> Am 03.03.2021 um 09:35 schrieb Stefan Eissing <stefan.eiss...@greenbytes.de>: > > > >> Am 02.03.2021 um 20:54 schrieb Ruediger Pluem <rpl...@apache.org>: >> >> >> >> On 3/2/21 3:21 PM, ic...@apache.org wrote: >>> Author: icing >>> Date: Tue Mar 2 14:21:18 2021 >>> New Revision: 1887085 >>> >>> URL: http://svn.apache.org/viewvc?rev=1887085&view=rev >>> Log: >>> Adding more ap_ssl_* functions and hooks to the core server. >>> >>> - ap_ssl_add_cert_files() to enable other modules like mod_md to provide >>> certificate and keys for an SSL module like mod_ssl. >>> - ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to >>> provide a fallback certificate in case no 'proper' certificate is >>> available for an SSL module like mod_ssl. >>> - ap_ssl_answer_challenge() to enable other modules like mod_md to >>> provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge >>> for the ACME protocol for an SSL module like mod_ssl. >>> - Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and >>> 'ssl_answer_challenge' where modules like mod_md can provide providers >>> to the above mentioned functions. >>> >>> >>> Modified: >>> httpd/httpd/trunk/CHANGES >>> httpd/httpd/trunk/include/ap_mmn.h >>> httpd/httpd/trunk/include/http_protocol.h >>> httpd/httpd/trunk/modules/md/mod_md.c >>> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c >>> httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c >>> httpd/httpd/trunk/modules/ssl/ssl_private.h >>> httpd/httpd/trunk/server/protocol.c >>> >> >>> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c >>> URL: >>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1887085&r1=1887084&r2=1887085&view=diff >>> ============================================================================== >>> --- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original) >>> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Tue Mar 2 14:21:18 >>> 2021 >>> @@ -2316,11 +2316,29 @@ void ssl_callback_Info(const SSL *ssl, i >>> #ifdef HAVE_TLSEXT >>> >>> static apr_status_t set_challenge_creds(conn_rec *c, const char *servername, >>> - SSL *ssl, X509 *cert, EVP_PKEY >>> *key) >>> + SSL *ssl, X509 *cert, EVP_PKEY >>> *key, >>> + const char *cert_file, const char >>> *key_file) >>> { >>> SSLConnRec *sslcon = myConnConfig(c); >>> >>> sslcon->service_unavailable = 1; >>> + if (cert_file) { >>> + if (SSL_use_certificate_chain_file(ssl, cert_file) < 1) { >> >> As noted by the failure of build #1461 ( >> https://travis-ci.com/github/apache/httpd/jobs/487481449) >> SSL_use_certificate_chain_file is not available with OpenSSL 1.0.2 which is >> still the OS >> provided standard version with Ubuntu 16 LTS and RedHat / Centos 7. > > Is there a known alternative?
Will use SSL_use_certificate_file() there which is available in 1.0.2. > >> Regards >> >> RĂ¼diger