diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:07 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:07 +0000 |
commit | 1221c736f9a90756d47ea6d28320b6b83602dd2a (patch) | |
tree | b453ba7b1393205258c9b098a773b4330984672f /debian/perl-framework/t/conf/ssl/ssl.conf.in | |
parent | Adding upstream version 2.4.38. (diff) | |
download | apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.tar.xz apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.zip |
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/perl-framework/t/conf/ssl/ssl.conf.in')
-rw-r--r-- | debian/perl-framework/t/conf/ssl/ssl.conf.in | 279 |
1 files changed, 279 insertions, 0 deletions
diff --git a/debian/perl-framework/t/conf/ssl/ssl.conf.in b/debian/perl-framework/t/conf/ssl/ssl.conf.in new file mode 100644 index 0000000..f796b34 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/ssl.conf.in @@ -0,0 +1,279 @@ +#test config derived from httpd-2.0/docs/conf/ssl-std.conf -*- text -*- + +<IfModule @ssl_module@> + #base config that can be used by any SSL enabled VirtualHosts + AddType application/x-x509-ca-cert .crt + AddType application/x-pkcs7-crl .crl + + SSLSessionCache none + #XXX: would be nice to test these + #SSLSessionCache shm:@ServerRoot@/logs/ssl_scache(512000) + #SSLSessionCache dbm:@ServerRoot@/logs/ssl_scache + #SSLSessionCacheTimeout 300 + + <IfVersion < 2.3.4> + #SSLMutex file:@ServerRoot@/logs/ssl_mutex + </IfVersion> + <IfVersion >= 2.3.4> + # mutex created automatically + # config needed only if file-based mutexes are used and + # default lock file dir is inappropriate + # Mutex file:/path/to/lockdir ssl-cache + </IfVersion> + + SSLRandomSeed startup builtin + SSLRandomSeed connect builtin + #SSLRandomSeed startup file:/dev/random 512 + #SSLRandomSeed startup file:/dev/urandom 512 + #SSLRandomSeed connect file:/dev/random 512 + #SSLRandomSeed connect file:/dev/urandom 512 + + SSLProtocol @sslproto@ + + <IfModule mod_log_config.c> + LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b" ssl + CustomLog logs/ssl_request_log ssl + </IfModule> + + SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + <IfDefine TEST_SSL_PASSPHRASE_EXEC> + SSLPassPhraseDialog exec:@ServerRoot@/conf/ssl/httpd-passphrase.pl + </IfDefine> + #else the default is builtin + <IfDefine !TEST_SSL_PASSPHRASE_EXEC> + SSLPassPhraseDialog builtin + </IfDefine> + + <IfDefine TEST_SSL_DES3_KEY> + SSLCertificateFile @SSLCA@/asf/certs/server_des3.crt + + SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3.pem + +# SSLCertificateFile @SSLCA@/asf/certs/server_des3_dsa.crt + +# SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3_dsa.pem + </IfDefine> + #else the default is an unencrypted key + <IfDefine !TEST_SSL_DES3_KEY> + SSLCertificateFile @SSLCA@/asf/certs/server.crt + + SSLCertificateKeyFile @SSLCA@/asf/keys/server.pem + +# SSLCertificateFile @SSLCA@/asf/certs/server_dsa.crt + +# SSLCertificateKeyFile @SSLCA@/asf/keys/server_dsa.pem + </IfDefine> + + #SSLCertificateChainFile @SSLCA@/asf/certs/cachain.crt + + SSLCACertificateFile @SSLCA@/asf/certs/ca.crt + + SSLCACertificatePath @ServerRoot@/conf/ssl + + SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + <IfVersion >= 2.3.15> + SSLCARevocationCheck chain + </IfVersion> + + <VirtualHost @ssl_module_name@> + SSLEngine on + + #t/ssl/verify.t + Alias /verify @DocumentRoot@ + + <Location /verify> + SSLVerifyClient require + SSLVerifyDepth 10 + </Location> + + #t/ssl/require.t + Alias /require/asf @DocumentRoot@ + Alias /require/snakeoil @DocumentRoot@ + Alias /require/certext @DocumentRoot@ + Alias /require/strcmp @DocumentRoot@ + Alias /require/intcmp @DocumentRoot@ + Alias /ssl-fakebasicauth @DocumentRoot@ + Alias /ssl-fakebasicauth2 @DocumentRoot@ + Alias /ssl-cgi @DocumentRoot@/modules/cgi + Alias /require-ssl-cgi @DocumentRoot@/modules/cgi + + Alias /require-aes128-cgi @DocumentRoot@/modules/cgi + Alias /require-aes256-cgi @DocumentRoot@/modules/cgi + + <Location /require/asf> + SSLVerifyClient require + SSLVerifyDepth 10 + SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ + and %{SSL_CLIENT_S_DN_O} eq "ASF" \ + and %{SSL_CLIENT_S_DN_OU} in \ + {"httpd-test", "httpd", "modperl"} ) + </Location> + + <Location /require/snakeoil> + SSLVerifyClient require + SSLVerifyDepth 10 + SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ + and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ + and %{SSL_CLIENT_S_DN_OU} in \ + {"Staff", "CA", "Dev"} ) + </Location> + + <Location /require/certext> + SSLVerifyClient require + <IfVersion > 2.3.0> + SSLRequire "Lemons" in PeerExtList("1.3.6.1.4.1.18060.12.0") + </IfVersion> + <IfVersion < 2.3.0> + <IfVersion > 2.1.6> + SSLRequire "Lemons" in OID("1.3.6.1.4.1.18060.12.0") + </IfVersion> + </IfVersion> + </Location> + + <Location /require/strcmp> + SSLRequire "a" < "b" + SSLRequire "a" lt "b" + </Location> + + <Location /require/intcmp> + SSLRequire 2 < 10 + SSLRequire 2 lt 10 + </Location> + + <Location /ssl-cgi> + SSLOptions +StdEnvVars + </Location> + + <Location /require-ssl-cgi> + SSLOptions +StdEnvVars + SSLVerifyClient require + SSLVerifyDepth 10 + </Location> + + <Location /require-aes128-cgi> + SSLCipherSuite AES128-SHA + </Location> + + <Location /require-aes256-cgi> + SSLCipherSuite AES256-SHA + </Location> + + <IfModule @AUTH_MODULE@> + <Location /ssl-fakebasicauth> + SSLVerifyClient require + SSLVerifyDepth 5 + SSLOptions +FakeBasicAuth + AuthName "Snake Oil Authentication" + AuthType Basic + AuthUserFile @SSLCA@/asf/ssl.htpasswd + require valid-user + </Location> + </IfModule> + + # specific to 2.1 + <IfModule mod_authn_anon.c> + <IfModule mod_auth_basic.c> + <Location /ssl-fakebasicauth2> + SSLVerifyClient require + SSLOptions +FakeBasicAuth +StdEnvVars + AuthName "Snake Oil Authentication" + AuthType Basic + AuthBasicProvider anon + Anonymous dummy "*" + require valid-user + </Location> + </IfModule> + </IfModule> + + ## + ## mod_h2 test config + ## + <IfModule h2_module> + LogLevel h2:debug + </IfModule> + + <IfModule @CGI_MODULE@> + <Directory @SERVERROOT@/htdocs/modules/h2> + Options +ExecCGI + AddHandler cgi-script .pl + + </Directory> + </IfModule> + <Location /modules/h2/hello.pl> + SSLOptions +StdEnvVars + </Location> + <IfModule mod_rewrite.c> + RewriteEngine on + RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC] + </IfModule> + + </VirtualHost> + + # An SSL vhost which does optional ccert checks at vhost level, to + # check for CVE CAN-2005-2700. + + <VirtualHost ssl_optional_cc> + SSLEngine on + + SSLVerifyClient optional + + Alias /require/any @DocumentRoot@ + Alias /require/none @DocumentRoot@ + + <Location /require/any> + SSLVerifyClient require + SSLVerifyDepth 10 + </Location> + </VirtualHost> + + # An SSL vhost which can be used to trigger PR 33791 + + <VirtualHost ssl_pr33791> + SSLEngine On + + ErrorDocument 400 /index.html + + <Location /> + SSLVerifyClient require + </Location> + </VirtualHost> + + # For t/ssl/ocsp.t -- + <Location /modules/ssl/ocsp> + SetEnv SSL_CA_ROOT @sslca@/asf + </Location> + Alias /modules/ssl/ocsp @DocumentRoot@/modules/cgi/ocsp.pl + + <VirtualHost ssl_ocsp> + SSLEngine on + + # SSLOCSPResponderCertificateFile is available from 2.4.26 + <IfVersion >= 2.4.26> + SSLVerifyClient on + + SSLOCSPEnable on + SSLOCSPDefaultResponder http://@SERVERNAME@:@PORT@/modules/ssl/ocsp + SSLOCSPResponderCertificateFile @SSLCA@/asf/certs/server.crt + + # Ignore CRL check results + SSLCARevocationCheck none + </IfVersion> + </VirtualHost> + + # For t/ssl/pr43738.t: + <IfModule mod_actions.c> + Action application/x-pf-action /modules/cgi/action.pl + + AddType application/x-pf-action .pfa + </IfModule> + + <Location /modules/ssl/aes128/> + SSLCipherSuite AES128-SHA + </Location> + + <Location /modules/ssl/aes256/> + SSLCipherSuite AES256-SHA + </Location> + +</IfModule> |