Ignore:
Timestamp:
Nov 8, 2009, 11:02:18 AM (13 years ago)
Author:
mitchb
Message:
Prompt for certs once, not five bajillion times (fix SSL session caching)

Clients that support both the SNI extension and the TLS Session Tickets
extension have problems that, among other things, result in many of our
cert-protected sites requesting the user's certs an inordinate number
of times.  This will supposedly be fixed in later versions of openssl,
but in the meantime, this applies the patch proposed here:

  http://mail-archives.apache.org/mod_mbox/httpd-dev/200911.mbox/ajax/%3c4AF58A80.5080101@velox.ch%3e

with the following modifications:
  o Remove the documentation chunk of the patch (it applies to the source
    XML file which isn't part of the distribution tarball)
  o Expand the macro SSL_CTX_set_tlsext_ticket_keys in two places to work
    around the typo in our version of openssl corrected by this upstream
    commit:
      http://marc.info/?l=openssl-cvs&m=124638969912935&w=2
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/fedora/specs/httpd.spec.patch

    r1306 r1348  
    1 --- httpd.spec.orig     2009-08-25 07:12:16.000000000 -0400
    2 +++ httpd.spec  2009-08-25 07:15:12.000000000 -0400
     1--- httpd.spec.orig     2009-11-08 08:58:40.000000000 -0500
     2+++ httpd.spec  2009-11-08 09:00:43.000000000 -0500
    33@@ -7,7 +7,7 @@
    44 Summary: Apache HTTP Server
     
    1010 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
    1111 Source1: index.html
    12 @@ -55,6 +55,11 @@
     12@@ -55,6 +55,12 @@
    1313 Conflicts: pcre < 4.0
    1414 Requires: httpd-tools = %{version}-%{release}, apr-util-ldap
     
    1818+Patch1003: httpd-2.2.x-mod_status-security.patch
    1919+Patch1004: httpd-2.2.x-304.patch
     20+Patch1005: httpd-2.2.x-mod_ssl-sessioncaching.patch
    2021+
    2122 %description
    2223 The Apache HTTP Server is a powerful, efficient, and extensible
    2324 web server.
    24 @@ -101,6 +106,7 @@
     25@@ -101,6 +107,7 @@
    2526 BuildRequires: openssl-devel, distcache-devel
    2627 Requires(post): openssl >= 0.9.7f-4, /bin/cat
     
    3031 
    3132 %description -n mod_ssl
    32 @@ -128,6 +134,10 @@
     33@@ -128,6 +135,11 @@
    3334 # Patch in vendor/release string
    3435 sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
     
    3738+%patch1003 -p1 -b .permitstatus
    3839+%patch1004 -p1 -b .scripts-304
     40+%patch1005 -p1 -b .ssl-sessioncache
    3941+
    4042 # Safety check: prevent build if defined MMN does not equal upstream MMN.
    4143 vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    4244 if test "x${vmmn}" != "x%{mmn}"; then
    43 @@ -176,10 +186,12 @@
     45@@ -176,10 +188,12 @@
    4446         --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
    4547        --enable-suexec --with-suexec \
Note: See TracChangeset for help on using the changeset viewer.