On Thu, Nov 10, 2011 at 12:14 AM, Rüdiger Plüm <ruediger.pl...@vodafone.com> wrote: .... > Author: pquerna > Date: Wed Nov 9 23:37:37 2011 > New Revision: 1200040 > > URL: http://svn.apache.org/viewvc?rev=1200040&view=rev > Log: > Add support for RFC 5077 TLS Session tickets. This adds two new directives: > > * SSLTicketKeyFile: To store the private information for the encryption of > the ticket. > * SSLTicketKeyDefault To set the default, otherwise the first listed token is > used. This > enables key rotation across servers. > > Modified: > httpd/httpd/trunk/CHANGES > httpd/httpd/trunk/modules/ssl/mod_ssl.c > httpd/httpd/trunk/modules/ssl/ssl_engine_config.c > httpd/httpd/trunk/modules/ssl/ssl_engine_init.c > httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c > httpd/httpd/trunk/modules/ssl/ > ssl_private.h ..... > +const char *ssl_cmd_SSLTicketKeyFile(cmd_parms *cmd, void *dcfg, const char > *name, const > char *path) > +{ > +#ifdef HAVE_TLSEXT_TICKETS > + apr_status_t rv; > + apr_file_t *fp; > + apr_size_t len; > + char buf[TLSEXT_TICKET_KEYLEN]; > + modssl_ticket_t* ticket = NULL; > + SSLSrvConfigRec *sc = mySrvConfig(cmd->server); > + > + rv = apr_file_open(&fp, path, APR_READ|APR_BINARY, > > > > Why not using ap_server_root_relative on path first?
Fixed in r1200372. .... > + > + memcpy(keyname, ticket->key_name, 16); > + > + RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH); > + > + memcpy(iv, iv, EVP_MAX_IV_LENGTH); > > > What is the purpose of this operation? Source and destination are the same. Unneeded, No Purpose, I had an earlier version of the code when I used a temp local buffer to generate the IV, but later just wrote directly into the parameter with RAND_pseudo_bytes. Removed in r1200374. .... > Regards > > Rüdiger Thanks again, Paul
