1 files changed, 87 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch
new file mode 100644
index 000000000..57b5155c3
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch
@@ -0,0 +1,87 @@
+* server/mpm_unix.c (dummy_connection): Use a TLS 1.0 close_notify
+  alert if the chosen listener is configured for https; not perfect
+  but better than sending an HTTP request.  Adjust comments.
+http://svn.apache.org/viewvc?view=revision&revision=1327036
+* server/mpm_unix.c (dummy_connection): Fix spello.
+http://svn.apache.org/viewvc?view=revision&revision=1327080
+Upstream-Status: Backport
+--- httpd-2.4.2/server/mpm_unix.c
+++ httpd-2.4.2/server/mpm_unix.c
+@@ -501,14 +501,14 @@
+     return rv;
+ }
+ 
+-/* This function connects to the server, then immediately closes the connection.
+- * This permits the MPM to skip the poll when there is only one listening
+- * socket, because it provides a alternate way to unblock an accept() when
+- * the pod is used.
+- */
+/* This function connects to the server and sends enough data to
+ * ensure the child wakes up and processes a new connection.  This
+ * permits the MPM to skip the poll when there is only one listening
+ * socket, because it provides a alternate way to unblock an accept()
+ * when the pod is used.  */
+ static apr_status_t dummy_connection(ap_pod_t *pod)
+ {
+-    char *srequest;
+    const char *data;
+     apr_status_t rv;
+     apr_socket_t *sock;
+     apr_pool_t *p;
+@@ -574,24 +574,37 @@
+         return rv;
+     }
+ 
+-    /* Create the request string. We include a User-Agent so that
+-     * adminstrators can track down the cause of the odd-looking
+-     * requests in their logs.
+-     */
+-    srequest = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
+    if (lp->protocol && strcasecmp(lp->protocol, "https") == 0) {
+        /* Send a TLS 1.0 close_notify alert.  This is perhaps the
+         * "least wrong" way to open and cleanly terminate an SSL
+         * connection.  It should "work" without noisy error logs if
+         * the server actually expects SSLv3/TLSv1.  With
+         * SSLv23_server_method() OpenSSL's SSL_accept() fails
+         * ungracefully on receipt of this message, since it requires
+         * an 11-byte ClientHello message and this is too short. */
+        static const unsigned char tls10_close_notify[7] = {
+            '\x15',         /* TLSPlainText.type = Alert (21) */
+            '\x03', '\x01', /* TLSPlainText.version = {3, 1} */
+            '\x00', '\x02', /* TLSPlainText.length = 2 */
+            '\x01',         /* Alert.level = warning (1) */
+            '\x00'          /* Alert.description = close_notify (0) */
+        };
+        data = (const char *)tls10_close_notify;
+        len = sizeof(tls10_close_notify);
+    }
+    else /* ... XXX other request types here? */ {
+        /* Create an HTTP request string.  We include a User-Agent so
+         * that adminstrators can track down the cause of the
+         * odd-looking requests in their logs.  A complete request is
+         * used since kernel-level filtering may require that much
+         * data before returning from accept(). */
+        data = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
+                            ap_get_server_description(),
+                            " (internal dummy connection)\r\n\r\n", NULL);
+        len = strlen(data);
+    }
+ 
+-    /* Since some operating systems support buffering of data or entire
+-     * requests in the kernel, we send a simple request, to make sure
+-     * the server pops out of a blocking accept().
+-     */
+-    /* XXX: This is HTTP specific. We should look at the Protocol for each
+-     * listener, and send the correct type of request to trigger any Accept
+-     * Filters.
+-     */
+-    len = strlen(srequest);
+-    apr_socket_send(sock, srequest, &len);
+    apr_socket_send(sock, data, &len);
+     apr_socket_close(sock);
+     apr_pool_destroy(p);
+

diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch new file mode 100644 index 000000000..57b5155c3 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.2/httpd-2.4.2-r1327036+.patch
@@ -0,0 +1,87 @@
	1
	2	* server/mpm_unix.c (dummy_connection): Use a TLS 1.0 close_notify
	3	alert if the chosen listener is configured for https; not perfect
	4	but better than sending an HTTP request. Adjust comments.
