git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: svn commit: r1841573 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS docs/manual/mod/mod_ssl.xml modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h


Champagne! :-D

> Am 21.09.2018 um 14:15 schrieb Jim Jagielski <jim@xxxxxxxxxxx>:
> 
> *cheers*!!
> 
>> On Sep 21, 2018, at 8:14 AM, minfrin@xxxxxxxxxx wrote:
>> 
>> Author: minfrin
>> Date: Fri Sep 21 12:14:05 2018
>> New Revision: 1841573
>> 
>> URL: http://svn.apache.org/viewvc?rev=1841573&view=rev
>> Log:
>> Add TLSv1.3 support to mod_ssl:
>> trunk: http://svn.apache.org/r1839946
>>      http://svn.apache.org/r1839920
>>      http://svn.apache.org/r1833589
>>      http://svn.apache.org/r1833588
>>      http://svn.apache.org/r1828723
>>      http://svn.apache.org/r1828720
>>      http://svn.apache.org/r1828222
>>      http://svn.apache.org/r1827992
>>      http://svn.apache.org/r1827924
>>      http://svn.apache.org/r1827912
>>      http://svn.apache.org/r1828790
>>      http://svn.apache.org/r1828791
>>      http://svn.apache.org/r1828792
>>      http://svn.apache.org/r1840585
>>      http://svn.apache.org/r1840710
>>      http://svn.apache.org/r1841218
>> 2.4.x branch: svn merge ^/httpd/httpd/branches/tlsv1.3-for-2.4.x
>> 
>> Modified:
>>   httpd/httpd/branches/2.4.x/   (props changed)
>>   httpd/httpd/branches/2.4.x/CHANGES
>>   httpd/httpd/branches/2.4.x/STATUS
>>   httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
>>   httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl.c
>>   httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c
>>   httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
>>   httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c
>>   httpd/httpd/branches/2.4.x/modules/ssl/ssl_private.h
>> 
>> Propchange: httpd/httpd/branches/2.4.x/
>> ------------------------------------------------------------------------------
>> --- svn:mergeinfo (original)
>> +++ svn:mergeinfo Fri Sep 21 12:14:05 2018
>> @@ -1,11 +1,11 @@
>> /httpd/httpd/branches/2.4.17-protocols-changes:1712542-1715252
>> /httpd/httpd/branches/2.4.17-protocols-http2:1701609-1705681
>> -/httpd/httpd/branches/2.4.x:1825504
>> /httpd/httpd/branches/2.4.x-mod_md:1816423-1821089
>> /httpd/httpd/branches/2.4.x-mpm_fdqueue:1824383-1824864
>> /httpd/httpd/branches/revert-ap-ldap:1150158-1150173
>> +/httpd/httpd/branches/tlsv1.3-for-2.4.x:1840105-1841571
>> /httpd/httpd/branches/trunk-buildconf-noapr:1780253-1795930
>> /httpd/httpd/branches/trunk-md:1804087-1804529
>> /httpd/httpd/branches/trunk-override-index:1793921-1793931
>> /httpd/httpd/branches/wombat-integration:723609-723841
>> -/httpd/httpd/trunk:1200475,1200478,1200482,1200491,1200496,1200513,1200550,1200556,1200580,1200605,1200612,1200614,1200639,1200646,1200656,1200667,1200679,1200699,1200702,1200955,1200957,1200961,1200963,1200968,1200975,1200977,1201032,1201042,1201111,1201194,1201198,1201202,1201443,1201450,1201460,1201956,1202236,1202453,1202456,1202886,1203400,1203491,1203632,1203714,1203859,1203980,1204630,1204968,1204990,1205061,1205075,1205379,1205885,1206291,1206472,1206587,1206850,1206940,1206978,1207719,1208753,1208835,1209053,1209085,1209417,1209432,1209461,1209601,1209603,1209618,1209623,1209741,1209754,1209766,1209776,1209797-1209798,1209811-1209812,1209814,1209908,1209910,1209913,1209916-1209917,1209947,1209952,1210067,1210080,1210120,1210124,1210130,1210148,1210219,1210221,1210252,1210284,1210336,1210378,1210725,1210892,1210951,1210954,1211351-1211352,1211364,1211490,1211495,1211528,1211663,1211680,1212872,1212883,1213338,1213380-1213381,1213391,1213399,1213567,1214003,1214005,1214015,12
>> 15514,1220462,1220467,1220493,1220524,1220570,1220768,1220794,1220826,1220846,1221205,1221292,1222335,1222370,1222473,1222915,1222917,1222921,1222930,1223048,1225060,1225197-1225199,1225223,1225380,1225476,1225478,1225791,1225795-1225796,1226339,1226375,1227910,1228700,1228816,1229024,1229059,1229099,1229116,1229134,1229136,1229930,1230286,1231255,1231257,1231442,1231446,1231508,1231510,1231518,1232575,1232594,1232630,1232838,1234180,1234297,1234479,1234511,1234565,1234574,1234642-1234643,1234876,1234899,1235019,1236122,1236701,1237407,1238545,1238768,1239029-1239030,1239071,1239565,1240315,1240470,1240778,1241069,1241071,1242089,1242798,1242967,1243176,1243246,1243797,1243799,1244211,1245717,1290823,1290835,1291819-1291820,1291834,1291840,1292043,1293405,1293534-1293535,1293658,1293678,1293708,1294306,1294349,1294356,1294358,1294372,1294471,1297560,1299718,1299786,1300766,1301111,1301725,1302444,1302483,1302653,1302665,1302674,1303201,1303435,1303827,1304087,1304874-1304875,1305167
>> ,1305586,1306350,1306409,1306426,1306841,1307790,1308327,1308459,1309536,1309567,1311468,1324760,1325218,1325227,1325250,1325265,1325275,1325632,1325724,1326980,1326984,1326991,1327689,1328325-1328326,1328339,1328345,1328950,1330189,1330964,1331110,1331115,1331942,1331977,1332378,1333969,1334343,1335882,1337344,1341905-1341906,1341913,1341930,1342065,1343085,1343087,1343094,1343099,1343109,1343935,1344712,1345147,1345319,1345329,1346905,1347980,1348036,1348653,1348656,1348660,1349905,1351012-1351020,1351071-1351072,1351074,1351737,1352047,1352534,1352909-1352912,1357685,1358061,1359057,1359881,1359884,1361153,1361298,1361766,1361773,1361778,1361784,1361791-1361792,1361801,1361803,1362020,1362538,1362707,1363035,1363183,1363186,1363312,1363440,1363557,1363589,1363829,1363832,1363836-1363837,1363853,1364133,1364138,1364229,1364601,1364695,1365001,1365020,1365029,1365479,1366319,1366344,1366621,1367778,1367819,1368053,1368058,1368094,1368121,1368131,1368393,1368396,1369419,1369568,1369
>> 604,1369618,1369904,1369995,1369999,1370001,1370466,1370592,1370615-1370616,1370763,1371387,1371791,1371801,1371878,1371903,1373270,1373447,1373898,1373955,1374157,1374199,1374214,1374216,1374247,1374874,1374877,1374880,1375006,1375009,1375011,1375013,1375445,1375584,1376695,1376700,1378178,1383490,1384408,1384913,1386576,1386578,1386726,1386822,1386880,1386913,1387085,1387088,1387110,1387389,1387444,1387603,1387607,1387633,1387693,1387979,1388029,1388445,1388447,1388648,1388660,1388825,1388899,1389316,1389339,1389481,1389506,1389564,1389566-1389569,1390562,1390564,1391396,1391398,1391771,1392120,1392122,1392150,1392214,1392345-1392347,1392850,1393033,1393058,1393152,1393338,1393564,1394079,1395225,1395253-1395256,1395792,1396440,1397172,1397320,1397636,1397687,1397710,1397716,1398025,1398040,1398066,1398478,1398480-1398481,1398970,1399413,1399687,1399708,1400700,1401448,1402924,1403476,1403483,1403492,1404653,1405407,1405856,1405973,1406068,1406493,1406495,1406616,1406646,1406760,1
>> 407004,1407006,1407085,1407088,1407248,1407381,1407459-1407460,1407528,1407853,1407965,1408093,1408402,1408958,1408961,1409170,1409437,1409726,1409800,1410681,1410954,1411862,1412278,1413732,1414094,1415008,1415023,1415075,1416121,1416150,1416278,1417197,1417440,1417529,1418524,1418556,1418648,1418655,1418703,1418721,1418752,1418761,1418765,1418769,1419084,1419719,1419726,1419755,1419781,1419796,1420120,1420124,1420149,1420184,1420644,1420685-1420686,1420975,1421288,1421323,1421851,1421912,1421953,1422135,1422549,1422594,1422712,1422855,1422937,1422943,1422980,1423353,1423933,1425360,1425771-1425772,1425775,1425777,1425874,1426850,1426975,1427546,1428184,1428280,1428916,1429228,1429559,1429561,1429564,1429582,1430575,1430814,1430869,1433001,1433613,1433682,1433861,1433988,1435178,1435811,1436058,1436401,1439083,1439106,1439114,1439404,1439623,1442309,1442320,1442326,1442412,1442759,1442865,1447993,1448171,1448453,1451478,1451484,1451633,1451830,1451849,1451905,1451921,1452128,145219
>> 5,1452259,1452281,1452551,1452911,1452949,1452954,1453022,1453574,1453604,1453875-1453876,1453963,1453981,1454386,1454414-1454415,1454888,1457437,1457450,1457471,1457504,1457520-1457521,1457610,1457995,1458003-1458004,1458020,1458285,1458447,1458456,1462266,1462269,1462643,1463044-1463047,1463049,1463052,1463056,1463455,1463736,1463750,1463754,1464675,1464721,1464762,1465115-1465116,1465190,1467593,1467765,1468581,1470183,1470679,1470940,1471449,1475878,1476604,1476621,1476642,1476644-1476645,1476652,1476680,1477094,1477530,1478382,1478748,1479117,1479216,1479222,1479411,1479528,1479905,1479966,1480046,1480627,1481197,1481302,1481306,1481396-1481397,1481891,1482041,1482075,1482170,1482555,1482859,1482996,1483005,1483027,1483190,1484343,1484398,1484832,1484910,1484914,1485409,1485668,1486490,1487528,1487530,1487775,1488158,1488164,1488296,1488471,1488492,1488644,1490294,1490493,1490507,1490550,1490761,1490994,1491155,1491221,1491234,1491458,1491479,1491538,1491564,1491724,1492395,149
>> 2663,1492710,1492782,1493257,1493330,1493921,1493925,1494532,1494536,1495501,1496194,1496338,1496429,1496709,1497371,1497588,1498880,1499679,1500323,1500345,1500362,1500423,1500437,1500483,1500519,1501294,1501369,1501399,1501827,1501913,1502665,1502772,1503680,1503866,1503990-1503991,1504276,1506474,1506714,1509872,1509983,1510084-1510085,1510098,1510295,1510588,1510707,1511093,1513492,1513508,1514039,1514064,1514214-1514215,1514255,1514267,1514617,1515050,1515162,1515403,1515411,1515420,1517025,1517045,1517175,1517366,1517386,1517388,1518265,1518269,1519475,1520368,1520445,1520760,1520908,1521909,1523235,1523239,1523281,1523387,1524101,1524158,1524192,1524368,1524388,1524770,1525276,1525280-1525281,1525931,1526168,1526189,1526647,1526666,1527008,1527220,1527291,1527294-1527295,1527509,1527925-1527926,1528143,1528718,1529014,1529277,1529449,1529559,1529988,1529991,1530793,1531340,1531370,1531505,1531672,1531961-1531962,1532281,1532289,1532746,1532816,1533065,1533224,1533810,1533935,
>> 1534321,1534754,1534890,1534892,1534895-1534896,1534914,1536310,1537535,1537718,1538490,1540051-1540052,1541181,1541270,1541368,1542338,1542379,1542533,1542562,1542615,1543020,1543147,1543149,1543174,1544381,1544774,1544784,1544812,1544820,1545286,1545292,1545325,1545364,1545408,1545411,1546692-1546693,1546730,1546759-1546760,1546801,1546804-1546805,1546835-1546836,1546860,1547845,1550061,1550302,1550307,1551611,1551685,1551714,1551802,1552130,1552227,1553204,1553824,1554161,1554168,1554170,1554175-1554176,1554179,1554181,1554184,1554188,1554192,1554195,1554276,1554281,1554300-1554301,1554994-1554995,1555240,1555259,1555266,1555423-1555424,1555463-1555464,1555467,1555555,1555569,1555631,1556206,1556428,1556473,1556911-1556912,1556914,1556937,1557317,1557617,1558483,1559351,1559828,1560367,1560546,1560679,1560689,1560729,1560977,1560979,1561137,1561262,1561385,1561660,1561923,1562472,1563193,1563379,1563381,1563417-1563418,1563420,1564052,1564437,1564475,1564756,1564760,1565081,15657
