35.955002240 -0700
+@@ -321,7 +321,7 @@
+ exit(1);
+ }
+
+-void nss_log_nss_error(const char *file, int line, int level, server_rec *s)
++void nss_log_nss_error(const char *file, int line, int module_index, int level, server_rec *s)
+ {
+ const char *err;
+ PRInt32 error;
+@@ -340,7 +340,7 @@
+ err = "Unknown";
+ }
+
+- ap_log_error(file, line, level, 0, s,
++ ap_log_error(file, line, module_index, level, 0, s,
+ "SSL Library Error: %d %s",
+ error, err);
+ }
+diff -ru mod_nss/nss_engine_vars.c mod_nss-1.0.8/nss_engine_vars.c
+--- mod_nss/nss_engine_vars.c 2012-06-12 12:23:29.965000000 -0700
++++ mod_nss-1.0.8/nss_engine_vars.c 2012-06-12 12:00:35.948002812 -0700
+@@ -178,7 +178,7 @@
+ && sslconn && sslconn->ssl)
+ result = nss_var_lookup_ssl(p, c, var+4);
+ else if (strcEQ(var, "REMOTE_ADDR"))
+- result = c->remote_ip;
++ result = c->client_ip;
+ else if (strcEQ(var, "HTTPS")) {
+ if (sslconn && sslconn->ssl)
+ result = "on";
+@@ -194,7 +194,7 @@
+ if (strlen(var) > 12 && strcEQn(var, "SSL_VERSION_", 12))
+ result = nss_var_lookup_nss_version(p, var+12);
+ else if (strcEQ(var, "SERVER_SOFTWARE"))
+- result = (char *)ap_get_server_version();
++ result = (char *)ap_get_server_banner();
+ else if (strcEQ(var, "API_VERSION")) {
+ result = apr_psprintf(p, "%d", MODULE_MAGIC_NUMBER);
+ resdup = FALSE;
diff --git a/mod_nss.spec b/mod_nss.spec
index 290e4cc..b79f6ec 100644
--- a/mod_nss.spec
+++ b/mod_nss.spec
@@ -7,7 +7,7 @@
Name: mod_nss
Version: 1.0.8
-Release: 16%{?dist}
+Release: 17%{?dist}
Summary: SSL/TLS module for the Apache HTTP server
Group: System Environment/Daemons
License: ASL 2.0
@@ -29,6 +29,7 @@ Patch5: mod_nss-reverseproxy.patch
Patch6: mod_nss-pcachesignal.h
Patch7: mod_nss-reseterror.patch
Patch8: mod_nss-lockpcache.patch
+Patch9: mod_nss-httpd24.patch
%description
The mod_nss module provides strong cryptography for the Apache Web
@@ -46,6 +47,9 @@ security library.
%patch6 -p1 -b .pcachesignal.h
%patch7 -p1 -b .reseterror
%patch8 -p1 -b .lockpcache
+%if 0%{?fedora} >= 18
+%patch9 -p1 -b .httpd24
+%endif
# Touch expression parser sources to prevent regenerating it
touch nss_expr_*.[chyl]
@@ -144,6 +148,9 @@ fi
%{_sbindir}/gencert
%changelog
+* Tue Jun 12 2012 Nathan Kinder <nkinder at redhat.com> - 1.0.8-17
+- Port mod_nss to work with httpd 2.4
+
* Mon Apr 23 2012 Joe Orton <jorton at redhat.com> - 1.0.8-16
- packaging fixes/updates (#803072)
More information about the scm-commits
mailing list