diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:07 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:04:07 +0000 |
commit | 1221c736f9a90756d47ea6d28320b6b83602dd2a (patch) | |
tree | b453ba7b1393205258c9b098a773b4330984672f /debian/perl-framework/t/conf | |
parent | Adding upstream version 2.4.38. (diff) | |
download | apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.tar.xz apache2-1221c736f9a90756d47ea6d28320b6b83602dd2a.zip |
Adding debian version 2.4.38-3+deb10u8.debian/2.4.38-3+deb10u8debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/perl-framework/t/conf')
-rw-r--r-- | debian/perl-framework/t/conf/cache.conf.in | 25 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/core.conf.in | 17 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/extra.conf.in | 1320 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/http2.conf.in | 105 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/include-ssi-exec.conf.in | 499 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/include.conf.in | 77 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/proxy.conf.in | 170 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/ssl/README | 17 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/ssl/ca-bundle-duplicates.crt | 114 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/ssl/ca-bundle-sample.crt | 393 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/ssl/httpd-passphrase.pl.PL | 2 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/ssl/proxyssl.conf.in | 66 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/ssl/ssl.conf.in | 279 | ||||
-rw-r--r-- | debian/perl-framework/t/conf/vhost_alias.conf.in | 9 |
14 files changed, 3093 insertions, 0 deletions
diff --git a/debian/perl-framework/t/conf/cache.conf.in b/debian/perl-framework/t/conf/cache.conf.in new file mode 100644 index 0000000..fa06db7 --- /dev/null +++ b/debian/perl-framework/t/conf/cache.conf.in @@ -0,0 +1,25 @@ +# +# Config for mod_cache tests +# + +<IfModule mod_cache.c> + <VirtualHost mod_cache> + <IfModule mod_disk_cache.c> + + CacheEnable disk /cache/ + CacheRoot @SERVERROOT@/conf/cacheroot/ + CacheDirLevels 1 + CacheDirLength 1 + + </IfModule> + <IfModule mod_cache_disk.c> + + CacheEnable disk /cache/ + CacheRoot @SERVERROOT@/conf/cacheroot/ + CacheDirLevels 1 + CacheDirLength 1 + + </IfModule> + DocumentRoot @SERVERROOT@/htdocs/modules/cache + </VirtualHost> +</IfModule> diff --git a/debian/perl-framework/t/conf/core.conf.in b/debian/perl-framework/t/conf/core.conf.in new file mode 100644 index 0000000..10e411f --- /dev/null +++ b/debian/perl-framework/t/conf/core.conf.in @@ -0,0 +1,17 @@ +# NameVirtualHost sections for :core. All virtual hosts ending in :core +# will be converted to a set of NVH'es on the same dynamic port, so they +# are collected here. + + +<VirtualHost strict-default:core> + ServerName default-strict + <IfVersion >= 2.5.1> + # StrictHostCheck can only be configure globally or in a "default" vhost + StrictHostCheck ON + </IfVersion> +</VirtualHost> +<VirtualHost strict-nvh:core> + ServerName nvh-strict + ServerAlias nvh-strict-alias + # Implicitly StrictHostCheck ON from default VH above +</VirtualHost> diff --git a/debian/perl-framework/t/conf/extra.conf.in b/debian/perl-framework/t/conf/extra.conf.in new file mode 100644 index 0000000..abb699f --- /dev/null +++ b/debian/perl-framework/t/conf/extra.conf.in @@ -0,0 +1,1320 @@ +## +## FileETag test config +## +<Directory @SERVERROOT@/htdocs/apache/etags> + AllowOverride All + Order Deny,Allow +# Satisfy Any +</Directory> + +## +## Options override test config +## +<Directory @SERVERROOT@/htdocs/apache/htaccess/override> + AllowOverride All + Options -Includes +</Directory> + +## +## AcceptPathInfo test config +## +<IfDefine APACHE2> + <Directory @SERVERROOT@/htdocs/apache/acceptpathinfo> + # default is AcceptPathInfo default + Order Deny,Allow + Allow from all + <IfModule @CGI_MODULE@> + AddHandler cgi-script .sh + Options +ExecCGI +Includes +Indexes + </IfModule> + <IfModule mod_include.c> + DirectoryIndex index.shtml + AddOutputFilter INCLUDES shtml + </IfModule> + </Directory> + <Directory @SERVERROOT@/htdocs/apache/acceptpathinfo/on> + AcceptPathInfo on + </Directory> + <Directory @SERVERROOT@/htdocs/apache/acceptpathinfo/off> + AcceptPathInfo off + </Directory> +</IfDefine> + +## +## mod_php4/mod_php5 test config +## + +<IfModule @PHP_MODULE@> + AddType application/x-httpd-php .php + AddType application/x-httpd-php-source .phps +</IfModule> + +<IfDefine APACHE2> + <IfModule sapi_apache2.c> + AddType application/x-httpd-php .php + AddType application/x-httpd-php-source .phps + </IfModule> +</IfDefine> + +<IfModule @PHP_MODULE@> + # t/htdocs/php/arg.php et al require argc/argv in _SERVER + <Directory @SERVERROOT@/htdocs/php> + php_admin_flag "register_argc_argv" 1 + </Directory> + + <Directory @SERVERROOT@/htdocs/php/multiviews> + Options MultiViews + </Directory> + +</IfModule> + +## +## mod_expires test config +## + +<IfModule mod_expires.c> + <Directory @SERVERROOT@/htdocs/modules/expires> + ExpiresActive On + ExpiresDefault "modification plus \ + 10 years 6 months 2 weeks \ + 3 days 12 hours 30 minutes 19 seconds" + ExpiresByType text/plain M60 + ExpiresByType image/gif A120 + ExpiresByType image/jpeg A86400 + </Directory> + + <Directory @SERVERROOT@/htdocs/modules/expires/htaccess> + AllowOverride All + </Directory> +</IfModule> + +## +## mod_negotiation test config +## + +<IfModule mod_mime.c> + AddLanguage en .en + AddLanguage fr .fr + AddLanguage de .de + AddLanguage fu .fu + AddHandler type-map .var +</IfModule> + +<IfModule mod_negotiation.c> + <IfDefine APACHE1> + CacheNegotiatedDocs + </IfDefine> + + <IfDefine APACHE2> + CacheNegotiatedDocs On + </IfDefine> + + <Directory @SERVERROOT@/htdocs/modules/negotiation/en> + Options +MultiViews + LanguagePriority en fr de fu + </Directory> + + <Directory @SERVERROOT@/htdocs/modules/negotiation/de> + Options +MultiViews + LanguagePriority de en fr fu + </Directory> + + <Directory @SERVERROOT@/htdocs/modules/negotiation/fr> + Options +MultiViews + LanguagePriority fr en de fu + </Directory> + + <Directory @SERVERROOT@/htdocs/modules/negotiation/fu> + Options +MultiViews + LanguagePriority fu fr en de + </Directory> + + <IfDefine APACHE2> + <IfModule @CGI_MODULE@> + <Directory @SERVERROOT@/htdocs/modules/negotiation/query> + Options +MultiViews +ExecCGI + MultiviewsMatch any + AddHandler cgi-script .pl + </Directory> + </IfModule> + </IfDefine> + +</IfModule> + +## +## mod_rewrite test config +## + +<IfModule mod_rewrite.c> + RewriteEngine On + <IfVersion < 2.3.6> + RewriteLog @SERVERROOT@/logs/rewrite_log + RewriteLogLevel 9 + </IfVersion> + <IfVersion >= 2.3.6> + LogLevel rewrite:trace8 + </IfVersion> + + <IfDefine !APACHE1> + <IfVersion < 2.3.4> + RewriteLock @SERVERROOT@/logs/rewrite_lock + </IfVersion> + <IfVersion >= 2.3.4> + # mutex created automatically + # config needed only if file-based mutexes are used and + # default lock file dir is inappropriate + # Mutex file:/path/to/lockdir rewrite-map + </IfVersion> + </IfDefine> + <IfDefine APACHE1> + RewriteLock @SERVERROOT@/logs/rewrite_lock + </IfDefine> + RewriteMap numbers-txt txt:@SERVERROOT@/htdocs/modules/rewrite/numbers.txt + RewriteMap numbers-rnd rnd:@SERVERROOT@/htdocs/modules/rewrite/numbers.rnd + #RewriteMap numbers-dbm dbm:@SERVERROOT@/htdocs/modules/rewrite/numbers.dbm + RewriteMap numbers-prg prg:@SERVERROOT@/htdocs/modules/rewrite/numbers.pl + RewriteMap lower int:tolower + + <Directory @SERVERROOT@/htdocs/modules/rewrite> + RewriteEngine On + <IfVersion >= 2.5.0> + RewriteOptions inherit LongURLOptimization + </IfVersion> + <IfVersion < 2.5.0> + RewriteOptions inherit + </IfVersion> + + RewriteRule ^forbidden$ - [F] + RewriteRule ^gone$ - [G] + RewriteRule ^perm$ - [R=permanent] + RewriteRule ^temp$ - [R] + RewriteRule ^test\.blah$ - [T=text/html] + + ## config for testing >=< conditions + RewriteCond %{HTTP_ACCEPT} =lucky13 + RewriteRule ^$ lucky13.html [L] + + RewriteCond %{HTTP_ACCEPT} >6 + RewriteRule ^$ big.html [L] + + RewriteCond %{HTTP_ACCEPT} <1 + RewriteRule ^$ zero.html [L] + + ## config for testing rewrite maps + RewriteCond %{HTTP_ACCEPT} ^(TXT|RND|DBM|PRG)$ + RewriteRule ^([1-6])$ - [C,E=MAPTYPE:${lower:%1}] + RewriteCond %{ENV:MAPTYPE} =txt + RewriteRule ^([1-6])$ ${numbers-txt:$1}.html [S=3] + RewriteCond %{ENV:MAPTYPE} =rnd + RewriteRule ^([1-6])$ ${numbers-rnd:$1}.html [S=2] + RewriteCond %{ENV:MAPTYPE} =dbm + RewriteRule ^([1-6])$ ${numbers-dbm:$1}.html [S=1] + RewriteCond %{ENV:MAPTYPE} =prg + RewriteRule ^([1-6])$ ${numbers-prg:$1}.html [L] + + ## Proxy pass-through + RewriteRule ^proxy.html$ http://@SERVERNAME@:@PORT@/modules/rewrite/lucky13.html [L,P] + + ## Query-string append + RewriteRule ^qsa.html$ @SERVERROOT@/htdocs/modules/cgi/env.pl?foo=bar [QSA,L] + + ## Proxy and QSA + RewriteRule ^proxy-qsa.html$ http://@SERVERNAME@:@PORT@/modules/cgi/env.pl?foo=bar [QSA,L,P] + + ## Redirect, directory context + RewriteRule ^redirect-dir.html$ http://@SERVERNAME@:@PORT@/foobar.html [L,R=301] + + # PR 58231: Vary header not added to the response if the RewriteCond/Rule + # combination is in a directory context. + # Vary:Host header must not also be returned in any case. + RewriteCond %{HTTP_HOST} directory-domain + RewriteRule vary3.html vary4.html [L] + + RewriteCond %{HTTP_USER_AGENT} directory-agent + RewriteRule vary3.html vary4.html [L] + + RewriteCond %{HTTP:Accept} directory-accept [OR] + RewriteCond %{HTTP_REFERER} directory-referer + RewriteRule vary3.html vary4.html [L] + </Directory> + + # PR 58231: Vary:Host header mistakenly added to the response + RewriteCond %{HTTP_HOST} test1 + RewriteRule /modules/rewrite/vary1.html /modules/rewrite/vary2.html [L] + + RewriteCond %{HTTP:Host} test2 + RewriteRule /modules/rewrite/vary1.html /modules/rewrite/vary2.html [L] + + + ### Proxy pass-through to env.pl + RewriteRule ^/modules/rewrite/proxy2/(.*)$ http://@SERVERNAME@:@PORT@/modules/cgi/$1 [L,P] + + ### Pass-through conditional on QUERY_STRING + RewriteCond %{QUERY_STRING} horse=trigger + RewriteRule ^/modules/rewrite/proxy3/(.*)$ http://@SERVERNAME@:@PORT@/modules/cgi/$1 [L,P] + + ### Redirect, server context + RewriteRule ^/modules/rewrite/redirect.html$ http://@SERVERNAME@:@PORT@/foobar.html [L,R=301] + + <VirtualHost cve_2011_3368_rewrite> + DocumentRoot @SERVERROOT@/htdocs/modules/proxy + RewriteEngine On + RewriteRule (.*) http://localhost$1 [P] + </VirtualHost> + + # PR60478: pathological rewrite expansion + <IfVersion >= 2.4> + <Location /modules/rewrite/pr60478-rewrite-loop> + # This pair of RewriteRules will loop but should eventually 500 once we + # reach LimitRequestLine * 2 bytes. (In this case, 128 * 2 = 256.) + RewriteRule ^(.*)X(.*)$ $1x$2 + # Don't run the test machine out of memory on failure, just stop the loop + RewriteCond expr "util_strlen(%{REQUEST_FILENAME}) -lt 257" + RewriteRule X - [N] + </Location> + </IfVersion> + +</IfModule> + + +<IfModule mod_proxy.c> + <VirtualHost proxy_http_reverse> + DocumentRoot @SERVERROOT@/htdocs/modules/proxy + ProxyPass /reverse/notproxy/ ! + ProxyPass /reverse/ http://@SERVERNAME@:@PORT@/ + ProxyPassReverse /reverse/ http://@SERVERNAME@:@PORT@/ + ProxyPassReverseCookieDomain local remote + ProxyPassReverseCookiePath /local /remote + <IfVersion >= 2.4.7> + ProxyPass /uds/ unix:/tmp/test-ptf.sock|http: + </IfVersion> + <Location /reverse/locproxy/> + ProxyPass http://@SERVERNAME@:@PORT@/ + </Location> + <IfModule mod_setenvif.c> + SetEnvIf Request_URI "^/reverse/locproxy/index.html$" no-proxy + </IfModule> + </VirtualHost> + + <VirtualHost proxy_http_nofwd> + <IfVersion >= 2.3.10> + ProxyAddHeaders off + </IfVersion> + ProxyPass /reverse/ http://@SERVERNAME@:@PORT@/ + + <Proxy "*"> + # Noop config to trigger merging bug. + Require all granted + </Proxy> + </VirtualHost> + + <IfVersion >= 2.2.5> + <VirtualHost cve_2011_3368> + DocumentRoot @SERVERROOT@/htdocs/modules/proxy + ProxyPassMatch (.*) http://@SERVERNAME@$1 + </VirtualHost> + </IfVersion> +</IfModule> + +## +## @ACCESS_MODULE@ test config +## + +<IfModule @ACCESS_MODULE@> + <Directory @SERVERROOT@/htdocs/modules/access/htaccess> + AllowOverride Limit + </Directory> +</IfModule> + +## +## mod_cgi test config +## + +<IfModule @CGI_MODULE@> + AddHandler cgi-script .sh + AddHandler cgi-script .pl + ScriptLog @SERVERROOT@/logs/mod_cgi.log + <IfModule mod_cgi.c> + ScriptLogLength 40960 + </IfModule> + <IfModule !mod_cgi.c> + ScriptLogLength 8192 + </IfModule> + ScriptLogBuffer 256 + + <Directory @SERVERROOT@/htdocs/modules/cgi> + Options +ExecCGI + + <IfDefine APACHE2> + <Files acceptpathinfoon.sh> + AcceptPathInfo on + </Files> + <Files acceptpathinfooff.sh> + AcceptPathInfo off + </Files> + <Files acceptpathinfodefault.sh> + AcceptPathInfo default + </Files> + </IfDefine> + </Directory> + +</IfModule> + +## +## mod_alias test config +## + +<IfModule mod_alias.c> + Alias /alias @SERVERROOT@/htdocs/modules/alias + Alias /bogu /bogus/path/to/nothing + + AliasMatch /ali([0-9]) @SERVERROOT@/htdocs/modules/alias/$1.html + + Redirect permanent /perm http://@SERVERNAME@:@PORT@/alias + Redirect temp /temp http://@SERVERNAME@:@PORT@/alias + Redirect seeother /seeother http://@SERVERNAME@:@PORT@/alias + Redirect gone /gone + Redirect 403 /forbid + + RedirectMatch permanent /p([0-9]) http://@SERVERNAME@:@PORT@/alias/$1.html + RedirectMatch temp /t([0-9]) http://@SERVERNAME@:@PORT@/alias/$1.html + RedirectMatch seeother /s([0-9]) http://@SERVERNAME@:@PORT@/alias/$1.html + RedirectMatch gone /g([0-9]) + RedirectMatch 403 /f([0-9]) + + RedirectTemp /temp2 http://@SERVERNAME@:@PORT@/alias/index.html + RedirectPermanent /perm2 http://@SERVERNAME@:@PORT@/alias/index.html + + Redirect permanent /modules/alias/redirect-me http://@SERVERNAME@:@PORT@/modules/alias/5.html + + ScriptAlias /cgi @SERVERROOT@/htdocs/modules/alias + ScriptAliasMatch /aliascgi-(.