>> 11,1568404,1569615,1570288,1570598,1571369,1572092,1572198,1572543,1572561,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572905,1572911,1572967,1573224,1573229,1573626,1574151,1575400,1576233,1576741,1578760,1578762,1580568,1580928,1580935,1583005,1583007-1583008,1583027,1583175,1583191,1584098,1584417,1584430,1584434,1584572,1584653,1584658,1584665,1584703,1584878,1584884,1584896,1585054,1585072,1585090,1585157,1585435,1585609,1585824,1585918-1585919,1586745,1586827,1587036,1587040,1587053,1587255,1587594,1587607,1587639,1587654,1588054,1588065,1588213,1588330,1588427,1588519,1588527,1588704,1588806,1588851,1588853,1588868,1589413,1590437,1590509,1591143,1591320,1591322,1591328,1591390,1591394,1591401,1591472,1591508,1592032,1592037,1592500,1592511,1592514,1592529,1592615,1592632,1593745,1594625,1594643,1594648,1595305,1595321,1595426,1597182,1597349,1597352,1597533,1597639,1597642,1598107,1598946,1599012,1599535,1601076,1601184-1601185,1601274,1601291,1601559,1601624,16
>> 01630,1601919,1601995,1602338,1602978,1602989,1603027,1603029,1603122,1603156,1603915,1604382,1604461,1604631,1605207,1605328,1605827,1605829,1607960,1608284,1608785,1608999,1609914,1609936,1609938,1610207,1610311,1610353,1610366,1610491,1610652,1610674,1611165,1611169,1611244,1611600,1611871,1611978,1612068,1615026,1615289,1617018,1617913,1618401,1618541,1618555,1619297,1619383,1619444,1619483,1619835,1620324,1620461,1620932,1621367,1621372,1621417,1621453,1621806,1622450,1624234,1624349,1625196,1625952,1626050,1626956,1626978,1628104,1628388,1628918-1628919,1628924,1628950,1629235,1629239,1629244,1629250,1629372,1629440-1629441,1629485,1629507-1629508,1629519,1629576-1629577,1629652,1629916,1631885,1632454,1632740,1632742,1633730-1633731,1633793,1634120,1634237,1634425,1634736,1634836,1635510,1635558,1635644-1635645,1635762,1637112,1638072-1638073,1638879,1639614,1640031,1640036,1640040,1640042,1640331,1641077,1641095,1641376,1642099,1642484,1642499,1642847,1642868,1643034,1643279
>> ,1643284,1643537,1643825,1644245,1646282,1646724,1647035,1648201,1648394,1648433,1648719,1648840,1649001,1649043,1649491,1649632,1649966,1650047,1650061,1650309-1650310,1650320,1651088,1652829,1652929,1652931,1652955,1652982,1652985,1652989,1653941,1653978,1653997,1656225,1656549,1656669,1657256,1657261,1657636,1657638,1657685,1657881,1657897,1658760,1658765,1661067,1661258,1661448,1661464,1661486,1662245-1662246,1662437,1663017,1663647,1664071,1664133,1664205,1664299,1664565,1664709,1665215-1665216,1665218,1665625,1665643,1665721,1666297,1666361,1666363,1666415,1666417,1666468,1666617-1666618,1666998,1667385-1667386,1667676,1667707,1668532,1668535,1668553,1669130,1669289,1669292,1670434,1671364,1671396-1671397,1671918,1672289,1672453,1672466,1672480,1672483,1672564,1672757,1672985,1672989,1673113,1673155,1673368,1673455,1673769,1674056,1674538,1674542,1674606,1674632,1674697,1675103,1675410,1675533,1676085,1676654,1676709,1676842,1677096,1677143-1677146,1677149,1677151,1677153-1677
>> 156,1677159,1677339,1677462,1677702,1677830,1677832,1677834-1677835,1678763,1679032,1679181-1679182,1679192,1679428,1679432,1679470,1679620,1679712,1680276,1680895,1680900,1680942,1681037,1681424,1681440,1681685,1681694,1681795,1682482,1682816,1682819,1682907,1682923,1682937,1682979,1682988,1683044,1683047,1683123,1683881,1683884,1684057,1684171,1684636,1684900,1685069,1685339,1685345,1685347,1685349-1685350,1685650,1685659,1685779,1686085,1686853,1686856,1687539,1687680,1687980,1688274,1688331,1688339-1688341,1688343,1688399,1688474-1688475,1688536,1688538,1688660,1689325,1689605,1689694,1689698,1690120,1690137,1690248,1691374,1691582,1691592,1691819,1691908,1692285,1692432,1692486,1692516,1693792,1693918-1693919,1693963,1694903,1694936,1694950-1694951,1695170,1695727,1695874,1695885,1695920,1696105,1696264,1696266,1696279,1696428,1696442,1696565,1696592,1696607,1696755,1696881,1697013,1697015,1697051,1697323,1697339,1697370,1697389,1697446,1697543,1697634,1697855,1698023,1698103,1
>> 698107,1698116,1698133,1698330,1698334,1700271,1700275,1700317-1700322,1700326,1700328,1700330-1700332,1700334,1700336,1700338,1700418,1700514,1700777,1700851,1700917,1700925,1700968,1701005,1701145,1701178,1701204,1701347,1701436,1701545,1701717,1702643,1702919,1702948,1703152,1703241,1703248,1703417,1703642,1703807,1703813,1703822,1703871,1703902,1703952,1704099,1704241,1704262,1704797,1704799,1704826,1705099,1705134,1705194,1705217,1705257,1705749,1705776,1705823,1705826,1705828,1705833,1705922,1705983,1706275,1706523,1706595,1706627,1706635,1706637,1706640,1706918,1706942,1706989,1707002,1707230-1707231,1707497,1707512,1707519,1707591,1707626-1707627,1707640,1707831,1707883,1707889,1708107,1709008,1709587,1709596,1709602,1709995,1710095,1710105,1710231,1710380,1710391,1710403,1710419,1710572,1710583,1710723,1711479,1711553,1711648,1711728,1711902,1712382,1713040,1713043,1713209,1713937,1715023,1715255,1715273,1715567-1715568,1715570-1715572,1715576,1715581-1715585,1715886,171621
>> 1,1716388,1716460,1716487,1716660,1716940,1717063,1717086,1717639,1717816,1717934,1717958,1717975,1717985,1718314,1718338,1718400,1718476,1718496,1718514,1718556,1718569,1718598,1719016,1719018,1719189-1719190,1719252,1719254-1719255,1719257,1719967,1720129,1720996,1721313,1721685,1721899,1722137,1722154,1722177,1722195,1722229,1722320,1722328,1722334,1722350-1722351,1722358,1722377,1722572,1722701,1723122,1723143,1723284,1723295,1723522,1723567,1723953,1724847,1724857,1724879,1724992-1724993,1724995,1725018,1725031,1725090,1725120,1725149,1725325,1725328,1725387,1725392,1725394-1725395,1725445,1725468,1725485,1725489,1725498-1725499,1725516,1725523,1725545,1725567,1725581,1725602,1725822,1725940,1725967,1726009,1726026,1726038,1726049,1726051-1726052,1726055,1726086,1726167,1726233,1726675,1726705,1726798,1726881,1726888,1727071,1727111,1727317,1727544,1727573,1727603,1727842,1728326,1728804,1729208,1729235,1729374,1729376,1729826,1729847,1729929-1729931,1729960,1730079,1730297,173
>> 0640,1730723,1730865,1731929,1732228,1732252,1732353,1732369,1732716,1732954,1732986,1733056,1733064,1733068,1733088-1733089,1733275,1733523,1733537-1733538,1733691,1734006,1734125,1734239,1734294,1734412,1734561,1734635,1734807,1734817,1734947,1734955,1734989,1735088,1735159,1735337,1735608-1735609,1735611,1735668,1735786,1735891,1735906,1735931,1735935,1735942,1735952,1736156,1736186,1736243,1736250,1736463,1736681,1736686,1737006,1737014,1737020-1737021,1737102,1737114,1737125,1737254,1737256,1737265,1737447,1737449,1737451,1737476,1738217,1738331,1738333,1738464,1738466,1738486,1738563,1738628,1738631,1738633,1738635,1739008,1739146,1739151,1739193,1739201,1739303,1739312,1739738,1739932,1740075,1740084,1740108,1740110,1740155,1740735,1740910,1740928,1740960,1740967,1740987,1740998,1741045,1741065,1741112,1741115,1741268,1741277,1741310,1741392,1741414,1741446,1741461,1741557,1741564,1741570,1741596,1741621,1741648,1741934,1742005,1742135,1742260,1742359,1742444-1742447,1742460,
>> 1742697,1742791-1742792,1743335,1743512,1743517,1743699,1743788,1743816,1744203-1744204,1744206,1744283,1744415,1744421,1744458-1744459,1744712,1744751,1744767,1744778,1744980,1745034,1745039,1745175,1745767,1745835,1745863-1745864,1746207,1746647,1746988,1747170,1747469,1747531,1747550,1747735,1747808,1747810,1747946,1748047,1748155,1748368,1748448,1748531,1748653,1748888,1749151,1749401-1749404,1749505,1749658-1749659,1749676,1749678,1749695,1749924-1749925,1750043,1750218,1750335,1750392,1750407,1750412,1750416,1750420,1750474,1750494,1750507-1750508,1750553,1750567,1750750,1750779,1750854-1750855,1750947,1750955,1750960,1751970,1752087,1752096,1752145,1752331-1752333,1752347,1752415,1753167,1753224,1753228-1753229,1753257,1753315-1753316,1753498,1753541,1753592,1753594,1753777,1754129,1754164,1754391,1754399,1754414,1754534,1755323,1756038,1756542,1756553,1756611,1756631,1756844,1756846,1756848,1756852-1756853,1756976,1757009-1757011,1757029-1757031,1757061,1757147,1757524,17575
>> 34,1757540,1757662-1757663,1757985,1758003,1758083,1758307-1758311,1758446,1758558,1759415,1759984,1760018,1761434,1761477,1761479,1761548,1761714,1761824,1762512,1762515,1762517,1762580,1762701-1762703,1762718,1762723,1762742-1762743,1763158,1763246,1763613,1764005,1764040,1764046,1764236,1764243,1764255,1765318,1765328,1765357,1765420,1766097,1766129,1766160,1766308,1766424,1766691,1766851,1766857,1766998,1767128,1767180-1767181,1767553,1767564,1767803,1767936,1768160,1768245,1769192,1769332,1769550,1769593,1769596,1769600,1769718,1770395,1770750,1770752,1770768,1770771,1770828,1770951,1770998,1771001,1771015,1771789,1771791,1771827,1772339,1772489,1772504,1772576,1772812-1772813,1772919,1773159,1773162,1773293,1773346,1773397,1773761,1773779,1773812,1773861-1773862,1773865,1774008,1774018,1774023,1774068-1774069,1774286,1774288,1774538,1774541,1774602,1774609,1775173,1775195,1775199,1775487,1775664,1775770,1775775,1775813,1775833,1775858,1775944,1775946,1776458-1776459,1776463,17
>> 76575,1776578,1776624,1776627,1776674,1776734-1776735,1776738,1776740,1776956,1777160,1777324,1777354,1777460,1777556-1777557,1777593-1777594,1777672,1777923,1778268,1778319,1778331,1778350,1778630,1779077,1779091,1779111,1779354,1779459,1779525,1779528,1779573-1779574,1779623,1779699,1779738,1779743,1779896,1779972,1779979,1780095,1780159,1780308,1780328-1780329,1780576,1780596,1780598,1780725,1780971,1781030-1781031,1781187,1781190,1781304,1781312-1781313,1781324,1781328-1781329,1781509,1781516,1781575,1781577,1781580,1781687,1781701,1782164,1782166,1782193-1782194,1782323,1782418-1782419,1782482,1782532,1782875,1782944,1782958,1782975,1783056,1783305,1783722-1783723,1783764-1783765,1783770,1783842,1783849,1784002,1784203,1784205,1784227-1784228,1784275,1784318,1784366,1784372,1784571,1785115,1785672,1785683,1785752-1785753,1785871,1785907,1785943,1786009,1786110,1786119,1786512,1786575-1786576,1786715,1787051,1787053,1787141,1787525,1787553,1787604,1788032-1788033,1788040,1788430
