On Wed, Feb 17, 1999, Toru Takinaka wrote:
> I found bugs in your patch.
> I debug the bugs, and it works!!
> >+ asn1 = (ASN1Obj *)ssl_ds_table_push(mc->tPublicCert, cpVHostID);
> >+ asn1->nData = i2d_X509(pX509Cert, NULL);
> >+ asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
> >+ ucpp = &asn1->cpData; i2d_X509(pX509Cert, ucpp); /* 2nd arg increments */
> + asn1->cpData -= asn1->nData;
>
> >+ asn1 = (ASN1Obj *)ssl_ds_table_push(mc->tPrivateKey, cpVHostID);
> >+ asn1->nData = i2d_RSAPrivateKey(pRSAKey, NULL);
> >+ asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
> >+ ucpp = &asn1->cpData; i2d_RSAPrivateKey(pRSAKey, ucpp); /* 2nd arg
>increments */
> + asn1->cpData -= asn1->nData;
Ok, I've fixed my patch according to your hint but the way it originally was
intended (but not written) by me. I don't trust the i2d_xx stuff too much, so
I really want to use an extra variable. The fixed patch is appended below.
Please try it out again and give me feedback whether it now finally works or
not. Because I want to make sure mod_ssl 2.2.3 is really stable.
Thanks for your efforts.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Index: mod_ssl.h
===================================================================
RCS file: /e/apache/SSL/REPOS/mod_ssl/pkg.apache/src/modules/ssl/mod_ssl.h,v
retrieving revision 1.68
diff -u -r1.68 mod_ssl.h
--- mod_ssl.h 1999/02/03 15:21:18 1.68
+++ mod_ssl.h 1999/02/13 14:56:23
@@ -419,6 +419,14 @@
} SSLRandSeed;
/*
+ * Define the structure of an ASN.1 anything
+ */
+typedef struct {
+ long int nData;
+ unsigned char *cpData;
+} ASN1Obj;
+
+/*
* Define the mod_ssl per-module configuration structure
* (i.e. the global configuration for each httpd process)
*/
Index: ssl_engine_config.c
===================================================================
RCS file: /e/apache/SSL/REPOS/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_config.c,v
retrieving revision 1.41
diff -u -r1.41 ssl_engine_config.c
--- ssl_engine_config.c 1999/02/03 15:21:18 1.41
+++ ssl_engine_config.c 1999/02/13 14:39:43
@@ -130,8 +130,8 @@
mc->nMutexSEMID = -1;
mc->aRandSeed = ap_make_array(pPool, 4, sizeof(SSLRandSeed));
- mc->tPrivateKey = ssl_ds_table_make(pPool, sizeof(RSA *));
- mc->tPublicCert = ssl_ds_table_make(pPool, sizeof(X509 *));
+ mc->tPrivateKey = ssl_ds_table_make(pPool, sizeof(ASN1Obj));
+ mc->tPublicCert = ssl_ds_table_make(pPool, sizeof(ASN1Obj));
/*
* And push it into Apache's global context
Index: ssl_engine_init.c
===================================================================
RCS file: /e/apache/SSL/REPOS/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.48
diff -u -r1.48 ssl_engine_init.c
--- ssl_engine_init.c 1999/02/03 15:21:18 1.48
+++ ssl_engine_init.c 1999/02/13 14:57:01
@@ -318,10 +318,9 @@
SSLModConfigRec *mc = myModConfig();
int nVerify;
char *cpVHostID;
- RSA **ppRSA;
- X509 **ppX509;
SSL_CTX *ctx;
STACK *skCAList;
+ ASN1Obj *asn1;
char *cp;
/*
@@ -450,25 +449,24 @@
*/
ssl_log(s, SSL_LOG_TRACE,
"Init: (%s) Configuring server certificate", cpVHostID);
- if ((ppX509 = (X509 **)ssl_ds_table_get(mc->tPublicCert,
- cpVHostID)) == NULL) {
+ if ((asn1 = (ASN1Obj *)ssl_ds_table_get(mc->tPublicCert, cpVHostID)) == NULL) {
ssl_log(s, SSL_LOG_ERROR,
"Init: (%s) Ops, can't find server certificate?!", cpVHostID);
ssl_die();
}
- sc->px509Certificate = *ppX509;
+ sc->px509Certificate = d2i_X509(NULL, &(asn1->cpData), asn1->nData);
/*
* Configure server private key
*/
ssl_log(s, SSL_LOG_TRACE,
"Init: (%s) Configuring server private key", cpVHostID);
- if ((ppRSA = (RSA **)ssl_ds_table_get(mc->tPrivateKey, cpVHostID)) == NULL) {
+ if ((asn1 = (ASN1Obj *)ssl_ds_table_get(mc->tPrivateKey, cpVHostID)) == NULL) {
ssl_log(s, SSL_LOG_ERROR,
"Init: (%s) Ops, can't find server private key?!", cpVHostID);
ssl_die();
}
- sc->prsaKey = *ppRSA;
+ sc->prsaKey = d2i_RSAPrivateKey(NULL, &(asn1->cpData), asn1->nData);
return;
}
Index: ssl_engine_pphrase.c
===================================================================
RCS file: /e/apache/SSL/REPOS/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_pphrase.c,v
retrieving revision 1.24
diff -u -r1.24 ssl_engine_pphrase.c
--- ssl_engine_pphrase.c 1999/01/06 11:43:09 1.24
+++ ssl_engine_pphrase.c 1999/02/17 07:08:59
@@ -83,10 +83,10 @@
server_rec *pServ;
char *cpVHostID;
char szPath[MAX_STRING_LEN];
+ ASN1Obj *asn1;
+ unsigned char *ucp;
RSA *pRSAKey;
- RSA **ppRSAKey;
X509 *pX509Cert;
- X509 **ppX509Cert;
FILE *fp;
BOOL bReadable;
ssl_ds_array *aPassPhrase;
@@ -151,10 +151,17 @@
* certificate is actually used to configure mod_ssl's per-server
* configuration structures).
*/
- ppX509Cert = ssl_ds_table_push(mc->tPublicCert, cpVHostID);
- *ppX509Cert = pX509Cert;
+ asn1 = (ASN1Obj *)ssl_ds_table_push(mc->tPublicCert, cpVHostID);
+ asn1->nData = i2d_X509(pX509Cert, NULL);
+ asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
+ ucp = asn1->cpData; i2d_X509(pX509Cert, &ucp); /* 2nd arg increments */
/*
+ * Free the X509 structure
+ */
+ X509_free(pX509Cert);
+
+ /*
* Read in the private key: This is the non-trivial part, because the
* key is typically encrypted, so a pass phrase dialog has to be used
* to request it from the user (or it has to be alternatively gathered
@@ -286,9 +293,19 @@
/*
* Insert private key into the global module configuration
+ * (we convert it to a stand-alone DER byte sequence
+ * because the SSL library uses static variables inside a
+ * RSA structure which do not survive DSO reloads!)
+ */
+ asn1 = (ASN1Obj *)ssl_ds_table_push(mc->tPrivateKey, cpVHostID);
+ asn1->nData = i2d_RSAPrivateKey(pRSAKey, NULL);
+ asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
+ ucp = asn1->cpData; i2d_RSAPrivateKey(pRSAKey, &ucp); /* 2nd arg increments */
+
+ /*
+ * Free the RSA structure
*/
- ppRSAKey = ssl_ds_table_push(mc->tPrivateKey, cpVHostID);
- *ppRSAKey = pRSAKey;
+ RSA_free(pRSAKey);
}
/*
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]