> Am 02.03.2021 um 20:54 schrieb Ruediger Pluem <rpl...@apache.org>:
>
>
>
> On 3/2/21 3:21 PM, ic...@apache.org wrote:
>> Author: icing
>> Date: Tue Mar 2 14:21:18 2021
>> New Revision: 1887085
>>
>> URL: http://svn.apache.org/viewvc?rev=1887085&view=rev
>> Log:
>> Adding more ap_ssl_* functions and hooks to the core server.
>>
>> - ap_ssl_add_cert_files() to enable other modules like mod_md to provide
>> certificate and keys for an SSL module like mod_ssl.
>> - ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to
>> provide a fallback certificate in case no 'proper' certificate is
>> available for an SSL module like mod_ssl.
>> - ap_ssl_answer_challenge() to enable other modules like mod_md to
>> provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge
>> for the ACME protocol for an SSL module like mod_ssl.
>> - Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and
>> 'ssl_answer_challenge' where modules like mod_md can provide providers
>> to the above mentioned functions.
>>
>>
>> Modified:
>> httpd/httpd/trunk/CHANGES
>> httpd/httpd/trunk/include/ap_mmn.h
>> httpd/httpd/trunk/include/http_protocol.h
>> httpd/httpd/trunk/modules/md/mod_md.c
>> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
>> httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
>> httpd/httpd/trunk/modules/ssl/ssl_private.h
>> httpd/httpd/trunk/server/protocol.c
>>
>
>> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
>> URL:
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1887085&r1=1887084&r2=1887085&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
>> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Tue Mar 2 14:21:18
>> 2021
>> @@ -2316,11 +2316,29 @@ void ssl_callback_Info(const SSL *ssl, i
>> #ifdef HAVE_TLSEXT
>>
>> static apr_status_t set_challenge_creds(conn_rec *c, const char *servername,
>> - SSL *ssl, X509 *cert, EVP_PKEY *key)
>> + SSL *ssl, X509 *cert, EVP_PKEY *key,
>> + const char *cert_file, const char
>> *key_file)
>> {
>> SSLConnRec *sslcon = myConnConfig(c);
>>
>> sslcon->service_unavailable = 1;
>> + if (cert_file) {
>> + if (SSL_use_certificate_chain_file(ssl, cert_file) < 1) {
>
> As noted by the failure of build #1461 (
> https://travis-ci.com/github/apache/httpd/jobs/487481449)
> SSL_use_certificate_chain_file is not available with OpenSSL 1.0.2 which is
> still the OS
> provided standard version with Ubuntu 16 LTS and RedHat / Centos 7.
Is there a known alternative?
> Regards
>
> RĂ¼diger