>> ,1788451,1788508,1788672,1788674,1788981,1788996,1788998,1789000,1789220-1789221,1789224,1789276,1789279,1789387,1789395,1789520,1789535,1789692,1789740,1789800,1790102,1790113,1790169,1790284,1790457,1790691,1790754,1790826-1790827,1790842,1790850,1790852-1790853,1790855,1790860,1790973,1790978,1791377,1791388,1791400,1791669,1791773,1791790,1791975,1792092,1792195,1792212,1792589,1792675,1793525,1793533,1793932,1794049,1795635,1795651,1795830,1795834,1795931,1796343,1796348,1796350,1796446,1796493,1796864,1797550,1797745,1797844,1798785,1799341,1799435,1799437,1799784,1799786,1800126,1800173,1800306,1800393,1800594,1800689,1800788,1800809,1800815,1800817,1800819,1800830,1800833,1800917,1800919,1800978,1801143-1801144,1801148,1801456,1801594,1801665,1801994-1801995,1802040,1802305,1802309,1802336,1802535,1802618,1802845,1802875,1803392,1803396,1803398,1803420,1803454,1804090,1804096,1804530-1804531,1804542,1804545,1804671,1804759,1804787,1804975,1805099,1805163,1805180,1805188,1805
>> 190,1805192,1805194-1805195,1805206,1805256,1805294,1805322,1805373,1805490,1806939,1806985,1807228,1807238,1807347,1807577,1807593,1807655,1807774,1807777,1807876,1808005,1808008,1808014,1808085,1808092,1808100,1808230,1808241-1808243,1808249,1808444,1808671,1808723,1808746,1808780,1809028,1809135,1809209,1809273,1809302-1809303,1809305,1809311,1809314,1809713,1809719,1809881,1809888,1809973,1809976,1809981,1810088-1810089,1810358,1810362-1810363,1810365,1810447,1810723,1811082,1811192,1811285,1811540-1811541,1811569-1811570,1811649,1811664,1811744,1811812,1811976,1812004,1812075,1812193,1812263,1812301,1812307,1812332,1812517-1812518,1812756,1812999,1813116,1813642-1813643,1813991,1814118,1814465,1814719-1814720,1814939,1814968,1815004-1815005,1815078,1815264,1815370,1815483,1816055,1816110,1816154,1816156,1816179,1816534,1816552,1816558,1816619,1816919,1816922,1816970,1817023,1817131,1817175,1817598,1817777,1817785,1818013,1818040,1818120,1818122,1818278-1818280,1818308,1818624,1
>> 818725,1818792,1818802,1818804,1818825,1818849,1818924,1818951,1818958,1818960,1819027,1819214,1819847-1819848,1819852-1819853,1819855,1819969-1819970,1820035,1820101,1820464,1820808-1820809,1821095,1821371,1821374,1821504-1821505,1821558,1821561-1821562,1821595,1821624-1821627,1821629,1821632,1821635,1821639,1821644,1821647-1821651,1821659-1821660,1821767,1822305,1822366-1822367,1822502-1822503,1822509,1822511,1822537,1822624,1822849,1822858,1822878-1822879,1822883,1822931,1823047,1823179,1823412,1823415-1823416,1823482,1823564,1823572,1823575,1823886,1824176,1824303,1824332,1824336,1824343,1824381,1824390,1824454,1824460,1824463-1824464,1824482,1824497,1824811,1824862,1824877,1824973,1825147,1825169,1825368,1825370,1825467,1825504,1826207,1826556,1826686-1826687,1826845,1826847,1826973,1826995,1827001,1827166,1827196,1827362,1827366,1827374,1827599,1827604,1827654,1827671,1827783,1827865,1828210,1828232,1828390,1828485,1828493,1828669,1828687,1828879,1828890,1828912,1828920,182892
>> 6-1828927,1829038-1829039,1829513,1829557,1829573,1829645,1829657,1830523,1830562,1830744,1830746,1830943-1830944,1831231,1831591,1831772,1831800,1832198,1832200,1832277,1832280,1832317,1832351,1832500,1832580-1832581,1832934,1832937,1832951,1832991,1833014,1833827,1833875-1833876,1834012-1834013,1834209,1834226,1834318,1834470,1835094,1835118,1835287,1836095,1836154,1836276,1836287,1836381-1836383,1836386,1836469,1836603,1837130,1837357,1837588-1837590,1837595,1838937,1839780,1840010,1840582,1840776
>> +/httpd/httpd/trunk:1200475,1200478,1200482,1200491,1200496,1200513,1200550,1200556,1200580,1200605,1200612,1200614,1200639,1200646,1200656,1200667,1200679,1200699,1200702,1200955,1200957,1200961,1200963,1200968,1200975,1200977,1201032,1201042,1201111,1201194,1201198,1201202,1201443,1201450,1201460,1201956,1202236,1202453,1202456,1202886,1203400,1203491,1203632,1203714,1203859,1203980,1204630,1204968,1204990,1205061,1205075,1205379,1205885,1206291,1206472,1206587,1206850,1206940,1206978,1207719,1208753,1208835,1209053,1209085,1209417,1209432,1209461,1209601,1209603,1209618,1209623,1209741,1209754,1209766,1209776,1209797-1209798,1209811-1209812,1209814,1209908,1209910,1209913,1209916-1209917,1209947,1209952,1210067,1210080,1210120,1210124,1210130,1210148,1210219,1210221,1210252,1210284,1210336,1210378,1210725,1210892,1210951,1210954,1211351-1211352,1211364,1211490,1211495,1211528,1211663,1211680,1212872,1212883,1213338,1213380-1213381,1213391,1213399,1213567,1214003,1214005,1214015,12
>> 15514,1220462,1220467,1220493,1220524,1220570,1220768,1220794,1220826,1220846,1221205,1221292,1222335,1222370,1222473,1222915,1222917,1222921,1222930,1223048,1225060,1225197-1225199,1225223,1225380,1225476,1225478,1225791,1225795-1225796,1226339,1226375,1227910,1228700,1228816,1229024,1229059,1229099,1229116,1229134,1229136,1229930,1230286,1231255,1231257,1231442,1231446,1231508,1231510,1231518,1232575,1232594,1232630,1232838,1234180,1234297,1234479,1234511,1234565,1234574,1234642-1234643,1234876,1234899,1235019,1236122,1236701,1237407,1238545,1238768,1239029-1239030,1239071,1239565,1240315,1240470,1240778,1241069,1241071,1242089,1242798,1242967,1243176,1243246,1243797,1243799,1244211,1245717,1290823,1290835,1291819-1291820,1291834,1291840,1292043,1293405,1293534-1293535,1293658,1293678,1293708,1294306,1294349,1294356,1294358,1294372,1294471,1297560,1299718,1299786,1300766,1301111,1301725,1302444,1302483,1302653,1302665,1302674,1303201,1303435,1303827,1304087,1304874-1304875,1305167
>> ,1305586,1306350,1306409,1306426,1306841,1307790,1308327,1308459,1309536,1309567,1311468,1324760,1325218,1325227,1325250,1325265,1325275,1325632,1325724,1326980,1326984,1326991,1327689,1328325-1328326,1328339,1328345,1328950,1330189,1330964,1331110,1331115,1331942,1331977,1332378,1333969,1334343,1335882,1337344,1341905-1341906,1341913,1341930,1342065,1343085,1343087,1343094,1343099,1343109,1343935,1344712,1345147,1345319,1345329,1346905,1347980,1348036,1348653,1348656,1348660,1349905,1351012-1351020,1351071-1351072,1351074,1351737,1352047,1352534,1352909-1352912,1357685,1358061,1359057,1359881,1359884,1361153,1361298,1361766,1361773,1361778,1361784,1361791-1361792,1361801,1361803,1362020,1362538,1362707,1363035,1363183,1363186,1363312,1363440,1363557,1363589,1363829,1363832,1363836-1363837,1363853,1364133,1364138,1364229,1364601,1364695,1365001,1365020,1365029,1365479,1366319,1366344,1366621,1367778,1367819,1368053,1368058,1368094,1368121,1368131,1368393,1368396,1369419,1369568,1369
>> 604,1369618,1369904,1369995,1369999,1370001,1370466,1370592,1370615-1370616,1370763,1371387,1371791,1371801,1371878,1371903,1373270,1373447,1373898,1373955,1374157,1374199,1374214,1374216,1374247,1374874,1374877,1374880,1375006,1375009,1375011,1375013,1375445,1375584,1376695,1376700,1378178,1383490,1384408,1384913,1386576,1386578,1386726,1386822,1386880,1386913,1387085,1387088,1387110,1387389,1387444,1387603,1387607,1387633,1387693,1387979,1388029,1388445,1388447,1388648,1388660,1388825,1388899,1389316,1389339,1389481,1389506,1389564,1389566-1389569,1390562,1390564,1391396,1391398,1391771,1392120,1392122,1392150,1392214,1392345-1392347,1392850,1393033,1393058,1393152,1393338,1393564,1394079,1395225,1395253-1395256,1395792,1396440,1397172,1397320,1397636,1397687,1397710,1397716,1398025,1398040,1398066,1398478,1398480-1398481,1398970,1399413,1399687,1399708,1400700,1401448,1402924,1403476,1403483,1403492,1404653,1405407,1405856,1405973,1406068,1406493,1406495,1406616,1406646,1406760,1
>> 407004,1407006,1407085,1407088,1407248,1407381,1407459-1407460,1407528,1407853,1407965,1408093,1408402,1408958,1408961,1409170,1409437,1409726,1409800,1410681,1410954,1411862,1412278,1413732,1414094,1415008,1415023,1415075,1416121,1416150,1416278,1417197,1417440,1417529,1418524,1418556,1418648,1418655,1418703,1418721,1418752,1418761,1418765,1418769,1419084,1419719,1419726,1419755,1419781,1419796,1420120,1420124,1420149,1420184,1420644,1420685-1420686,1420975,1421288,1421323,1421851,1421912,1421953,1422135,1422549,1422594,1422712,1422855,1422937,1422943,1422980,1423353,1423933,1425360,1425771-1425772,1425775,1425777,1425874,1426850,1426975,1427546,1428184,1428280,1428916,1429228,1429559,1429561,1429564,1429582,1430575,1430814,1430869,1433001,1433613,1433682,1433861,1433988,1435178,1435811,1436058,1436401,1439083,1439106,1439114,1439404,1439623,1442309,1442320,1442326,1442412,1442759,1442865,1447993,1448171,1448453,1451478,1451484,1451633,1451830,1451849,1451905,1451921,1452128,145219
>> 5,1452259,1452281,1452551,1452911,1452949,1452954,1453022,1453574,1453604,1453875-1453876,1453963,1453981,1454386,1454414-1454415,1454888,1457437,1457450,1457471,1457504,1457520-1457521,1457610,1457995,1458003-1458004,1458020,1458285,1458447,1458456,1462266,1462269,1462643,1463044-1463047,1463049,1463052,1463056,1463455,1463736,1463750,1463754,1464675,1464721,1464762,1465115-1465116,1465190,1467593,1467765,1468581,1470183,1470679,1470940,1471449,1475878,1476604,1476621,1476642,1476644-1476645,1476652,1476680,1477094,1477530,1478382,1478748,1479117,1479216,1479222,1479411,1479528,1479905,1479966,1480046,1480627,1481197,1481302,1481306,1481396-1481397,1481891,1482041,1482075,1482170,1482555,1482859,1482996,1483005,1483027,1483190,1484343,1484398,1484832,1484910,1484914,1485409,1485668,1486490,1487528,1487530,1487775,1488158,1488164,1488296,1488471,1488492,1488644,1490294,1490493,1490507,1490550,1490761,1490994,1491155,1491221,1491234,1491458,1491479,1491538,1491564,1491724,1492395,149
>> 2663,1492710,1492782,1493257,1493330,1493921,1493925,1494532,1494536,1495501,1496194,1496338,1496429,1496709,1497371,1497588,1498880,1499679,1500323,1500345,1500362,1500423,1500437,1500483,1500519,1501294,1501369,1501399,1501827,1501913,1502665,1502772,1503680,1503866,1503990-1503991,1504276,1506474,1506714,1509872,1509983,1510084-1510085,1510098,1510295,1510588,1510707,1511093,1513492,1513508,1514039,1514064,1514214-1514215,1514255,1514267,1514617,1515050,1515162,1515403,1515411,1515420,1517025,1517045,1517175,1517366,1517386,1517388,1518265,1518269,1519475,1520368,1520445,1520760,1520908,1521909,1523235,1523239,1523281,1523387,1524101,1524158,1524192,1524368,1524388,1524770,1525276,1525280-1525281,1525931,1526168,1526189,1526647,1526666,1527008,1527220,1527291,1527294-1527295,1527509,1527925-1527926,1528143,1528718,1529014,1529277,1529449,1529559,1529988,1529991,1530793,1531340,1531370,1531505,1531672,1531961-1531962,1532281,1532289,1532746,1532816,1533065,1533224,1533810,1533935,