*) @SERVERROOT@/htdocs/modules/alias/$1 + + <IfDefine APACHE2> + <IfVersion >= 2.4.19> + <LocationMatch /expr/ali(?<number>[0-9])> + Alias @SERVERROOT@/htdocs/modules/alias/%{env:MATCH_NUMBER}.html + </LocationMatch> + <LocationMatch /expr/aliascgi-(?<suffix>.*)> + ScriptAlias @SERVERROOT@/htdocs/modules/alias/%{env:MATCH_SUFFIX} + </LocationMatch> + <LocationMatch /expr/p(?<number>[0-9])> + Redirect permanent http://@SERVERNAME@:@PORT@/alias/%{env:MATCH_NUMBER}.html + </LocationMatch> + <LocationMatch /expr/t(?<number>[0-9])> + Redirect temp http://@SERVERNAME@:@PORT@/alias/%{env:MATCH_NUMBER}.html + </LocationMatch> + <LocationMatch /expr/s(?<number>[0-9])> + Redirect seeother http://@SERVERNAME@:@PORT@/alias/%{env:MATCH_NUMBER}.html + </LocationMatch> + <LocationMatch /expr/g([0-9])> + Redirect gone + </LocationMatch> + <LocationMatch /expr/f([0-9])> + Redirect 403 + </LocationMatch> + </IfVersion> + </IfDefine> +</IfModule> + +Alias /manual @inherit_documentroot@/manual +<Location /manual> + Order deny,allow + Deny from all + Allow from @servername@ +</Location> + +## +## mod_asis test config +## + +<IfModule mod_asis.c> + <Directory @SERVERROOT@/htdocs/modules/asis> + AddHandler send-as-is asis + </Directory> +</IfModule> + +## +## mod_headers test config +## + +<IfModule mod_headers.c> + <Directory @SERVERROOT@/htdocs/modules/headers/htaccess> + AllowOverride All + </Directory> + + <Directory @SERVERROOT@/htdocs/modules/headers/ssl> + AllowOverride All + </Directory> + + <VirtualHost mod_headers> + <Location /manual> + Header add mod_headers_foo bar + </Location> + </VirtualHost> + + # Should match anything mapped to disk + <DirectoryMatch ^> + Header append DMMATCH1 1 + </DirectoryMatch> +</IfModule> + +## +## mod_dir test config +## + +<IfModule mod_dir.c> + <Directory @SERVERROOT@/htdocs/modules/dir/htaccess> + AllowOverride Indexes + </Directory> +</IfModule> + +## +## mod_env test config +## + +<IfModule mod_env.c> + PassEnv APACHE_TEST_HOSTNAME + SetEnv ENV_TEST "mod_env test environment variable" + SetEnv ENV_TEST_EMPTY + UnsetEnv UNSET + + PassEnv APACHE_TEST_HOSTTYPE + UnsetEnv APACHE_TEST_HOSTTYPE + + SetEnv NOT_HERE "this will not be here" + UnsetEnv NOT_HERE + + <Directory @SERVERROOT@/htdocs/modules/env> + Options +Includes + </Directory> +</IfModule> + +## +## mod_setenvif test config +## + +<IfModule mod_setenvif.c> + <Directory @SERVERROOT@/htdocs/modules/setenvif/htaccess> + Options +Includes + AllowOverride All + </Directory> +</IfModule> + +## +## mod_dav test config +## + +<IfModule mod_dav.c> + DAVLockDB @SERVERROOT@/logs/davlock.db + + <Directory @SERVERROOT@/htdocs/modules/dav> + DAV On + </Directory> +</IfModule> + +## +## mod_autoindex test config +## + +<IfModule mod_autoindex.c> + <Directory @SERVERROOT@/htdocs/modules/autoindex/htaccess> + Options +Indexes + AllowOverride Indexes + </Directory> + <Directory @SERVERROOT@/htdocs/modules/autoindex2> + Options +Indexes + AllowOverride All + </Directory> +</IfModule> + +## +## LimitRequest* directive testing +## + +LimitRequestLine 128 +LimitRequestFieldSize 1024 +LimitRequestFields 32 +<Directory @SERVERROOT@/htdocs/apache/limits> + LimitRequestBody 65536 +</Directory> + +## +## mod_echo test config +## + +<IfModule mod_echo.c> + <VirtualHost mod_echo> + ProtocolEcho On + </VirtualHost> + + <IfModule @ssl_module@> + <VirtualHost mod_echo_ssl> + ProtocolEcho On + SSLEngine On + </VirtualHost> + </IfModule> +</IfModule> + +## +## mod_deflate test config +## +<IfDefine APACHE2> + <IfModule mod_deflate.c> + <Directory @SERVERROOT@/htdocs/modules/deflate> + SetOutputFilter DEFLATE + </Directory> + + <Directory @SERVERROOT@/htdocs/modules/deflate/ssi> + Options +Includes + DirectoryIndex default.html + AddOutputFilter INCLUDES shtml + SetOutputFilter DEFLATE + </Directory> + + <IfModule mod_bucketeer.c> + <Directory @SERVERROOT@/htdocs/modules/deflate/bucketeer> + SetOutputFilter BUCKETEER;DEFLATE + </Directory> + </IfModule> + + + <Location /modules/cgi/not-modified.pl> + SetOutputFilter DEFLATE + </Location> + + <Location /modules/deflate/echo_post> + SetInputFilter DEFLATE + SetHandler echo_post + </Location> + </IfModule> +</IfDefine> + +### pr17629.t +<IfModule mod_case_filter.c> + <Location /modules/cgi/redirect.pl> + SetOutputFilter CASEFILTER + </Location> +</IfModule> + + +## +## Test config for security issues +## +<Directory @SERVERROOT@/htdocs/security> + Options +Includes + AllowOverride All + Order allow,deny + Allow from all + + # for CVE-2005-3352 test: + AddHandler imap-file map +</Directory> + +<Directory @SERVERROOT@/htdocs/security/CAN-2004-0811> + Options +Indexes +</Directory> + +<Directory @SERVERROOT@/htdocs/security/CAN-2004-0811/sub> + Satisfy Any +</Directory> + +## +## Digest test config +## +<IfDefine APACHE2> + <IfModule mod_auth_digest.c> + Alias /digest @DocumentRoot@ + <Location /digest> + Require valid-user + AuthType Digest + AuthName realm1 + # 2.0 + <IfModule mod_auth.c> + AuthDigestFile @ServerRoot@/realm1 + </IfModule> + # 2.1 + <IfModule mod_authn_file.c> + AuthUserFile realm1 + </IfModule> + </Location> + SetEnvIf X-Browser "MSIE" AuthDigestEnableQueryStringHack=On + </IfModule> +</IfDefine> + +## +## authz_core test config: authz by user or by env (modules/aaa.t) +## +<IfDefine APACHE2> + <IfModule mod_authz_core.c> + <IfModule mod_authn_core.c> + <IfModule mod_authn_file.c> + <IfModule mod_authz_host.c> + <IfModule mod_auth_digest.c> + Alias /authz/digest @DocumentRoot@ + <Location /authz/digest> + <RequireAny> + Require valid-user + Require env allowed + </RequireAny> + AuthType Digest + AuthName realm2 + AuthUserFile realm2 + </Location> + </IfModule> + <IfModule mod_auth_basic.c> + Alias /authz/basic @DocumentRoot@ + <Location /authz/basic> + <RequireAny> + Require valid-user + Require env allowed + </RequireAny> + AuthType Basic + AuthName basic1 + AuthUserFile basic1 + </Location> + </IfModule> + <IfVersion >= 2.3.11> + <IfModule mod_auth_basic.c> + Alias /authz/fail/401 @DocumentRoot@ + Alias /authz/fail/403 @DocumentRoot@ + <Location /authz/fail> + Require user foo + AuthType Basic + AuthName basic1 + AuthUserFile basic1 + </Location> + <Location /authz/fail/403> + AuthzSendForbiddenOnFailure On + </Location> + </IfModule> + </IfVersion> + <IfModule mod_auth_form.c> + <IfModule mod_session_cookie.c> + Alias /authz/form @DocumentRoot@ + <Location /authz/form> + AuthFormLoginRequiredLocation http://@SERVERNAME@:@PORT@/authz/login.html + AuthFormLoginSuccessLocation http://@SERVERNAME@:@PORT@/authz/form/ + AuthFormProvider file + AuthType Form + AuthUserFile form1 + AuthName form1 + Session On + SessionCookieName session path=/ + <RequireAny> + Require valid-user + Require env allowed + </RequireAny> + </Location> + <Location /authz/form/dologin.html> + SetHandler form-login-handler + Require all granted + </Location> + </IfModule> + </IfModule> + SetEnvIf X-Allowed "yes" allowed + </IfModule> + </IfModule> + </IfModule> + </IfModule> +</IfDefine> + +## +## authz_core test config: authz merging (modules/authz_core.t) +## +<IfDefine APACHE2> + <IfModule mod_authz_core.c> + <IfModule mod_authn_core.c> + <IfModule mod_authz_host.c> + <Directory @DocumentRoot@/authz_core/> + AllowOverride all + </Directory> + + SetEnvIf X-Allowed1 "yes" allowed1 + SetEnvIf X-Allowed2 "yes" allowed2 + SetEnvIf X-Allowed3 "yes" allowed3 + SetEnvIf X-Allowed4 "yes" allowed4 + </IfModule> + </IfModule> + </IfModule> +</IfDefine> + + +## +## ErrorDocument handling +## create it's own virtual host so it doesn't interfere +## with other tests for 404 messages +## +<VirtualHost _default_:error_document> + ErrorDocument 404 "per-server 404 + + <Location /redefine> + ErrorDocument 404 "per-dir 404 + </Location> + + <Location /inherit> + # nothing here + </Location> + + <Location /bounce> + ErrorDocument 404 /modules/expires/expire.html + </Location> + + <Location /restore> + # special "default" value = restore canned error response + ErrorDocument 404 default + </Location> + + <Directory @DocumentRoot@/apache> + ErrorDocument 404 "testing merge + </Directory> + + <Directory @DocumentRoot@/apache/etag> + # 404 should be inherited from /apache + ErrorDocument 500 "hmph + </Directory> + +</VirtualHost> + +<Directory @DocumentRoot@/modules/filter/byterange/pr61860> + Header always set TestDuplicateHeader "shouldnotbeduplicated" +</Directory> + +<IfModule mod_bucketeer.c> + <Directory @DocumentRoot@/apache/chunked> + SetOutputFilter BUCKETEER + </Directory> +</IfModule> + +<IfModule mod_status.c> + ExtendedStatus On +</IfModule> + +<IfModule mod_filter.c> + <IfModule mod_case_filter.c> + <Location /modules/cgi/xother.pl> + FilterDeclare xother CONTENT_SET + <IfVersion >= 2.3.9> + FilterProvider xother CASEFILTER "resp('X-Foo') == 'bar'" + </IfVersion> + <IfVersion < 2.3.0> + FilterProvider xother CASEFILTER resp=X-Foo bar + </IfVersion> + FilterChain xother + </Location> + </IfModule> + + <Directory @SERVERROOT@/htdocs/modules/filter/pr49328> + Options +Includes + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + + <IfModule mod_deflate.c> + FilterDeclare pr49328 CONTENT_SET + <IfVersion < 2.3.0> + FilterProvider pr49328 DEFLATE resp=Content-Type $text/ + </IfVersion> + <IfVersion >= 2.3.0> + <IfVersion < 2.3.9> + FilterProvider pr49328 DEFLATE "$content-type = /text\//" + </IfVersion> + </IfVersion> + <IfVersion >= 2.3.9> + FilterProvider pr49328 DEFLATE "%{CONTENT_TYPE} =~ m!text/!" + </IfVersion> + FilterChain pr49328 + </IfModule> + </Directory> + <Directory @SERVERROOT@/htdocs/modules/filter/bytype> + <IfModule mod_deflate.c> + AddOutputFilterByType DEFLATE application/xml + AddOutputFilterByType DEFLATE text/css + </IfModule> + <IfModule mod_case_filter.c> + AddOutputFilterByType CASEFILTER application/xml + AddOutputFilterByType CASEFILTER text/plain + </IfModule> + </Directory> +</IfModule> + +## +## LogLevel configuration +## +<IfDefine APACHE2> + <IfVersion >= 2.3.6> + <Directory @SERVERROOT@/htdocs/apache/loglevel/core_crit> + LogLevel info core:crit + </Directory> + <Directory @SERVERROOT@/htdocs/apache/loglevel/core_info> + LogLevel crit core:info + </Directory> + <Directory @SERVERROOT@/htdocs/apache/loglevel/crit> + LogLevel crit + </Directory> + <Directory @SERVERROOT@/htdocs/apache/loglevel/crit/core_info> + LogLevel core:info + </Directory> + <Directory @SERVERROOT@/htdocs/apache/loglevel/crit/core_info/crit> + LogLevel crit + </Directory> + <Directory @SERVERROOT@/htdocs/apache/loglevel/info> + LogLevel info + </Directory> + <Directory @SERVERROOT@/htdocs/apache/loglevel/info/core_crit> + LogLevel core:crit + </Directory> + <Directory @SERVERROOT@/htdocs/apache/loglevel/info/core_crit/info> + LogLevel info + </Directory> + </IfVersion> +</IfDefine> + +<Directory @SERVERROOT@/htdocs/apache/cfg_getline/> + AllowOverride All + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + Options +Includes +</Directory> + +<Directory @SERVERROOT@/htdocs/modules/substitute/> + AllowOverride All +</Directory> + +## +## expression parser test config +## + +<IfVersion >= 2.3.9> + <Directory @SERVERROOT@/htdocs/apache/expr/> + AllowOverride All + <IfModule mod_log_debug.c> + AllowOverrideList LogMessage + </IfModule> + </Directory> +</IfVersion> + +<IfDefine APACHE2> + <IfVersion >= 2.3.11> + <IfModule mod_headers.c> + <IfModule mod_proxy.c> + ProxyPass /if_sec/proxy/ http://@SERVERNAME@:@PORT@/ + + # Directory context + <Directory @SERVERROOT@/htdocs/if_sec/dir/> + <If "-n %{REQ:In-If1}"> + Header merge Out-Trace dir1 + <If "-n %{REQ:In-If11}"> + Header merge Out-Trace nested11 + <If "-n %{REQ:In-If111}"> + Header merge Out-Trace nested111 + </If> + <Elseif "-n %{REQ:In-If112}"> + Header merge Out-Trace nested112 + </Elseif> + <Else> + Header merge Out-Trace nested113 + </Else> + </If> + </If> + <If "-n %{REQ:In-If2}"> + Header merge Out-Trace dir2 + </If> + <Files *.txt> + <If "-n %{REQ:In-If1}"> + Header merge Out-Trace dir_files1 + </If> + </Files> + </Directory> + + # Location context + <Location /if_sec/proxy/> + <If "-n %{REQ:In-If1}"> + Header merge Out-Trace locp1 + </If> + <If "-n %{REQ:In-If2}"> + Header merge Out-Trace locp2 + </If> + </Location> + <Location /if_sec/loc/> + <If "-n %{REQ:In-If1}"> + Header merge Out-Trace loc1 + <If "-n %{REQ:In-If11}"> + Header merge Out-Trace nested11 + <If "-n %{REQ:In-If111}"> + Header merge Out-Trace nested111 + </If> + <Elseif "-n %{REQ:In-If112}"> + Header merge Out-Trace nested112 + </Elseif> + <Else> + Header merge Out-Trace nested113 + </Else> + </If> + </If> + <If "-n %{REQ:In-If2}"> + Header merge Out-Trace loc2 + </If> + </Location> + + # Files