Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
apache-httpd/LAYOUT
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Streamline ephemeral key handling: - drop support for ephemeral RSA keys (only allowed/needed for export ciphers) - drop pTmpKeys from the per-process SSLModConfigRec, and remove the temp key generation at startup (unnecessary for DHE/ECDHE) - unconditionally disable null and export-grade ciphers by always prepending "!aNULL:!eNULL:!EXP:" to any cipher suite string - do not configure per-connection SSL_tmp_*_callbacks, as it is sufficient to set them for the SSL_CTX - set default curve for ECDHE at startup, obviating the need for a per-handshake callback, for the time being (and also configure SSL_OP_SINGLE_ECDH_USE, previously left out) For additional background, see https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52358ED1.2070704@velox.ch%3E Follow-up fixes for r1526168: - drop SSL_TMP_KEY_* constants from ssl_private.h, too - make sure we also disable aNULL, eNULL and EXP ciphers for per-directory SSLCipherSuite directives - apply the same treatment to SSLProxyCipherSuite Increase minimum required OpenSSL version to 0.9.8a (in preparation for the next mod_ssl commit, which will rely on the get_rfcX_prime_Y functions added in that release): - remove obsolete #defines / macros - in ssl_private.h, regroup definitions based on whether they depend on TLS extension support or not - for ECC and SRP support, set HAVE_X and change the rather awkward #ifndef OPENSSL_NO_X lines accordingly For the discussion prior to taking this step, see https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C524275C7.9060408%40velox.ch%3E Improve ephemeral key handling (companion to r1526168): - allow to configure custom DHE or ECDHE parameters via the SSLCertificateFile directive, and adapt its documentation accordingly (addresses PR 49559) - add standardized DH parameters from RFCs 2409 and 3526, use them based on the length of the certificate's RSA/DSA key, and add a FAQ entry for clients which limit DH support to 1024 bits (such as Java 7 and earlier) - move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to ssl_util_ssl.c, and add ssl_ec_GetParamFromFile() - drop ssl_engine_dh.c from mod_ssl For the standardized DH parameters, OpenSSL version 0.9.8a or later is required, which was therefore made a new minimum requirement in r1527294. PR 55616 (add missing APLOGNO), part 2 Submitted by: kbrand Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1542327 13f79535-47bb-0310-9956-ffa450edef68
173 lines (98 sloc)
4 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The httpd-2.1 Source Tree LAYOUT | |
| -------------------------------- | |
| ./ .................... Top-Level httpd-2.1 Root Directory | |
| ABOUT_APACHE .......... Overview of the Apache HTTP Server | |
| LAYOUT ................ This file describing the source tree | |
| README ................ Overview of this distribution | |
| STATUS ................ Current project activity and commentary | |
| build/ ................ Supporting tools for buildconf/configure | |
| win32/ ................ Supporting tools for Win32 MSVC builds | |
| docs/ ................. Documentation and Examples | |
| cgi-examples/ ......... | |
| conf/ ................. | |
| docroot/ .............. | |
| error/ ................ | |
| include/ .............. | |
| icons/ ................ | |
| small/ ................ | |
| man/ .................. | |
| manual/ ............... | |
| developer/ ............ | |
| faq/ .................. | |
| howto/ ................ | |
| images/ ............... | |
| misc/ ................. | |
| mod/ .................. | |
| platform/ ............. | |
| programs/ ............. | |
| search/ ............... | |
| ssl/ .................. | |
| style/ ................ | |
| vhosts/ ............... | |
| include/ ................ | |
| modules/ ................ Manditory and Add-In Apache stock modules | |
| aaa/ .................... | |
| arch/ ................... | |
| netware/ ................ | |
| win32/ .................. | |
| cache/ .................. | |
| dav/ .................... | |
| fs/ ..................... | |
| main/ ................... | |
| echo/ ................... | |
| experimental/ ........... | |
| filters/ ................ | |
| generators/ ............. | |
| http/ ................... HTTP: protocol module | |
| loggers/ ................ | |
| mappers/ ................ | |
| metadata/ ............... | |
| pop3/ ................... | |
| private/ ................ | |
| proxy/ .................. | |
| ssl/ .................... HTTPS: SSL v2/v3 and TLS v1 protocol module | |
| README .................. Overview of mod_ssl | |
| README.dsov.fig ......... Overview diagram of mod_ssl design | |
| README.dsov.ps .......... Overview diagram of mod_ssl design | |
| Makefile.in ............. Makefile template for Unix platform | |
| config.m4 ............... Autoconf stub for the Apache config mechanism | |
| mod_ssl.c ............... main source file containing API structures | |
| mod_ssl.h ............... common header file of mod_ssl | |
| ssl_engine_config.c ..... module configuration handling | |
| ssl_engine_init.c ....... module initialization | |
| ssl_engine_io.c ......... I/O support | |
| ssl_engine_kernel.c ..... SSL engine kernel | |
| ssl_engine_log.c ........ logfile support | |
| ssl_engine_mutex.c ...... mutual exclusion support | |
| ssl_engine_pphrase.c .... pass-phrase handling | |
| ssl_engine_rand.c ....... PRNG support | |
| ssl_engine_vars.c ....... Variable Expansion support | |
| ssl_scache.c ............ session cache abstraction layer | |
| ssl_util.c .............. utility functions | |
| ssl_util_ssl.c .......... the OpenSSL companion source | |
| ssl_util_ssl.h .......... the OpenSSL companion header | |
| test/ ................... not distributed with released source tarballs | |
| os/ ..................... | |
| bs2000/ ................. | |
| netware/ ................ | |
| os2/ .................... | |
| unix/ ................... | |
| win32/ .................. | |
| server/ ................. | |
| mpm/ .................... | |
| event/ .................. | |
| mpmt_os2/ ............... | |
| netware/ ................ | |
| prefork/ ................ | |
| winnt/ .................. | |
| worker/ ................. | |
| srclib/ ................... Additional Libraries | |
| apr/ ...................... SEE srclib/apr/LAYOUT | |
| apr-util/ ................. SEE srclib/apr/LAYOUT | |
| pcre/ ..................... | |
| doc/ ...................... | |
| testdata/ ................. | |
| support/ ................ Sources for Support Binaries | |
| SHA1/ .................. Ancient SHA1 password conversion utilities | |
| win32/ ................. Win32-only Support Applications | |
| test/ ................... not distributed with released source tarballs | |