>> 1534321,1534754,1534890,1534892,1534895-1534896,1534914,1536310,1537535,1537718,1538490,1540051-1540052,1541181,1541270,1541368,1542338,1542379,1542533,1542562,1542615,1543020,1543147,1543149,1543174,1544381,1544774,1544784,1544812,1544820,1545286,1545292,1545325,1545364,1545408,1545411,1546692-1546693,1546730,1546759-1546760,1546801,1546804-1546805,1546835-1546836,1546860,1547845,1550061,1550302,1550307,1551611,1551685,1551714,1551802,1552130,1552227,1553204,1553824,1554161,1554168,1554170,1554175-1554176,1554179,1554181,1554184,1554188,1554192,1554195,1554276,1554281,1554300-1554301,1554994-1554995,1555240,1555259,1555266,1555423-1555424,1555463-1555464,1555467,1555555,1555569,1555631,1556206,1556428,1556473,1556911-1556912,1556914,1556937,1557317,1557617,1558483,1559351,1559828,1560367,1560546,1560679,1560689,1560729,1560977,1560979,1561137,1561262,1561385,1561660,1561923,1562472,1563193,1563379,1563381,1563417-1563418,1563420,1564052,1564437,1564475,1564756,1564760,1565081,15657
>> 11,1568404,1569615,1570288,1570598,1571369,1572092,1572198,1572543,1572561,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572905,1572911,1572967,1573224,1573229,1573626,1574151,1575400,1576233,1576741,1578760,1578762,1580568,1580928,1580935,1583005,1583007-1583008,1583027,1583175,1583191,1584098,1584417,1584430,1584434,1584572,1584653,1584658,1584665,1584703,1584878,1584884,1584896,1585054,1585072,1585090,1585157,1585435,1585609,1585824,1585918-1585919,1586745,1586827,1587036,1587040,1587053,1587255,1587594,1587607,1587639,1587654,1588054,1588065,1588213,1588330,1588427,1588519,1588527,1588704,1588806,1588851,1588853,1588868,1589413,1590437,1590509,1591143,1591320,1591322,1591328,1591390,1591394,1591401,1591472,1591508,1592032,1592037,1592500,1592511,1592514,1592529,1592615,1592632,1593745,1594625,1594643,1594648,1595305,1595321,1595426,1597182,1597349,1597352,1597533,1597639,1597642,1598107,1598946,1599012,1599535,1601076,1601184-1601185,1601274,1601291,1601559,1601624,16
>> 01630,1601919,1601995,1602338,1602978,1602989,1603027,1603029,1603122,1603156,1603915,1604382,1604461,1604631,1605207,1605328,1605827,1605829,1607960,1608284,1608785,1608999,1609914,1609936,1609938,1610207,1610311,1610353,1610366,1610491,1610652,1610674,1611165,1611169,1611244,1611600,1611871,1611978,1612068,1615026,1615289,1617018,1617913,1618401,1618541,1618555,1619297,1619383,1619444,1619483,1619835,1620324,1620461,1620932,1621367,1621372,1621417,1621453,1621806,1622450,1624234,1624349,1625196,1625952,1626050,1626956,1626978,1628104,1628388,1628918-1628919,1628924,1628950,1629235,1629239,1629244,1629250,1629372,1629440-1629441,1629485,1629507-1629508,1629519,1629576-1629577,1629652,1629916,1631885,1632454,1632740,1632742,1633730-1633731,1633793,1634120,1634237,1634425,1634736,1634836,1635510,1635558,1635644-1635645,1635762,1637112,1638072-1638073,1638879,1639614,1640031,1640036,1640040,1640042,1640331,1641077,1641095,1641376,1642099,1642484,1642499,1642847,1642868,1643034,1643279
>> ,1643284,1643537,1643825,1644245,1646282,1646724,1647035,1648201,1648394,1648433,1648719,1648840,1649001,1649043,1649491,1649632,1649966,1650047,1650061,1650309-1650310,1650320,1651088,1652829,1652929,1652931,1652955,1652982,1652985,1652989,1653941,1653978,1653997,1656225,1656549,1656669,1657256,1657261,1657636,1657638,1657685,1657881,1657897,1658760,1658765,1661067,1661258,1661448,1661464,1661486,1662245-1662246,1662437,1663017,1663647,1664071,1664133,1664205,1664299,1664565,1664709,1665215-1665216,1665218,1665625,1665643,1665721,1666297,1666361,1666363,1666415,1666417,1666468,1666617-1666618,1666998,1667385-1667386,1667676,1667707,1668532,1668535,1668553,1669130,1669289,1669292,1670434,1671364,1671396-1671397,1671918,1672289,1672453,1672466,1672480,1672483,1672564,1672757,1672985,1672989,1673113,1673155,1673368,1673455,1673769,1674056,1674538,1674542,1674606,1674632,1674697,1675103,1675410,1675533,1676085,1676654,1676709,1676842,1677096,1677143-1677146,1677149,1677151,1677153-1677
>> 156,1677159,1677339,1677462,1677702,1677830,1677832,1677834-1677835,1678763,1679032,1679181-1679182,1679192,1679428,1679432,1679470,1679620,1679712,1680276,1680895,1680900,1680942,1681037,1681424,1681440,1681685,1681694,1681795,1682482,1682816,1682819,1682907,1682923,1682937,1682979,1682988,1683044,1683047,1683123,1683881,1683884,1684057,1684171,1684636,1684900,1685069,1685339,1685345,1685347,1685349-1685350,1685650,1685659,1685779,1686085,1686853,1686856,1687539,1687680,1687980,1688274,1688331,1688339-1688341,1688343,1688399,1688474-1688475,1688536,1688538,1688660,1689325,1689605,1689694,1689698,1690120,1690137,1690248,1691374,1691582,1691592,1691819,1691908,1692285,1692432,1692486,1692516,1693792,1693918-1693919,1693963,1694903,1694936,1694950-1694951,1695170,1695727,1695874,1695885,1695920,1696105,1696264,1696266,1696279,1696428,1696442,1696565,1696592,1696607,1696755,1696881,1697013,1697015,1697051,1697323,1697339,1697370,1697389,1697446,1697543,1697634,1697855,1698023,1698103,1
>> 698107,1698116,1698133,1698330,1698334,1700271,1700275,1700317-1700322,1700326,1700328,1700330-1700332,1700334,1700336,1700338,1700418,1700514,1700777,1700851,1700917,1700925,1700968,1701005,1701145,1701178,1701204,1701347,1701436,1701545,1701717,1702643,1702919,1702948,1703152,1703241,1703248,1703417,1703642,1703807,1703813,1703822,1703871,1703902,1703952,1704099,1704241,1704262,1704797,1704799,1704826,1705099,1705134,1705194,1705217,1705257,1705749,1705776,1705823,1705826,1705828,1705833,1705922,1705983,1706275,1706523,1706595,1706627,1706635,1706637,1706640,1706918,1706942,1706989,1707002,1707230-1707231,1707497,1707512,1707519,1707591,1707626-1707627,1707640,1707831,1707883,1707889,1708107,1709008,1709587,1709596,1709602,1709995,1710095,1710105,1710231,1710380,1710391,1710403,1710419,1710572,1710583,1710723,1711479,1711553,1711648,1711728,1711902,1712382,1713040,1713043,1713209,1713937,1715023,1715255,1715273,1715567-1715568,1715570-1715572,1715576,1715581-1715585,1715886,171621
>> 1,1716388,1716460,1716487,1716660,1716940,1717063,1717086,1717639,1717816,1717934,1717958,1717975,1717985,1718314,1718338,1718400,1718476,1718496,1718514,1718556,1718569,1718598,1719016,1719018,1719189-1719190,1719252,1719254-1719255,1719257,1719967,1720129,1720996,1721313,1721685,1721899,1722137,1722154,1722177,1722195,1722229,1722320,1722328,1722334,1722350-1722351,1722358,1722377,1722572,1722701,1723122,1723143,1723284,1723295,1723522,1723567,1723953,1724847,1724857,1724879,1724992-1724993,1724995,1725018,1725031,1725090,1725120,1725149,1725325,1725328,1725387,1725392,1725394-1725395,1725445,1725468,1725485,1725489,1725498-1725499,1725516,1725523,1725545,1725567,1725581,1725602,1725822,1725940,1725967,1726009,1726026,1726038,1726049,1726051-1726052,1726055,1726086,1726167,1726233,1726675,1726705,1726798,1726881,1726888,1727071,1727111,1727317,1727544,1727573,1727603,1727842,1728326,1728804,1729208,1729235,1729374,1729376,1729826,1729847,1729929-1729931,1729960,1730079,1730297,173
>> 0640,1730723,1730865,1731929,1732228,1732252,1732353,1732369,1732716,1732954,1732986,1733056,1733064,1733068,1733088-1733089,1733275,1733523,1733537-1733538,1733691,1734006,1734125,1734239,1734294,1734412,1734561,1734635,1734807,1734817,1734947,1734955,1734989,1735088,1735159,1735337,1735608-1735609,1735611,1735668,1735786,1735891,1735906,1735931,1735935,1735942,1735952,1736156,1736186,1736243,1736250,1736463,1736681,1736686,1737006,1737014,1737020-1737021,1737102,1737114,1737125,1737254,1737256,1737265,1737447,1737449,1737451,1737476,1738217,1738331,1738333,1738464,1738466,1738486,1738563,1738628,1738631,1738633,1738635,1739008,1739146,1739151,1739193,1739201,1739303,1739312,1739738,1739932,1740075,1740084,1740108,1740110,1740155,1740735,1740910,1740928,1740960,1740967,1740987,1740998,1741045,1741065,1741112,1741115,1741268,1741277,1741310,1741392,1741414,1741446,1741461,1741557,1741564,1741570,1741596,1741621,1741648,1741934,1742005,1742135,1742260,1742359,1742444-1742447,1742460,
>> 1742697,1742791-1742792,1743335,1743512,1743517,1743699,1743788,1743816,1744203-1744204,1744206,1744283,1744415,1744421,1744458-1744459,1744712,1744751,1744767,1744778,1744980,1745034,1745039,1745175,1745767,1745835,1745863-1745864,1746207,1746647,1746988,1747170,1747469,1747531,1747550,1747735,1747808,1747810,1747946,1748047,1748155,1748368,1748448,1748531,1748653,1748888,1749151,1749401-1749404,1749505,1749658-1749659,1749676,1749678,1749695,1749924-1749925,1750043,1750218,1750335,1750392,1750407,1750412,1750416,1750420,1750474,1750494,1750507-1750508,1750553,1750567,1750750,1750779,1750854-1750855,1750947,1750955,1750960,1751970,1752087,1752096,1752145,1752331-1752333,1752347,1752415,1753167,1753224,1753228-1753229,1753257,1753315-1753316,1753498,1753541,1753592,1753594,1753777,1754129,1754164,1754391,1754399,1754414,1754534,1755323,1756038,1756542,1756553,1756611,1756631,1756844,1756846,1756848,1756852-1756853,1756976,1757009-1757011,1757029-1757031,1757061,1757147,1757524,17575
>> 34,1757540,1757662-1757663,1757985,1758003,1758083,1758307-1758311,1758446,1758558,1759415,1759984,1760018,1761434,1761477,1761479,1761548,1761714,1761824,1762512,1762515,1762517,1762580,1762701-1762703,1762718,1762723,1762742-1762743,1763158,1763246,1763613,1764005,1764040,1764046,1764236,1764243,1764255,1765318,1765328,1765357,1765420,1766097,1766129,1766160,1766308,1766424,1766691,1766851,1766857,1766998,1767128,1767180-1767181,1767553,1767564,1767803,1767936,1768160,1768245,1769192,1769332,1769550,1769593,1769596,1769600,1769718,1770395,1770750,1770752,1770768,1770771,1770828,1770951,1770998,1771001,1771015,1771789,1771791,1771827,1772339,1772489,1772504,1772576,1772812-1772813,1772919,1773159,1773162,1773293,1773346,1773397,1773761,1773779,1773812,1773861-1773862,1773865,1774008,1774018,1774023,1774068-1774069,1774286,1774288,1774538,1774541,1774602,1774609,1775173,1775195,1775199,1775487,1775664,1775770,1775775,1775813,1775833,1775858,1775944,1775946,1776458-1776459,1776463,17