context + <Files *.if_test> + <If "-n %{REQ:In-If2}"> + Header merge Out-Trace files2 + <If "-n %{REQ:In-If11}"> + Header merge Out-Trace nested11 + <If "-n %{REQ:In-If111}"> + Header merge Out-Trace nested111 + </If> + <Elseif "-n %{REQ:In-If112}"> + Header merge Out-Trace nested112 + </Elseif> + <Else> + Header merge Out-Trace nested113 + </Else> + </If> + </If> + </Files> + + # Global context + <If "-n %{REQ:In-If1}"> + Header merge Out-Trace global1 + <If "-n %{REQ:In-If11}"> + Header merge Out-Trace nested11 + <If "-n %{REQ:In-If111}"> + Header merge Out-Trace nested111 + </If> + <Elseif "-n %{REQ:In-If112}"> + Header merge Out-Trace nested112 + </Elseif> + <Else> + Header merge Out-Trace nested113 + </Else> + </If> + </If> + </IfModule> + </IfModule> + </IfVersion> +</IfDefine> + +<IfDefine APACHE2> + <IfVersion >= 2.3.15> + <IfModule mod_alias.c> + AliasMatch /maxranges/([^/])+/ @SERVERROOT@/htdocs/apache/chunked/byteranges.txt + <Location /maxranges/none/> + MaxRanges none + </Location> + <Location /maxranges/default-explicit/> + MaxRanges default + </Location> + <Location /maxranges/1/> + MaxRanges 1 + </Location> + <Location /maxranges/2/> + MaxRanges 2 + </Location> + <Location /maxranges/1/merge/none/> + MaxRanges none + </Location> + <Location /maxranges/unlimited/> + MaxRanges unlimited + </Location> + </IfModule> + </IfVersion> + <IfVersion >= 2.2.21> + <IfModule mod_alias.c> + AliasMatch /maxranges/([^/])+/ @SERVERROOT@/htdocs/apache/chunked/byteranges.txt + <Location /maxranges/none/> + MaxRanges none + </Location> + <Location /maxranges/default-explicit/> + MaxRanges default + </Location> + <Location /maxranges/1/> + MaxRanges 1 + </Location> + <Location /maxranges/2/> + MaxRanges 2 + </Location> + <Location /maxranges/1/merge/none/> + MaxRanges none + </Location> + <Location /maxranges/unlimited/> + MaxRanges unlimited + </Location> + </IfModule> + </IfVersion> + +</IfDefine> + +<IfModule mod_lua.c> + AddHandler lua-script .lua + LuaHookTranslateName @SERVERROOT@/htdocs/modules/lua/translate.lua translate_name + <Location /modules/lua/translate-inherit-after> + LuaHookTranslateName @SERVERROOT@/htdocs/modules/lua/translate.lua translate_name2 + LuaInherit parent-last + </Location> + <Location /modules/lua/translate-inherit-before> + LuaHookTranslateName @SERVERROOT@/htdocs/modules/lua/translate.lua translate_name2 + LuaInherit parent-first + </Location> + <Location /modules/lua/translate-inherit-default-before> + LuaHookTranslateName @SERVERROOT@/htdocs/modules/lua/translate.lua translate_name2 + # default: LuaInherit parent-first + </Location> +</IfModule> + +# +# Strict HTTP mode test config +# +<IfDefine APACHE2> + <IfVersion >= 2.2.32> + <Directory @SERVERROOT@/htdocs/apache/http_strict> + Options +ExecCGI + AddHandler cgi-script .pl + </Directory> + <VirtualHost _default_:http_unsafe> + DocumentRoot @SERVERROOT@/htdocs/ + HttpProtocolOptions Unsafe Allow0.9 + <IfModule mod_headers.c> + <Location /regression-header> + # Use two examples to ensure multiple bad headers are caught + # Note the vertical tab (^K or 0x0B) embedded in the header value + Header always set X-Bad "verticaltab" + Header always set X?Bad "badly named header" + </Location> + </IfModule> + </VirtualHost> + <VirtualHost _default_:http_strict> + DocumentRoot @SERVERROOT@/htdocs/ + HttpProtocolOptions Strict Require1.0 RegisteredMethods + <IfModule mod_headers.c> + <Location /regression-header> + # Use two examples to ensure multiple bad headers are caught + # Note the vertical tab (^K or 0x0B) embedded in the header value + Header always set X-Bad "verticaltab" + Header always set X?Bad "badly named header" + </Location> + </IfModule> + </VirtualHost> + </IfVersion> +</IfDefine> + +# +# mod_brotli test config +# +<IfDefine APACHE2> + <IfModule mod_alias.c> + <IfModule mod_brotli.c> + # Reuse existing data for mod_deflate + Alias /only_brotli @SERVERROOT@/htdocs/modules/deflate + <Location /only_brotli> + SetOutputFilter BROTLI_COMPRESS + </Location> + + <IfModule mod_deflate.c> + Alias /brotli_and_deflate @SERVERROOT@/htdocs/modules/deflate + <Location /brotli_and_deflate> + SetOutputFilter BROTLI_COMPRESS;DEFLATE + </Location> + </IfModule> + </IfModule> + </IfModule> +</IfDefine> + +# +# <IfFile> test config (see t/apache/iffile.t) +# +<IfDefine APACHE2> + <IfVersion >= 2.4.34> + <IfModule mod_headers.c> + + <Location /apache/iffile> + # First, the IfFiles that should succeed. + <IfFile htdocs/apache/iffile/document> + Header merge X-Out success1 + </IfFile> + <IfFile !htdocs/apache/iffile/doesnotexist> + Header merge X-Out success2 + </IfFile> + <IfFile htdocs/apache/iffile> + Header merge X-Out success3 + </IfFile> + <IfFile @SERVERROOT@/htdocs/apache/iffile/document> + Header merge X-Out success4 + </IfFile> + <IfFile "htdocs/apache/iffile/document"> + Header merge X-Out success5 + </IfFile> + # Followed by the IfFiles that should fail. + <IfFile !htdocs/apache/iffile/document> + Header merge X-Out fail1 + </IfFile> + <IfFile htdocs/apache/iffile/doesnotexist> + Header merge X-Out fail2 + </IfFile> + <IfFile !htdocs/apache/iffile> + Header merge X-Out fail3 + </IfFile> + <IfFile !@SERVERROOT@/htdocs/apache/iffile/document> + Header merge X-Out fail4 + </IfFile> + <IfFile !"htdocs/apache/iffile/document"> + Header merge X-Out fail5 + </IfFile> + </Location> + + </IfModule> + </IfVersion> +</IfDefine> + + +# +# t/modules/ext_filter.t test config +# +<IfDefine APACHE2> + <IfModule mod_ext_filter.c> + ExtFilterDefine foo-to-bar mode=output cmd="@SERVERROOT@/htdocs/modules/ext_filter/eval-cmd.pl s,foo,bar,g" + ExtFilterDefine ifoo-to-bar mode=input cmd="@SERVERROOT@/htdocs/modules/ext_filter/eval-cmd.pl s,foo,bar,g" + ExtFilterDefine sleepy-cat-out mode=output cmd=@SERVERROOT@/htdocs/modules/ext_filter/sleepycat.pl + ExtFilterDefine sleepy-cat-in mode=input cmd=@SERVERROOT@/htdocs/modules/ext_filter/sleepycat.pl + AliasMatch /apache/extfilter/[^/]+/(.