	5	http://svn.apache.org/viewvc?view=revision&revision=1327036
	6
	7	* server/mpm_unix.c (dummy_connection): Fix spello.
	8	http://svn.apache.org/viewvc?view=revision&revision=1327080
	9
	10	Upstream-Status: Backport
	11
	12	--- httpd-2.4.2/server/mpm_unix.c
	13	+++ httpd-2.4.2/server/mpm_unix.c
	14	@@ -501,14 +501,14 @@
	15	return rv;
	16	}
	17
	18	-/* This function connects to the server, then immediately closes the connection.
	19	- * This permits the MPM to skip the poll when there is only one listening
	20	- * socket, because it provides a alternate way to unblock an accept() when
	21	- * the pod is used.
	22	- */
	23	+/* This function connects to the server and sends enough data to
	24	+ * ensure the child wakes up and processes a new connection. This
	25	+ * permits the MPM to skip the poll when there is only one listening
	26	+ * socket, because it provides a alternate way to unblock an accept()
	27	+ * when the pod is used. */
	28	static apr_status_t dummy_connection(ap_pod_t *pod)
	29	{
	30	- char *srequest;
	31	+ const char *data;
	32	apr_status_t rv;
	33	apr_socket_t *sock;
	34	apr_pool_t *p;
	35	@@ -574,24 +574,37 @@
	36	return rv;
	37	}
	38
	39	- /* Create the request string. We include a User-Agent so that
	40	- * adminstrators can track down the cause of the odd-looking
	41	- * requests in their logs.
	42	- */
	43	- srequest = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
	44	+ if (lp->protocol && strcasecmp(lp->protocol, "https") == 0) {
	45	+ /* Send a TLS 1.0 close_notify alert. This is perhaps the
	46	+ * "least wrong" way to open and cleanly terminate an SSL
	47	+ * connection. It should "work" without noisy error logs if
	48	+ * the server actually expects SSLv3/TLSv1. With
	49	+ * SSLv23_server_method() OpenSSL's SSL_accept() fails
	50	+ * ungracefully on receipt of this message, since it requires
	51	+ * an 11-byte ClientHello message and this is too short. */
	52	+ static const unsigned char tls10_close_notify[7] = {
	53	+ '\x15', /* TLSPlainText.type = Alert (21) */
	54	+ '\x03', '\x01', /* TLSPlainText.version = {3, 1} */
	55	+ '\x00', '\x02', /* TLSPlainText.length = 2 */
	56	+ '\x01', /* Alert.level = warning (1) */
	57	+ '\x00' /* Alert.description = close_notify (0) */
	58	+ };
	59	+ data = (const char *)tls10_close_notify;
	60	+ len = sizeof(tls10_close_notify);
	61	+ }
	62	+ else /* ... XXX other request types here? */ {
	63	+ /* Create an HTTP request string. We include a User-Agent so
	64	+ * that adminstrators can track down the cause of the
	65	+ * odd-looking requests in their logs. A complete request is
	66	+ * used since kernel-level filtering may require that much
	67	+ * data before returning from accept(). */
	68	+ data = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
	69	ap_get_server_description(),
	70	" (internal dummy connection)\r\n\r\n", NULL);
	71	+ len = strlen(data);
	72	+ }
	73
	74	- /* Since some operating systems support buffering of data or entire
	75	- * requests in the kernel, we send a simple request, to make sure
	76	- * the server pops out of a blocking accept().
	77	- */
	78	- /* XXX: This is HTTP specific. We should look at the Protocol for each
	79	- * listener, and send the correct type of request to trigger any Accept
	80	- * Filters.
	81	- */
	82	- len = strlen(srequest);
	83	- apr_socket_send(sock, srequest, &len);
	84	+ apr_socket_send(sock, data, &len);
	85	apr_socket_close(sock);
	86	apr_pool_destroy(p);
	87