>> 76575,1776578,1776624,1776627,1776674,1776734-1776735,1776738,1776740,1776956,1777160,1777324,1777354,1777460,1777556-1777557,1777593-1777594,1777672,1777923,1778268,1778319,1778331,1778350,1778630,1779077,1779091,1779111,1779354,1779459,1779525,1779528,1779573-1779574,1779623,1779699,1779738,1779743,1779896,1779972,1779979,1780095,1780159,1780308,1780328-1780329,1780576,1780596,1780598,1780725,1780971,1781030-1781031,1781187,1781190,1781304,1781312-1781313,1781324,1781328-1781329,1781509,1781516,1781575,1781577,1781580,1781687,1781701,1782164,1782166,1782193-1782194,1782323,1782418-1782419,1782482,1782532,1782875,1782944,1782958,1782975,1783056,1783305,1783722-1783723,1783764-1783765,1783770,1783842,1783849,1784002,1784203,1784205,1784227-1784228,1784275,1784318,1784366,1784372,1784571,1785115,1785672,1785683,1785752-1785753,1785871,1785907,1785943,1786009,1786110,1786119,1786512,1786575-1786576,1786715,1787051,1787053,1787141,1787525,1787553,1787604,1788032-1788033,1788040,1788430
>> ,1788451,1788508,1788672,1788674,1788981,1788996,1788998,1789000,1789220-1789221,1789224,1789276,1789279,1789387,1789395,1789520,1789535,1789692,1789740,1789800,1790102,1790113,1790169,1790284,1790457,1790691,1790754,1790826-1790827,1790842,1790850,1790852-1790853,1790855,1790860,1790973,1790978,1791377,1791388,1791400,1791669,1791773,1791790,1791975,1792092,1792195,1792212,1792589,1792675,1793525,1793533,1793932,1794049,1795635,1795651,1795830,1795834,1795931,1796343,1796348,1796350,1796446,1796493,1796864,1797550,1797745,1797844,1798785,1799341,1799435,1799437,1799784,1799786,1800126,1800173,1800306,1800393,1800594,1800689,1800788,1800809,1800815,1800817,1800819,1800830,1800833,1800917,1800919,1800978,1801143-1801144,1801148,1801456,1801594,1801665,1801994-1801995,1802040,1802305,1802309,1802336,1802535,1802618,1802845,1802875,1803392,1803396,1803398,1803420,1803454,1804090,1804096,1804530-1804531,1804542,1804545,1804671,1804759,1804787,1804975,1805099,1805163,1805180,1805188,1805
>> 190,1805192,1805194-1805195,1805206,1805256,1805294,1805322,1805373,1805490,1806939,1806985,1807228,1807238,1807347,1807577,1807593,1807655,1807774,1807777,1807876,1808005,1808008,1808014,1808085,1808092,1808100,1808230,1808241-1808243,1808249,1808444,1808671,1808723,1808746,1808780,1809028,1809135,1809209,1809273,1809302-1809303,1809305,1809311,1809314,1809713,1809719,1809881,1809888,1809973,1809976,1809981,1810088-1810089,1810358,1810362-1810363,1810365,1810447,1810723,1811082,1811192,1811285,1811540-1811541,1811569-1811570,1811649,1811664,1811744,1811812,1811976,1812004,1812075,1812193,1812263,1812301,1812307,1812332,1812517-1812518,1812756,1812999,1813116,1813642-1813643,1813991,1814118,1814465,1814719-1814720,1814939,1814968,1815004-1815005,1815078,1815264,1815370,1815483,1816055,1816110,1816154,1816156,1816179,1816534,1816552,1816558,1816619,1816919,1816922,1816970,1817023,1817131,1817175,1817598,1817777,1817785,1818013,1818040,1818120,1818122,1818278-1818280,1818308,1818624,1
>> 818725,1818792,1818802,1818804,1818825,1818849,1818924,1818951,1818958,1818960,1819027,1819214,1819847-1819848,1819852-1819853,1819855,1819969-1819970,1820035,1820101,1820464,1820808-1820809,1821095,1821371,1821374,1821504-1821505,1821558,1821561-1821562,1821595,1821624-1821627,1821629,1821632,1821635,1821639,1821644,1821647-1821651,1821659-1821660,1821767,1822305,1822366-1822367,1822502-1822503,1822509,1822511,1822537,1822624,1822849,1822858,1822878-1822879,1822883,1822931,1823047,1823179,1823412,1823415-1823416,1823482,1823564,1823572,1823575,1823886,1824176,1824303,1824332,1824336,1824343,1824381,1824390,1824454,1824460,1824463-1824464,1824482,1824497,1824811,1824862,1824877,1824973,1825147,1825169,1825368,1825370,1825467,1825504,1826207,1826556,1826686-1826687,1826845,1826847,1826973,1826995,1827001,1827166,1827196,1827362,1827366,1827374,1827599,1827604,1827654,1827671,1827783,1827865,1827912,1827924,1827992,1828210,1828222,1828232,1828390,1828485,1828493,1828669,1828687,182872
>> 0,1828723,1828790-1828792,1828879,1828890,1828912,1828920,1828926-1828927,1829038-1829039,1829513,1829557,1829573,1829645,1829657,1830523,1830562,1830744,1830746,1830943-1830944,1831231,1831591,1831772,1831800,1832198,1832200,1832277,1832280,1832317,1832351,1832500,1832580-1832581,1832934,1832937,1832951,1832991,1833014,1833588-1833589,1833827,1833875-1833876,1834012-1834013,1834209,1834226,1834318,1834470,1835094,1835118,1835287,1836095,1836154,1836276,1836287,1836381-1836383,1836386,1836469,1836603,1837130,1837357,1837588-1837590,1837595,1838937,1839780,1839920,1839946,1840010,1840582,1840585,1840710,1840776,1841218
>> 
>> Modified: httpd/httpd/branches/2.4.x/CHANGES
>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1841573&r1=1841572&r2=1841573&view=diff
>> ==============================================================================
>> --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
>> +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Sep 21 12:14:05 2018
>> @@ -1,6 +1,19 @@
>>                                                         -*- coding: utf-8 -*-
>> Changes with Apache 2.4.36
>> 
>> +  *) mod_ssl: add experimental support for TLSv1.3 (tested with OpenSSL v1.1.1-pre9. 
>> +     SSL(Proxy)CipherSuite now has an optional first parameter for the protocol the ciphers are for.
>> +     Directive "SSLVerifyClient" now triggers certificate retrieval from the client.
>> +     Verifying the client fails exactly the same for HTTP/2 connections for all SSL protocols,
>> +     as this would need to trigger the master connection thread - which we do not support
>> +     right now.
>> +     Renegotiation of ciphers is intentionally ignored for TLSv1.3 connections. "SSLCipherSuite"
>> +     does not allow to specify TLSv1.3 ciphers in a directory context (because it cannot work) and
>> +     TLSv1.2 or lower ciphers are not relevant for 1.3, as cipher suites are completely separate.
>> +     Sites which make use of such TLSv1.2 feature need to evaluate carefully if or how they 
>> +     can match their needs onto the TLSv1.3 protocol.
>> +     [Yann Ylavic, Stefan Eissing]
>> +
>>  *) mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces
>>     should be accepted after the authorization scheme. \t are also tolerated.
>>     [Christophe Jaillet]
>> 
>> Modified: httpd/httpd/branches/2.4.x/STATUS
>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1841573&r1=1841572&r2=1841573&view=diff
>> ==============================================================================
>> --- httpd/httpd/branches/2.4.x/STATUS (original)
>> +++ httpd/httpd/branches/2.4.x/STATUS Fri Sep 21 12:14:05 2018
>> @@ -124,26 +124,6 @@ RELEASE SHOWSTOPPERS:
>> PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
>>  [ start all new proposals below, under PATCHES PROPOSED. ]
>> 
>> -   *) Add TLSv1.3 support to mod_ssl:
>> -      trunk: http://svn.apache.org/r1839946
>> -             http://svn.apache.org/r1839920
>> -             http://svn.apache.org/r1833589
>> -             http://svn.apache.org/r1833588
>> -             http://svn.apache.org/r1828723
>> -             http://svn.apache.org/r1828720
>> -             http://svn.apache.org/r1828222
>> -             http://svn.apache.org/r1827992
>> -             http://svn.apache.org/r1827924
>> -             http://svn.apache.org/r1827912
>> -             http://svn.apache.org/r1828790
>> -             http://svn.apache.org/r1828791
>> -             http://svn.apache.org/r1828792
>> -             http://svn.apache.org/r1840585
>> -             http://svn.apache.org/r1840710
>> -             http://svn.apache.org/r1841218
>> -      2.4.x branch: svn merge ^/httpd/httpd/branches/tlsv1.3-for-2.4.x
>> -      +1: icing, jorton, minfrin (tested on openssl-1.0.2j and openssl-1.1.1)
>> -
>> 
>> 
>> PATCHES PROPOSED TO BACKPORT FROM TRUNK:
>> 
>> Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1841573&r1=1841572&r2=1841573&view=diff
>> ==============================================================================
>> --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
>> +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Fri Sep 21 12:14:05 2018
>> @@ -654,6 +654,11 @@ The available (case-insensitive) <em>pro
>>    A revision of the TLS 1.1 protocol, as defined in
>>    <a href="http://www.ietf.org/rfc/rfc5246.txt";>RFC 5246</a>.</p></li>
>> 
>> +<li><code>TLSv1.3</code> (when using OpenSSL 1.1.1 and later)
>> +    <p>
>> +    A new version of the TLS protocol, as defined in
>> +    <a href="https://github.com/tlswg/tls13-spec";>RFC TBD</a>.</p></li>
>> +
>> <li><code>all</code>
>>    <p>
>>    This is a shortcut for ``<code>+SSLv3 +TLSv1</code>'' or
>> @@ -674,7 +679,7 @@ SSLProtocol TLSv1
>> <name>SSLCipherSuite</name>
>> <description>Cipher Suite available for negotiation in SSL
>> handshake</description>
>> -<syntax>SSLCipherSuite <em>cipher-spec</em></syntax>
>> +<syntax>SSLCipherSuite [<em>protocol</em>] <em>cipher-spec</em></syntax>
>> <default>SSLCipherSuite DEFAULT (depends on OpenSSL version)</default>
>> <contextlist><context>server config</context>
>> <context>virtual host</context>
>> @@ -686,12 +691,25 @@ handshake</description>
>> <p>
>> This complex directive uses a colon-separated <em>cipher-spec</em> string
>> consisting of OpenSSL cipher specifications to configure the Cipher Suite the
>> -client is permitted to negotiate in the SSL handshake phase. Notice that this
>> -directive can be used both in per-server and per-directory context. In
>> -per-server context it applies to the standard SSL handshake when a connection
>> +client is permitted to negotiate in the SSL handshake phase. The optional 
>> +protocol specifier can configure the Cipher Suite for a specific SSL version.
>> +Possible values include "SSL" for all SSL Protocols up to and including TLSv1.2. 
>> +<p>
>> +Notice that this
>> +directive can be used both in per-server and per-directory context. 
>> +In per-server context it applies to the standard SSL handshake when a connection
>> is established. In per-directory context it forces a SSL renegotiation with the
>> reconfigured Cipher Suite after the HTTP request was read but before the HTTP
>> -response is sent.</p>
>> +response is sent. (Since renegotiation is not</p>
>> +<p>
>> +If the SSL library supports TLSv1.3 (OpenSSL 1.1.1 and later), the protocol 
>> +specifier "TLSv1.3" can be used to configure the cipher suites for that protocol.