*) @DocumentRoot@/$1 + + <Location /apache/extfilter/out-foo> + SetOutputFilter foo-to-bar + </Location> + + <Location /apache/extfilter/out-slow> + SetOutputFilter sleepy-cat-out + </Location> + + <Location /apache/extfilter/in-foo> + SetInputFilter ifoo-to-bar + </Location> + + <Location /apache/extfilter/out-limit> + SetOutputFilter foo-to-bar + LimitRequestBody 6 + </Location> + +</IfModule> +</IfDefine> + +## +## mod_ssl_ct configuration +## +<IfModule mod_ssl_ct.c> + # If mod_ssl_ct is loaded, CTSCTStorage is needed to pass the configtest. + CTSCTStorage . +</IfModule> + +## +## mod_remote_ip configuration +## +<IfModule mod_remoteip.c> + <VirtualHost remote_ip> + DocumentRoot @SERVERROOT@/htdocs/modules/remoteip + <IfVersion >= 2.4.30> + RemoteIPProxyProtocol On + </IfVersion> + </VirtualHost> +</IfModule> + + +<IfModule mod_ratelimit.c> + AliasMatch ^/apache/ratelimit/autoindex/$ @SERVERROOT@/htdocs/ + AliasMatch ^/apache/ratelimit/$ @SERVERROOT@/htdocs/index.html + <Location /apache/ratelimit/> + Options +Indexes + SetOutputFilter RATE_LIMIT + <IfModule mod_env.c> + SetEnv rate-limit 1024 + SetEnv rate-initial-burst 512 + </IfModule> + </Location> + <Location /apache/ratelimit/chunk> + SetHandler random_chunk + </Location> +</IfModule> + +<IfModule mod_reflector.c> + <Location /apache/reflector_nodeflate/> + SetHandler reflector + # Do not set any filter + ReflectorHeader header2reflect + ReflectorHeader header2update header2updateUpdated + </Location> + <Location /apache/reflector_deflate/> + SetHandler reflector + SetOutputFilter DEFLATE + ReflectorHeader header2reflect + ReflectorHeader header2update header2updateUpdated + </Location> +</IfModule> + +<IfModule mod_allowmethods.c> + <Directory @SERVERROOT@/htdocs/modules/allowmethods> + Options +Indexes + </Directory> + <Directory @SERVERROOT@/htdocs/modules/allowmethods/Get> + AllowMethods GET + </Directory> + <Directory @SERVERROOT@/htdocs/modules/allowmethods/Head> + AllowMethods HEAD + </Directory> + <Directory @SERVERROOT@/htdocs/modules/allowmethods/Post> + AllowMethods POST + </Directory> + <Directory @SERVERROOT@/htdocs/modules/allowmethods/Post/reset> + AllowMethods reset + </Directory> +</IfModule> + +<IfModule mod_buffer.c> + <IfModule mod_reflector.c> + <Location /apache/buffer_in/> + SetHandler reflector + SetInputFilter BUFFER + </Location> + <Location /apache/buffer_out/> + SetHandler reflector + SetOutputFilter BUFFER + </Location> + <Location /apache/buffer_in_out/> + SetHandler reflector + SetInputFilter BUFFER + SetOutputFilter BUFFER + </Location> + </IfModule> +</IfModule> + +<IfModule mod_data.c> + <Directory @SERVERROOT@/htdocs/modules/data/> + SetOutputFilter DATA + </Directory> +</IfModule> + +<IfModule mod_usertrack.c> + <Directory @SERVERROOT@/htdocs/modules/usertrack/> + CookieTracking on + CookieName usertrack_test + CookieExpires "60 seconds" + </Directory> +</IfModule> + +<IfModule mod_session_cookie.c> + <Directory @SERVERROOT@/htdocs/modules/session_cookie> + Session On + SessionCookieName thisisatest path=/ + SessionMaxAge 1 + </Directory> +</IfModule> + +<IfModule mod_speling.c> + <Directory @SERVERROOT@/htdocs/modules/speling/nocase/> + CheckSpelling on + </Directory> + <Directory @SERVERROOT@/htdocs/modules/speling/caseonly/> + CheckSpelling on + CheckCaseOnly on + </Directory> +</IfModule> diff --git a/debian/perl-framework/t/conf/http2.conf.in b/debian/perl-framework/t/conf/http2.conf.in new file mode 100644 index 0000000..2e6ca67 --- /dev/null +++ b/debian/perl-framework/t/conf/http2.conf.in @@ -0,0 +1,105 @@ +## +## mod_http2 test config +## + +<IfDefine APACHE2> + <IfModule http2_module> + + LogLevel http2:debug + + <VirtualHost h2c> + Protocols h2c http/1.1 + + <IfModule @CGI_MODULE@> + <Directory @SERVERROOT@/htdocs/modules/h2> + Options +ExecCGI + AddHandler cgi-script .pl + + </Directory> + </IfModule> + + <Location /modules/h2/hello.pl> + </Location> + <IfModule mod_rewrite.c> + RewriteEngine on + RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC] + </IfModule> + + </VirtualHost> + + <IfModule @ssl_module@> + + <VirtualHost @SERVERNAME@:h2> + Protocols h2 http/1.1 + H2Direct on + + SSLEngine on + SSLCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLCACertificatePath @ServerRoot@/conf/ssl + SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + SSLCARevocationCheck chain + + # taken from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + # + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK + SSLProtocol All -SSLv2 -SSLv3 + SSLOptions +StdEnvVars + + <IfVersion >= 2.4.18> + # need this off as long as we ran on old openssl + H2ModernTLSOnly off + </IfVersion> + + <IfModule @CGI_MODULE@> + <Directory @SERVERROOT@/htdocs/modules/h2> + Options +ExecCGI + AddHandler cgi-script .pl + </Directory> + </IfModule> + + <Location /modules/h2/hello.pl> + </Location> + <IfModule mod_rewrite.c> + RewriteEngine on + RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC] + </IfModule> + + </VirtualHost> + + <VirtualHost noh2.example.org:h2> + Protocols http/1.1 + H2Direct off + </VirtualHost> + + <VirtualHost test.example.org:h2> + Protocols h2 http/1.1 + H2Direct on + + SSLEngine on + SSLCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLCACertificatePath @ServerRoot@/conf/ssl + SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + SSLCARevocationCheck chain + + # taken from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + # + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK + SSLProtocol All -SSLv2 -SSLv3 + SSLOptions +StdEnvVars + + </VirtualHost> + + <VirtualHost test2.example.org:h2> + Protocols http/1.1 h2 + H2Direct on + </VirtualHost> + + <VirtualHost test-ser.example.org:h2> + </VirtualHost> + + </ifModule> + + </IfModule> + +</IfDefine> + diff --git a/debian/perl-framework/t/conf/include-ssi-exec.conf.in b/debian/perl-framework/t/conf/include-ssi-exec.conf.in new file mode 100644 index 0000000..42b72f9 --- /dev/null +++ b/debian/perl-framework/t/conf/include-ssi-exec.conf.in @@ -0,0 +1,499 @@ +# Test cases for Includes options inheritance, see test case +# t/security/CVE-2009-1195.t + +<IfDefine !APACHE1> +<IfVersion >= 2.1.0> +<IfModule mod_include.c> + +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/1"> + Options None + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/2"> + Options None + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/3"> + Options None + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/4"> + Options None + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/5"> + Options None + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/6"> + Options None + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/7"> + Options None + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/8"> + Options None + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/9"> + Options None + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/10"> + Options None + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/11"> + Options None + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/12"> + Options None + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/13"> + Options None + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/14"> + Options None + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/15"> + Options None + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/16"> + Options None + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/17"> + Options None + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/18"> + Options None + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/19"> + Options None + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/20"> + Options None + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/21"> + Options None + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/22"> + Options None + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/23"> + Options None + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/24"> + Options None + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/25"> + Options None + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/26"> + Options None + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/27"> + Options None + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/28"> + Options None + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/29"> + Options None + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/30"> + Options None + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/31"> + Options None + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/32"> + Options None + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/33"> + Options None + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/34"> + Options None + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/35"> + Options None + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/36"> + Options None + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/37"> + Options None + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/38"> + Options None + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/39"> + Options None + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/40"> + Options None + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/41"> + Options IncludesNoExec + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/42"> + Options IncludesNoExec + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/43"> + Options IncludesNoExec + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/44"> + Options IncludesNoExec + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/45"> + Options IncludesNoExec + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/46"> + Options IncludesNoExec + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/47"> + Options IncludesNoExec + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/48"> + Options IncludesNoExec + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/49"> + Options IncludesNoExec + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/50"> + Options IncludesNoExec + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/51"> + Options IncludesNoExec + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/52"> + Options IncludesNoExec + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/53"> + Options IncludesNoExec + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/54"> + Options IncludesNoExec + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/55"> + Options IncludesNoExec + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/56"> + Options IncludesNoExec + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/57"> + Options IncludesNoExec + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/58"> + Options IncludesNoExec + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/59"> + Options IncludesNoExec + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/60"> + Options IncludesNoExec + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/61"> + Options IncludesNoExec + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/62"> + Options IncludesNoExec + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/63"> + Options IncludesNoExec + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/64"> + Options IncludesNoExec + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/65"> + Options IncludesNoExec + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/66"> + Options IncludesNoExec + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/67"> + Options IncludesNoExec + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/68"> + Options IncludesNoExec + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/69"> + Options IncludesNoExec + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/70"> + Options IncludesNoExec + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/71"> + Options IncludesNoExec + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/72"> + Options IncludesNoExec + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/73"> + Options IncludesNoExec + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/74"> + Options IncludesNoExec + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/75"> + Options IncludesNoExec + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/76"> + Options IncludesNoExec + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/77"> + Options IncludesNoExec + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/78"> + Options IncludesNoExec + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/79"> + Options IncludesNoExec + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/80"> + Options IncludesNoExec + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/81"> + Options Includes + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/82"> + Options Includes + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/83"> + Options Includes + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/84"> + Options Includes + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/85"> + Options Includes + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/86"> + Options Includes + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/87"> + Options Includes + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/88"> + Options Includes + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/89"> + Options Includes + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/90"> + Options Includes + AllowOverride Options=IncludesNoExec +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/91"> + Options Includes + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/92"> + Options Includes + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/93"> + Options Includes + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/94"> + Options Includes + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/95"> + Options Includes + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/96"> + Options Includes + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/97"> + Options