| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Apache doesn't like running as root and this ends up hanging
the build process.
|
|
|
|
|
|
|
|
|
|
|
| |
I need to generate config.h because Apache ships its own
autotools-generated config.h which redefines a lot of
variables like PACKAGE_NAME, PACKAGE_TARBALL, etc.
By having my own configh I can reset things before the compiler
complains. The downside is that compile-time options are hidden
in a config file instead of being defined on the gcc
command-line.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
python for OpenSSL is in quite a sad state with several competing
mid-level implementations which provide different feature sets.
The httplib client provides access to the negotiated cipher and
protocol but not SNI (and it has lousy hostname checking).
The urllib3 client provides SNI and is generally better but doesn't
give any details on the connection.
So I'm using both. The original one is used for basic server testing
and the urllib3 one is used just for SNI testing.
Also:
- Indent the test configuration to make it more readable
- Add separate config file for SNI testing
- Add a CGI configuration and script to test CGI variables
- Change client cipher test to use AES256-SHA instead of RC4
- Add a commented-out valgrind option in start for future
debuggers
- Change the VirtualServers to *:port and use ServerName
- Add per-VH document roots so SNI can be more easily tested
|
|
|
|
|
|
|
|
|
| |
I originally just had nss_engine_cipher as an extra ld option
but this didn't enforce that nss_engine_cipher was already built
by the time test_cipher was. I instead added nss_engine_cipher
to the SOURCES line and dropped the extra linkage.
Build failure seen on aarch64 in BZ 1196222
|
| |
|
|
|
|
|
|
|
|
| |
- Add Camelia ciphers
- Remove Fortezza ciphers
- Add TLSv1.2-specific ciphers
Resolves BZ: #862938
|
|
|
|
|
|
|
|
|
|
|
|
| |
We do a chdir() to the NSS database location so that libnssckbi.so
is available when the database is opened. Strip off a sql: prefix
if one is available. This allows the new sqlite format to work.
Add an additional test pass configuring NSS using the sqlite format.
This requires a bit of a hack to pass in the value to python but
it will work for now.
Resolves: #1057650
|
| |
|
|
|
|
|
|
| |
Add a DIST target to make it easier to tar things up.
Rename the make target test to check
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This tests in an in-tree Apache instance using the local libmodnss.so
shared library, so no pre-installation is necessary.
The tests use python-nose and a hacked python-requests library. It is
hacked so I can obtain the negotiated cipher and protocol as well as
pass a few other things into it.
Tests right now are limited to GET requests.
A new user certificate for 'beta' was added to gencert to do pass/fail
access control testing.
The basic process of the tests are:
- run setup.sh which sets up a new instance with createinstance.sh
and does some variable substitution.
- nosetests -v
I picture multiple test "suites" of different configurations. Right now
there is only one. A template file is provided for each suite.
Tested only on Fedora 20 right now.
|
| |
|
| |
|
| |
|
|
|
|
| |
446101
|
|
|
|
| |
by default. To enable it, pass --enable-ecc to configure.
|
|
|
|
|
|
|
| |
from Oden Eriksson.
The conditional to determine which API to use is a bit weak at the moment
but it works with Apache 2.0.54 and 2.2.0.
|
|
|
|
|
| |
a new directive, NSSRandomSeed based on the mod_ssl SSLRandomSeed
directive.
|
| |
|
| |
|
|
|
|
| |
Also fix nasty typo.
|
|
|
|
| |
co-exist with mod_ssl.
|
|
|
|
|
|
|
| |
Print out some nice notes alerting the user to verify that mod_ssl is
disabled.
Tell the user about gencert so they can generate their own self-signed
certificate.
|
|
|