>> +Since TLSv1.3 does not offer renegotiations, specifying ciphers for it in
>> +a directory context is not allowed.</p>
>> +<p>
>> +For a list of TLSv1.3 cipher names, see 
>> +<a href="https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html";>the OpenSSL
>> +documentation</a>.</p>
>> <p>
>> An SSL cipher specification in <em>cipher-spec</em> is composed of 4 major
>> attributes plus a few extra minor ones:</p>
>> @@ -2063,7 +2081,7 @@ for additional information.
>> <name>SSLProxyCipherSuite</name>
>> <description>Cipher Suite available for negotiation in SSL
>> proxy handshake</description>
>> -<syntax>SSLProxyCipherSuite <em>cipher-spec</em></syntax>
>> +<syntax>SSLProxyCipherSuite [<em>protocol</em>] <em>cipher-spec</em></syntax>
>> <default>SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP</default>
>> <contextlist><context>server config</context> <context>virtual host</context>
>> <context>proxy section</context></contextlist>
>> 
>> Modified: httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl.c?rev=1841573&r1=1841572&r2=1841573&view=diff
>> ==============================================================================
>> --- httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl.c (original)
>> +++ httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl.c Fri Sep 21 12:14:05 2018
>> @@ -93,9 +93,9 @@ static const command_rec ssl_config_cmds
>>    SSL_CMD_SRV(FIPS, FLAG,
>>                "Enable FIPS-140 mode "
>>                "(`on', `off')")
>> -    SSL_CMD_ALL(CipherSuite, TAKE1,
>> -                "Colon-delimited list of permitted SSL Ciphers "
>> -                "('XXX:...:XXX' - see manual)")
>> +    SSL_CMD_ALL(CipherSuite, TAKE12,
>> +                "Colon-delimited list of permitted SSL Ciphers, optional preceeded "
>> +                "by protocol identifier ('XXX:...:XXX' - see manual)")
>>    SSL_CMD_SRV(CertificateFile, TAKE1,
>>                "SSL Server Certificate file "
>>                "('/path/to/file' - PEM or DER encoded)")
>> @@ -185,9 +185,9 @@ static const command_rec ssl_config_cmds
>>    SSL_CMD_PXY(ProxyProtocol, RAW_ARGS,
>>               "SSL Proxy: enable or disable SSL protocol flavors "
>>                "('[+-][" SSL_PROTOCOLS "] ...' - see manual)")
>> -    SSL_CMD_PXY(ProxyCipherSuite, TAKE1,
>> +    SSL_CMD_PXY(ProxyCipherSuite, TAKE12,
>>               "SSL Proxy: colon-delimited list of permitted SSL ciphers "
>> -               "('XXX:...:XXX' - see manual)")
>> +               ", optionally preceeded by protocol specifier ('XXX:...:XXX' - see manual)")
>>    SSL_CMD_PXY(ProxyVerify, TAKE1,
>>               "SSL Proxy: whether to verify the remote certificate "
>>               "('on' or 'off')")
>> @@ -398,7 +398,7 @@ static int ssl_hook_pre_config(apr_pool_
>>    /* We must register the library in full, to ensure our configuration
>>     * code can successfully test the SSL environment.
>>     */
>> -#if MODSSL_USE_OPENSSL_PRE_1_1_API
>> +#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)
>>    (void)CRYPTO_malloc_init();
>> #else
>>    OPENSSL_malloc_init();
>> 
>> Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c?rev=1841573&r1=1841572&r2=1841573&view=diff
>> ==============================================================================
>> --- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c (original)
>> +++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c Fri Sep 21 12:14:05 2018
>> @@ -136,6 +136,7 @@ static void modssl_ctx_init(modssl_ctx_t
>>    mctx->auth.cipher_suite   = NULL;
>>    mctx->auth.verify_depth   = UNSET;
>>    mctx->auth.verify_mode    = SSL_CVERIFY_UNSET;
>> +    mctx->auth.tls13_ciphers = NULL;
>> 
>>    mctx->ocsp_mask           = UNSET;
>>    mctx->ocsp_force_default  = UNSET;
>> @@ -280,6 +281,7 @@ static void modssl_ctx_cfg_merge(apr_poo
>>    cfgMergeString(auth.cipher_suite);
>>    cfgMergeInt(auth.verify_depth);
>>    cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET);
>> +    cfgMergeString(auth.tls13_ciphers);
>> 
>>    cfgMergeInt(ocsp_mask);
>>    cfgMergeBool(ocsp_force_default);
>> @@ -761,22 +763,37 @@ const char *ssl_cmd_SSLFIPS(cmd_parms *c
>> 
>> const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd,
>>                                   void *dcfg,
>> -                                   const char *arg)
>> +                                   const char *arg1, const char *arg2)
>> {
>>    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
>>    SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
>> 
>> -    /* always disable null and export ciphers */
>> -    arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
>> -
>> -    if (cmd->path) {
>> -        dc->szCipherSuite = arg;
>> +    if (arg2 == NULL) {
>> +        arg2 = arg1;
>> +        arg1 = "SSL";
>>    }
>> -    else {
>> -        sc->server->auth.cipher_suite = arg;
>> +    
>> +    if (!strcmp("SSL", arg1)) {
>> +        /* always disable null and export ciphers */
>> +        arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);
>> +        if (cmd->path) {
>> +            dc->szCipherSuite = arg2;
>> +        }
>> +        else {
>> +            sc->server->auth.cipher_suite = arg2;
>> +        }
>> +        return NULL;
>>    }
>> -
>> -    return NULL;
>> +#if SSL_HAVE_PROTOCOL_TLSV1_3
>> +    else if (!strcmp("TLSv1.3", arg1)) {
>> +        if (cmd->path) {
>> +            return "TLSv1.3 ciphers cannot be set inside a directory context";
>> +        }
>> +        sc->server->auth.tls13_ciphers = arg2;
>> +        return NULL;
>> +    }
>> +#endif
>> +    return apr_pstrcat(cmd->pool, "procotol '", arg1, "' not supported", NULL);
>> }
>> 
>> #define SSL_FLAGS_CHECK_FILE \
>> @@ -1445,6 +1462,9 @@ static const char *ssl_cmd_protocol_pars
>>        else if (strcEQ(w, "TLSv1.2")) {
>>            thisopt = SSL_PROTOCOL_TLSV1_2;
>>        }
>> +        else if (SSL_HAVE_PROTOCOL_TLSV1_3 && strcEQ(w, "TLSv1.3")) {
>> +            thisopt = SSL_PROTOCOL_TLSV1_3;
>> +        }
>> #endif
>>        else if (strcEQ(w, "all")) {
>>            thisopt = SSL_PROTOCOL_ALL;
>> @@ -1506,16 +1526,28 @@ const char *ssl_cmd_SSLProxyProtocol(cmd
>> 
>> const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *cmd,
>>                                        void *dcfg,
>> -                                        const char *arg)
>> +                                        const char *arg1, const char *arg2)
>> {
>>    SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
>> -
>> -    /* always disable null and export ciphers */
>> -    arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
>> -
>> -    dc->proxy->auth.cipher_suite = arg;
>> -
>> -    return NULL;
>> +    
>> +    if (arg2 == NULL) {
>> +        arg2 = arg1;
>> +        arg1 = "SSL";
>> +    }
>> +    
>> +    if (!strcmp("SSL", arg1)) {
>> +        /* always disable null and export ciphers */
>> +        arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);
>> +        dc->proxy->auth.cipher_suite = arg2;
>> +        return NULL;
>> +    }
>> +#if SSL_HAVE_PROTOCOL_TLSV1_3
>> +    else if (!strcmp("TLSv1.3", arg1)) {
>> +        dc->proxy->auth.tls13_ciphers = arg2;
>> +        return NULL;
>> +    }
>> +#endif
>> +    return apr_pstrcat(cmd->pool, "procotol '", arg1, "' not supported", NULL);
>> }
>> 
>> const char *ssl_cmd_SSLProxyVerify(cmd_parms *cmd,
>> 
>> Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c?rev=1841573&r1=1841572&r2=1841573&view=diff
>> ==============================================================================
>> --- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c (original)
>> +++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c Fri Sep 21 12:14:05 2018
>> @@ -568,6 +568,9 @@ static apr_status_t ssl_init_ctx_protoco
>> #ifdef HAVE_TLSV1_X
>>                     (protocol & SSL_PROTOCOL_TLSV1_1 ? "TLSv1.1, " : ""),
>>                     (protocol & SSL_PROTOCOL_TLSV1_2 ? "TLSv1.2, " : ""),
>> +#if SSL_HAVE_PROTOCOL_TLSV1_3
>> +                     (protocol & SSL_PROTOCOL_TLSV1_3 ? "TLSv1.3, " : ""),
>> +#endif
>> #endif
>>                     NULL);
>>    cp[strlen(cp)-2] = NUL;
>> @@ -600,6 +603,13 @@ static apr_status_t ssl_init_ctx_protoco
>>            TLSv1_2_client_method() : /* proxy */
>>            TLSv1_2_server_method();  /* server */
>>    }
>> +#if SSL_HAVE_PROTOCOL_TLSV1_3
>> +    else if (protocol == SSL_PROTOCOL_TLSV1_3) {
>> +        method = mctx->pkp ?
>> +            TLSv1_3_client_method() : /* proxy */
>> +            TLSv1_3_server_method();  /* server */
>> +    }
>> +#endif
>> #endif
>>    else { /* For multiple protocols, we need a flexible method */
>>        method = mctx->pkp ?
>> @@ -617,7 +627,8 @@ static apr_status_t ssl_init_ctx_protoco
>> 
>>    SSL_CTX_set_options(ctx, SSL_OP_ALL);
>> 
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000L  || \
>> +	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
>>    /* always disable SSLv2, as per RFC 6176 */
>>    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
>> 
>> @@ -639,10 +650,19 @@ static apr_status_t ssl_init_ctx_protoco
>>    if (!(protocol & SSL_PROTOCOL_TLSV1_2)) {
>>        SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2);
>>    }
>> +#if SSL_HAVE_PROTOCOL_TLSV1_3
>> +    ssl_set_ctx_protocol_option(s, ctx, SSL_OP_NO_TLSv1_3,
>> +                                protocol & SSL_PROTOCOL_TLSV1_3, "TLSv1.3");
>> +#endif
>> #endif
>> 
>> #else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
>>    /* We first determine the maximum protocol version we should provide */
>> +#if SSL_HAVE_PROTOCOL_TLSV1_3
>> +    if (SSL_HAVE_PROTOCOL_TLSV1_3 && (protocol & SSL_PROTOCOL_TLSV1_3)) {
>> +        prot = TLS1_3_VERSION;
>> +    } else  
>> +#endif
>>    if (protocol & SSL_PROTOCOL_TLSV1_2) {
>>        prot = TLS1_2_VERSION;
>>    } else if (protocol & SSL_PROTOCOL_TLSV1_1) {
>> @@ -664,6 +684,11 @@ static apr_status_t ssl_init_ctx_protoco
>> 
>>    /* Next we scan for the minimal protocol version we should provide,
>>     * but we do not allow holes between max and min */
>> +#if SSL_HAVE_PROTOCOL_TLSV1_3
>> +    if (prot == TLS1_3_VERSION && protocol & SSL_PROTOCOL_TLSV1_2) {
>> +        prot = TLS1_2_VERSION;
>> +    }
>> +#endif
>>    if (prot == TLS1_2_VERSION && protocol & SSL_PROTOCOL_TLSV1_1) {
>>        prot = TLS1_1_VERSION;
>>    }
>> @@ -736,6 +761,13 @@ static apr_status_t ssl_init_ctx_protoco
>>        SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
>> #endif
>> 
>> +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
>> +    /* For OpenSSL >=1.1.1, disable auto-retry mode so it's possible
>> +     * to consume handshake records without blocking for app-data.
>> +     * https://github.com/openssl/openssl/issues/7178 */
>> +    SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
>> +#endif
>> +    
>>    return APR_SUCCESS;
>> }
>> 
>> @@ -888,7 +920,15 @@ static apr_status_t ssl_init_ctx_cipher_
>>        ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
>>        return ssl_die(s);
>>    }
>> -
>> +#if SSL_HAVE_PROTOCOL_TLSV1_3
>> +    if (mctx->auth.tls13_ciphers 
>> +        && !SSL_CTX_set_ciphersuites(ctx, mctx->auth.tls13_ciphers)) {
>> +        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO()
>> +                "Unable to configure permitted TLSv1.3 ciphers");
>> +        ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
>> +        return ssl_die(s);
>> +    }
>> +#endif
>>    return APR_SUCCESS;
>> }
>> 
>> @@ -1452,6 +1492,13 @@ static apr_status_t ssl_init_proxy_certs
>>    X509_STORE_CTX *sctx;
>>    X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
>> 
>> +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
>> +    /* For OpenSSL >=1.1.1, turn on client cert support which is
>> +     * otherwise turned off by default (by design).
>> +     * https://github.com/openssl/openssl/issues/6933 */
>> +    SSL_CTX_set_post_handshake_auth(mctx->ssl_ctx, 1);
>> +#endif
>> +    
>>    SSL_CTX_set_client_cert_cb(mctx->ssl_ctx,
>>                               ssl_callback_proxy_cert);
>> 
>> 
>> Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c?rev=1841573&r1=1841572&r2=1841573&view=diff
>> ==============================================================================
>> --- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c (original)
>> +++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c Fri Sep 21 12:14:05 2018
>> @@ -188,6 +188,12 @@ static int ssl_auth_compatible(modssl_au
>>            || strcmp(a1->cipher_suite, a2->cipher_suite))) {
>>        return 0;
>>    }
>> +    /* both have the same ca cipher suite string */
>> +    if ((a1->tls13_ciphers != a2->tls13_ciphers)
>> +        && (!a1->tls13_ciphers || !a2->tls13_ciphers 
>> +            || strcmp(a1->tls13_ciphers, a2->tls13_ciphers))) {
>> +        return 0;
>> +    }
>>    return 1;
>> }
>> 
>> @@ -424,87 +430,70 @@ static void ssl_configure_env(request_re
>>    }
>> }
>> 
>> -/*
>> - *  Access Handler
>> - */
>> -int ssl_hook_Access(request_rec *r)
>> +static int ssl_check_post_client_verify(request_rec *r, SSLSrvConfigRec *sc, 
>> +                                        SSLDirConfigRec *dc, SSLConnRec *sslconn,
>> +                                        SSL *ssl)
>> {
>> -    SSLDirConfigRec *dc         = myDirConfig(r);
>> -    SSLSrvConfigRec *sc         = mySrvConfig(r->server);
>> -    SSLConnRec *sslconn         = myConnConfig(r->connection);
>> -    SSL *ssl                    = sslconn ? sslconn->ssl : NULL;
>> -    server_rec *handshakeserver = sslconn ? sslconn->server : NULL;
>> -    SSLSrvConfigRec *hssc       = handshakeserver? mySrvConfig(handshakeserver) : NULL;
>> -    SSL_CTX *ctx = NULL;
>> -    apr_array_header_t *requires;
>> -    ssl_require_t *ssl_requires;
>> -    int ok, i;
>> -    BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
>>    X509 *cert;
>> -    X509 *peercert;
>> -    X509_STORE *cert_store = NULL;
>> -    X509_STORE_CTX *cert_store_ctx;
>> -    STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
>> -    const SSL_CIPHER *cipher = NULL;
>> -    int depth, verify_old, verify, n, is_slave = 0;
>> -    const char *ncipher_suite;
>> -
>> -    /* On a slave connection, we do not expect to have an SSLConnRec, but
>> -     * our master connection might have one. */
>> -    if (!(sslconn && ssl) && r->connection->master) {
>> -        sslconn         = myConnConfig(r->connection->master);
>> -        ssl             = sslconn ? sslconn->ssl : NULL;
>> -        handshakeserver = sslconn ? sslconn->server : NULL;
>> -        hssc            = handshakeserver? mySrvConfig(handshakeserver) : NULL;
>> -        is_slave        = 1;
>> -    }
>> 
>> -    if (ssl) {
>> -        /*
>> -         * We should have handshaken here (on handshakeserver),
>> -         * otherwise we are being redirected (ErrorDocument) from
>> -         * a renegotiation failure below. The access is still 
>> -         * forbidden in the latter case, let ap_die() handle
>> -         * this recursive (same) error.
>> -         */
>> -        if (!SSL_is_init_finished(ssl)) {
>> -            return HTTP_FORBIDDEN;
>> +    /*
>> +     * Remember the peer certificate's DN
>> +     */
>> +    if ((cert = SSL_get_peer_certificate(ssl))) {
>> +        if (sslconn->client_cert) {
>> +            X509_free(sslconn->client_cert);
>>        }
>> -        ctx = SSL_get_SSL_CTX(ssl);
>> +        sslconn->client_cert = cert;
>> +        sslconn->client_dn = NULL;
>>    }
>> -
>> +    
>>    /*
>> -     * Support for SSLRequireSSL directive
>> +     * Finally check for acceptable renegotiation results
>>     */
>> -    if (dc->bSSLRequired && !ssl) {
>> -        if ((sc->enabled == SSL_ENABLED_OPTIONAL) && !is_slave) {
>> -            /* This vhost was configured for optional SSL, just tell the
>> -             * client that we need to upgrade.
>> -             */
>> -            apr_table_setn(r->err_headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
>> -            apr_table_setn(r->err_headers_out, "Connection", "Upgrade");
>> +    if ((dc->nVerifyClient != SSL_CVERIFY_NONE) ||
>> +        (sc->server->auth.verify_mode != SSL_CVERIFY_NONE)) {
>> +        BOOL do_verify = ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
>> +                          (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE));
>> +
>> +        if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
>> +            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02262)
>> +                          "Re-negotiation handshake failed: "
>> +                          "Client verification failed");
>> 
>> -            return HTTP_UPGRADE_REQUIRED;
>> +            return HTTP_FORBIDDEN;
>>        }
>> 
>> -        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02219)
>> -                      "access to %s failed, reason: %s",
>> -                      r->filename, "SSL connection required");
>> -
>> -        /* remember forbidden access for strict require option */
>> -        apr_table_setn(r->notes, "ssl-access-forbidden", "1");
>> +        if (do_verify) {
>> +            if (cert == NULL) {
>> +                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02263)
>> +                              "Re-negotiation handshake failed: "
>> +                              "Client certificate missing");
>> 
>> -        return HTTP_FORBIDDEN;
>> +                return HTTP_FORBIDDEN;
>> +            }
>> +        }
>>    }
>> +    return OK;
>> +}
>> 
>> -    /*
>> -     * Check to see whether SSL is in use; if it's not, then no
>> -     * further access control checks are relevant.  (the test for
>> -     * sc->enabled is probably strictly unnecessary)
>> -     */
>> -    if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
>> -        return DECLINED;
>> -    }
>> +/*
>> + *  Access Handler, classic flavour, for SSL/TLS up to v1.2 
>> + *  where everything can be renegotiated and no one is happy.
>> + */
>> +static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirConfigRec *dc,
>> +                                   SSLConnRec *sslconn, SSL *ssl)
>> +{
>> +    server_rec *handshakeserver = sslconn ? sslconn->server : NULL;
>> +    SSLSrvConfigRec *hssc       = handshakeserver? mySrvConfig(handshakeserver) : NULL;
>> +    SSL_CTX *ctx = NULL;
>> +    BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
>> +    X509 *peercert;
>> +    X509_STORE *cert_store = NULL;
>> +    X509_STORE_CTX *cert_store_ctx;
>> +    STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
>> +    const SSL_CIPHER *cipher = NULL;
>> +    int depth, verify_old, verify, n, rc;
>> +    const char *ncipher_suite;
>> 
>> #ifdef HAVE_SRP
>>    /*
>> @@ -581,7 +570,7 @@ int ssl_hook_Access(request_rec *r)
>>        }
>> 
>>        /* configure new state */
>> -        if (is_slave) {
>> +        if (r->connection->master) {
>>            /* TODO: this categorically fails changed cipher suite settings
>>             * on slave connections. We could do better by
>>             * - create a new SSL* from our SSL_CTX and set cipher suite there,
>> @@ -659,7 +648,7 @@ int ssl_hook_Access(request_rec *r)
>>        }
>> 
>>        if (renegotiate) {
>> -            if (is_slave) {
>> +            if (r->connection->master) {
>>                /* The request causes renegotiation on a slave connection.
>>                 * This is not allowed since we might have concurrent requests
>>                 * on this connection.
>> @@ -732,7 +721,7 @@ int ssl_hook_Access(request_rec *r)
>>                  (verify     & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
>>            {
>>                renegotiate = TRUE;
>> -                if (is_slave) {
>> +                if (r->connection->master) {
>>                    /* The request causes renegotiation on a slave connection.
>>                     * This is not allowed since we might have concurrent requests
>>                     * on this connection.
>> @@ -883,6 +872,7 @@ int ssl_hook_Access(request_rec *r)
>> 
>>        if (renegotiate_quick) {
>>            STACK_OF(X509) *cert_stack;
>> +            X509 *cert;
>> 
>>            /* perform just a manual re-verification of the peer */
>>            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02258)
>> @@ -1035,43 +1025,10 @@ int ssl_hook_Access(request_rec *r)
>>        }
>> 
>>        /*
>> -         * Remember the peer certificate's DN
>> -         */
>> -        if ((cert = SSL_get_peer_certificate(ssl))) {
>> -            if (sslconn->client_cert) {
>> -                X509_free(sslconn->client_cert);
>> -            }
>> -            sslconn->client_cert = cert;
>> -            sslconn->client_dn = NULL;
>> -        }
>> -
>> -        /*
>>         * Finally check for acceptable renegotiation results
>>         */
>> -        if ((dc->nVerifyClient != SSL_CVERIFY_NONE) ||
>> -            (sc->server->auth.verify_mode != SSL_CVERIFY_NONE)) {
>> -            BOOL do_verify = ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
>> -                              (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE));
>> -
>> -            if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
>> -                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02262)
>> -                              "Re-negotiation handshake failed: "
>> -                              "Client verification failed");
>> -
>> -                return HTTP_FORBIDDEN;
>> -            }
>> -
>> -            if (do_verify) {
>> -                if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
>> -                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02263)
>> -                                  "Re-negotiation handshake failed: "
>> -                                  "Client certificate missing");
>> -
>> -                    return HTTP_FORBIDDEN;
>> -                }
>> -
>> -                X509_free(peercert);
>> -            }
>> +        if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) {
>> +            return rc;
>>        }
>> 
>>        /*
>> @@ -1094,6 +1051,215 @@ int ssl_hook_Access(request_rec *r)
>>        }
>>    }
>> 
>> +    return DECLINED;
>> +}
>> +
>> +#if SSL_HAVE_PROTOCOL_TLSV1_3
>> +/*
>> + *  Access Handler, modern flavour, for SSL/TLS v1.3 and onward. 
>> + *  Only client certificates can be requested, everything else stays.
>> + */
>> +static int ssl_hook_Access_modern(request_rec *r, SSLSrvConfigRec *sc, SSLDirConfigRec *dc,
>> +                                  SSLConnRec *sslconn, SSL *ssl)
>> +{
>> +    if ((dc->nVerifyClient != SSL_CVERIFY_UNSET) ||
>> +        (sc->server->auth.verify_mode != SSL_CVERIFY_UNSET)) {
>> +        int vmode_inplace, vmode_needed;
>> +        int change_vmode = FALSE;
>> +        int old_state, n, rc;
>> +
>> +        vmode_inplace = SSL_get_verify_mode(ssl);
>> +        vmode_needed = SSL_VERIFY_NONE;
>> +
>> +        if ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
>> +            (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE)) {
>> +            vmode_needed |= SSL_VERIFY_PEER_STRICT;
>> +        }
>> +
>> +        if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) ||
>> +            (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA) ||
>> +            (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL) ||
>> +            (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
>> +        {
>> +            vmode_needed |= SSL_VERIFY_PEER;
>> +        }
>> +
>> +        if (vmode_needed == SSL_VERIFY_NONE) {
>> +            return DECLINED;
>> +        }
>> +
>> +        vmode_needed |= SSL_VERIFY_CLIENT_ONCE;
>> +        if (vmode_inplace != vmode_needed) {
>> +            /* Need to change, if new setting is more restrictive than existing one */
>> +
>> +            if ((vmode_inplace == SSL_VERIFY_NONE)
>> +                || (!(vmode_inplace   & SSL_VERIFY_PEER) 
>> +                    && (vmode_needed  & SSL_VERIFY_PEER))
>> +                || (!(vmode_inplace   & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) 
>> +                    && (vmode_needed & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
>> +                /* need to change the effective verify mode */
>> +                change_vmode = TRUE;
>> +            }
>> +            else {
>> +                /* FIXME: does this work with TLSv1.3? Is this more than re-inspecting
>> +                 * the certificate we should already have? */
>> +                /*
>> +                 * override of SSLVerifyDepth
>> +                 *
>> +                 * The depth checks are handled by us manually inside the
>> +                 * verify callback function and not by OpenSSL internally
>> +                 * (and our function is aware of both the per-server and
>> +                 * per-directory contexts). So we cannot ask OpenSSL about
>> +                 * the currently verify depth. Instead we remember it in our
>> +                 * SSLConnRec attached to the SSL* of OpenSSL.  We've to force
>> +                 * the renegotiation if the reconfigured/new verify depth is
>> +                 * less than the currently active/remembered verify depth
>> +                 * (because this means more restriction on the certificate
>> +                 * chain).
>> +                 */
>> +                n = (sslconn->verify_depth != UNSET)? 
>> +                    sslconn->verify_depth : sc->server->auth.verify_depth;
>> +                /* determine the new depth */
>> +                sslconn->verify_depth = (dc->nVerifyDepth != UNSET)
>> +                                        ? dc->nVerifyDepth
>> +                                        : sc->server->auth.verify_depth;
>> +                if (sslconn->verify_depth < n) {
>> +                    change_vmode = TRUE;
>> +                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO()
>> +                                  "Reduced client verification depth will "
>> +                                  "force renegotiation");
>> +                }
>> +            }
>> +        }
>> +
>> +        if (change_vmode) {
>> +            char peekbuf[1];
>> +
>> +            if (r->connection->master) {
>> +                /* FIXME: modifying the SSL on a slave connection is no good.
>> +                 * We would need to push this back to the master connection
>> +                 * somehow.
>> +                 */
>> +                apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "verify-client");
>> +                return HTTP_FORBIDDEN;
>> +            }
>> +
>> +            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO() "verify client post handshake");
>> +
>> +            SSL_set_verify(ssl, vmode_needed, ssl_callback_SSLVerify);
>> +
>> +            if (SSL_verify_client_post_handshake(ssl) != 1) {
>> +                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10158)
>> +                              "cannot perform post-handshake authentication");
>> +                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
>> +                apr_table_setn(r->notes, "error-notes",
>> +                               "Reason: Cannot perform Post-Handshake Authentication.<br />");
>> +                return HTTP_FORBIDDEN;
>> +            }
>> +            
>> +            old_state = sslconn->reneg_state;
>> +            sslconn->reneg_state = RENEG_ALLOW;
>> +            modssl_set_app_data2(ssl, r);
>> +
>> +            SSL_do_handshake(ssl);
>> +            /* Need to trigger renegotiation handshake by reading.
>> +             * Peeking 0 bytes actually works.
>> +             * See: http://marc.info/?t=145493359200002&r=1&w=2
>> +             */
>> +            SSL_peek(ssl, peekbuf, 0);
>> +
>> +            sslconn->reneg_state = old_state;
>> +            modssl_set_app_data2(ssl, NULL);
>> +
>> +            /*
>> +             * Finally check for acceptable renegotiation results
>> +             */
>> +            if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) {
>> +                return rc;
>> +            }
>> +        }
>> +    }
>> +
>> +    return DECLINED;
>> +}
>> +#endif
>> +
>> +int ssl_hook_Access(request_rec *r)
>> +{
>> +    SSLDirConfigRec *dc         = myDirConfig(r);
>> +    SSLSrvConfigRec *sc         = mySrvConfig(r->server);
>> +    SSLConnRec *sslconn         = myConnConfig(r->connection);
>> +    SSL *ssl                    = sslconn ? sslconn->ssl : NULL;
>> +    apr_array_header_t *requires;
>> +    ssl_require_t *ssl_requires;
>> +    int ok, i, ret;
>> +
>> +    /* On a slave connection, we do not expect to have an SSLConnRec, but
>> +     * our master connection might have one. */
>> +    if (!(sslconn && ssl) && r->connection->master) {
>> +        sslconn         = myConnConfig(r->connection->master);
>> +        ssl             = sslconn ? sslconn->ssl : NULL;
>> +    }
>> +
>> +    /*
>> +     * We should have handshaken here, otherwise we are being 
>> +     * redirected (ErrorDocument) from a renegotiation failure below. 
>> +     * The access is still forbidden in the latter case, let ap_die() handle
>> +     * this recursive (same) error.
>> +     */
>> +    if (ssl && !SSL_is_init_finished(ssl)) {
>> +        return HTTP_FORBIDDEN;
>> +    }
>> +
>> +    /*
>> +     * Support for SSLRequireSSL directive
>> +     */
>> +    if (dc->bSSLRequired && !ssl) {
>> +        if ((sc->enabled == SSL_ENABLED_OPTIONAL) && !r->connection->master) {
>> +            /* This vhost was configured for optional SSL, just tell the
>> +             * client that we need to upgrade.
>> +             */
>> +            apr_table_setn(r->err_headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
>> +            apr_table_setn(r->err_headers_out, "Connection", "Upgrade");
>> +
>> +            return HTTP_UPGRADE_REQUIRED;
>> +        }
>> +
>> +        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02219)
>> +                      "access to %s failed, reason: %s",
>> +                      r->filename, "SSL connection required");
>> +
>> +        /* remember forbidden access for strict require option */
>> +        apr_table_setn(r->notes, "ssl-access-forbidden", "1");
>> +
>> +        return HTTP_FORBIDDEN;
>> +    }
>> +
>> +    /*
>> +     * Check to see whether SSL is in use; if it's not, then no
>> +     * further access control checks are relevant.  (the test for
>> +     * sc->enabled is probably strictly unnecessary)
>> +     */
>> +    if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
>> +        return DECLINED;
>> +    }
>> +
>> +#if SSL_HAVE_PROTOCOL_TLSV1_3
>> +    /* TLSv1.3+ is less complicated here. Branch off into a new codeline
>> +     * and avoid messing with the past. */
>> +    if (SSL_version(ssl) >= TLS1_3_VERSION) {
>> +        ret = ssl_hook_Access_modern(r, sc, dc, sslconn, ssl);
>> +    }
>> +    else
>> +#endif
>> +    {
>> +        ret = ssl_hook_Access_classic(r, sc, dc, sslconn, ssl);
>> +    }
>> +
>> +    if (ret != DECLINED) {
>> +        return ret;
>> +    }
>> +
>>    /* If we're trying to have the user name set from a client
>>     * certificate then we need to set it here. This should be safe as
>>     * the user name probably isn't important from an auth checking point
>> @@ -2078,31 +2244,43 @@ void ssl_callback_Info(const SSL *ssl, i
>> {
>>    conn_rec *c;
>>    server_rec *s;
>> -    SSLConnRec *scr;
>> 
>>    /* Retrieve the conn_rec and the associated SSLConnRec. */
>>    if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
>>        return;
>>    }
>> 
>> -    if ((scr = myConnConfig(c)) == NULL) {
>> -        return;
>> -    }
>> +    /* With TLS 1.3 this callback may be called multiple times on the first
>> +     * negotiation, so the below logic to detect renegotiations can't work.
>> +     * Fortunately renegotiations are forbidden starting with TLS 1.3, and
>> +     * this is enforced by OpenSSL so there's nothing to be done here.
>> +     */
>> +#if SSL_HAVE_PROTOCOL_TLSV1_3
>> +    if (SSL_version(ssl) < TLS1_3_VERSION)
>> +#endif
>> +    {
>> +        SSLConnRec *sslconn;
>> +
>> +        if ((sslconn = myConnConfig(c)) == NULL) {
>> +            return;
>> +        }
>> 
>> -    /* If the reneg state is to reject renegotiations, check the SSL
>> -     * state machine and move to ABORT if a Client Hello is being
>> -     * read. */
>> -    if (!scr->is_proxy &&
>> -        (where & SSL_CB_HANDSHAKE_START) &&
>> -        scr->reneg_state == RENEG_REJECT) {
>> -            scr->reneg_state = RENEG_ABORT;
>> +        /* If the reneg state is to reject renegotiations, check the SSL
>> +         * state machine and move to ABORT if a Client Hello is being
>> +         * read. */
>> +        if (!sslconn->is_proxy &&
>> +                (where & SSL_CB_HANDSHAKE_START) &&
>> +                sslconn->reneg_state == RENEG_REJECT) {
>> +            sslconn->reneg_state = RENEG_ABORT;
>>            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
>>                          "rejecting client initiated renegotiation");
>> -    }
>> -    /* If the first handshake is complete, change state to reject any
>> -     * subsequent client-initiated renegotiation. */
>> -    else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_INIT) {
>> -        scr->reneg_state = RENEG_REJECT;
>> +        }
>> +        /* If the first handshake is complete, change state to reject any
>> +         * subsequent client-initiated renegotiation. */
>> +        else if ((where & SSL_CB_HANDSHAKE_DONE)
>> +                 && sslconn->reneg_state == RENEG_INIT) {
>> +            sslconn->reneg_state = RENEG_REJECT;
>> +        }
>>    }
>> 
>>    s = mySrvFromConn(c);
>> 
>> Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_private.h
>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_private.h?rev=1841573&r1=1841572&r2=1841573&view=diff
>> ==============================================================================
>> --- httpd/httpd/branches/2.4.x/modules/ssl/ssl_private.h (original)
>> +++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_private.h Fri Sep 21 12:14:05 2018
>> @@ -132,13 +132,14 @@
>>        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
>> #define SSL_CTX_set_max_proto_version(ctx, version) \
>>        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
>> -#endif
>> -/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
>> - * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so
>> - * we have to work around this...
>> +#elif LIBRESSL_VERSION_NUMBER < 0x2070000f
>> +/* LibreSSL before 2.7 declares OPENSSL_VERSION_NUMBER == 2.0 but does not
>> + * include most changes from OpenSSL >= 1.1 (new functions, macros, 
>> + * deprecations, ...), so we have to work around this...
>> */
>> #define MODSSL_USE_OPENSSL_PRE_1_1_API (1)
>> -#else
>> +#endif /* LIBRESSL_VERSION_NUMBER < 0x2060000f */
>> +#else /* defined(LIBRESSL_VERSION_NUMBER) */
>> #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
>> #endif
>> 
>> @@ -238,7 +239,8 @@ void init_bio_methods(void);
>> void free_bio_methods(void);
>> #endif
>> 
>> -#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
>> +#if OPENSSL_VERSION_NUMBER < 0x10002000L || \
>> +	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f)
>> #define X509_STORE_CTX_get0_store(x) (x->ctx)
>> #endif
>> 
>> @@ -372,8 +374,17 @@ typedef int ssl_opt_t;
>> #ifdef HAVE_TLSV1_X
>> #define SSL_PROTOCOL_TLSV1_1 (1<<3)
>> #define SSL_PROTOCOL_TLSV1_2 (1<<4)
>> +#define SSL_PROTOCOL_TLSV1_3 (1<<5)
>> +
>> +#ifdef SSL_OP_NO_TLSv1_3
>> +#define SSL_HAVE_PROTOCOL_TLSV1_3   (1)
>> +#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_BASIC| \
>> +                            SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2|SSL_PROTOCOL_TLSV1_3)
>> +#else
>> +#define SSL_HAVE_PROTOCOL_TLSV1_3   (0)
>> #define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_BASIC| \
>>                            SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
>> +#endif
>> #else
>> #define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_BASIC)
>> #endif
>> @@ -646,6 +657,11 @@ typedef struct {
>>    /** for client or downstream server authentication */
>>    int          verify_depth;
>>    ssl_verify_t verify_mode;
>> +
>> +    /** TLSv1.3 has its separate cipher list, separate from the
>> +     settings for older TLS protocol versions. Since which one takes
>> +     effect is a matter of negotiation, we need separate settings */
>> +    const char  *tls13_ciphers;
>> } modssl_auth_ctx_t;
>> 
>> #ifdef HAVE_TLS_SESSION_TICKETS
>> @@ -801,7 +817,7 @@ const char  *ssl_cmd_SSLPassPhraseDialog
>> const char  *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *);
>> const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
>> const char  *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
>> -const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
>> +const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *, const char *);
>> const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
>> const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
>> const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
>> @@ -830,7 +846,7 @@ const char *ssl_cmd_SSLInsecureRenegotia
>> 
>> const char  *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
>> const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
>> -const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *);
>> +const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *, const char *);
>> const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);
>> const char  *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, void *, const char *);
>> const char  *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, void *, const char *);
>> 
>> 
> 
>