Includes + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/98"> + Options Includes + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/99"> + Options Includes + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/100"> + Options Includes + AllowOverride Options=Includes +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/101"> + Options Includes + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/102"> + Options Includes + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/103"> + Options Includes + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/104"> + Options Includes + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/105"> + Options Includes + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/106"> + Options Includes + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/107"> + Options Includes + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/108"> + Options Includes + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/109"> + Options Includes + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/110"> + Options Includes + AllowOverride All +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/111"> + Options Includes + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/112"> + Options Includes + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/113"> + Options Includes + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/114"> + Options Includes + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/115"> + Options Includes + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/116"> + Options Includes + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/117"> + Options Includes + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/118"> + Options Includes + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/119"> + Options Includes + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/120"> + Options Includes + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/121"> + Options Includes + AllowOverride None +</Directory> +<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/120/subdir"> +# Just a dummy directive that is always available to make this a valid block + FileETag All +</Directory> + +</IfModule> +</IfVersion> +</IfDefine> diff --git a/debian/perl-framework/t/conf/include.conf.in b/debian/perl-framework/t/conf/include.conf.in new file mode 100644 index 0000000..7e686b9 --- /dev/null +++ b/debian/perl-framework/t/conf/include.conf.in @@ -0,0 +1,77 @@ +## +## mod_include test config +## + +<IfModule mod_include.c> + + AddType text/html .shtml + + <IfDefine APACHE1> + AddHandler server-parsed .shtml + </IfDefine> + <IfDefine APACHE2> + AddOutputFilter INCLUDES .shtml + </IfDefine> + + <Directory @SERVERROOT@/htdocs/modules/include> + <IfVersion >= 2.3.13> + SSILegacyExprParser on + </IfVersion> + Options +IncludesNOEXEC + </Directory> + + <Directory @SERVERROOT@/htdocs/modules/include/apexpr> + <IfVersion >= 2.3.13> + SSILegacyExprParser off + </IfVersion> + Options +IncludesNOEXEC + </Directory> + + <Directory @SERVERROOT@/htdocs/modules/include/xbithack/on> + Options +IncludesNOEXEC + XBitHack on + </Directory> + + <Directory @SERVERROOT@/htdocs/modules/include/xbithack/both> + Options Includes + XBitHack on + </Directory> + + <Directory @SERVERROOT@/htdocs/modules/include/xbithack/full> + Options +IncludesNOEXEC + XBitHack full + </Directory> + + <Directory @SERVERROOT@/htdocs/modules/include/exec/on> + Options Includes + </Directory> + + <IfDefine APACHE2> + <IfModule mod_bucketeer.c> + <Directory @SERVERROOT@/htdocs/modules/include/bucketeer> + SetOutputFilter BUCKETEER + </Directory> + </IfModule> + </IfDefine> + + <VirtualHost ssi-default:mod_include> + # fallback host + </VirtualHost> + + <IfDefine APACHE2> + <VirtualHost retagged1:mod_include> + SSIStartTag ---> + SSIEndTag ---> + </VirtualHost> + + <VirtualHost retagged2:mod_include> + SSIStartTag ---> + SSIEndTag printenw + </VirtualHost> + + <VirtualHost echo1:mod_include> + SSIUndefinedEcho "<!-- pass undefined echo -->" + </VirtualHost> + </IfDefine> + +</IfModule> diff --git a/debian/perl-framework/t/conf/proxy.conf.in b/debian/perl-framework/t/conf/proxy.conf.in new file mode 100644 index 0000000..5f740cd --- /dev/null +++ b/debian/perl-framework/t/conf/proxy.conf.in @@ -0,0 +1,170 @@ +#t/TEST -proxy + +<IfModule mod_proxy.c> + + <VirtualHost _default_:mod_proxy> + ProxyRequests On + </VirtualHost> + +</IfModule> + +<IfModule mod_proxy_hcheck.c> + # Suppress the error_log spam every 100ms watchdog cycle at trace5 + LogLevel proxy_hcheck:trace4 +</IfModule> + +<IfModule mod_proxy_balancer.c> + + <VirtualHost proxy_http_bal1> + DocumentRoot @SERVERROOT@/htdocs + </VirtualHost> + + <VirtualHost proxy_http_bal2> + DocumentRoot @SERVERROOT@/htdocs + </VirtualHost> + + <VirtualHost proxy_http_balancer> + <Proxy balancer://foo1> + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1 + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL2_PORT@ loadfactor=1 + </Proxy> + + <Proxy balancer://foo2> + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1 + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL2_PORT@ loadfactor=1 + </Proxy> + + <Proxy balancer://foo3> + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1 + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL2_PORT@ loadfactor=1 + </Proxy> + + <Proxy balancer://foo4> + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1 + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL2_PORT@ loadfactor=1 + </Proxy> + + ProxySet balancer://foo1 lbmethod=byrequests + ProxySet balancer://foo2 lbmethod=bytraffic + ProxySet balancer://foo3 lbmethod=bybusyness + <IfVersion >= 2.3.0> + ProxySet balancer://foo4 lbmethod=heartbeat + </IfVersion> + + <Location /baltest1> + ProxyPass balancer://foo1/ + </Location> + + <Location /baltest2> + ProxyPass balancer://foo2/ + </Location> + + <Location /baltest3> + ProxyPass balancer://foo3/ + </Location> + + <IfVersion >= 2.3.0> + <Location /baltest4> + # TODO heartbeat needs additional configuration to have it work + ProxyPass balancer://foo4/ + </Location> + </IfVersion> + + ## PR 45434 tests + <Proxy balancer://pr45434> + BalancerMember http://@SERVERNAME@:@PORT@/modules + </Proxy> + + ProxyPass /pr45434 balancer://pr45434/alias + ProxyPassReverse /pr45434 balancer://pr45434/alias + + </VirtualHost> + +</IfModule> + +# +# Test config for FCGI (see t/modules/proxy_fcgi.t) +# +<IfModule mod_proxy_fcgi.c> + # XXX we have no way to retrieve the NextAvailablePort from Apache::Test... + Define FCGI_PORT @NextAvailablePort@ + + <VirtualHost proxy_fcgi> + <IfVersion >= 2.4.26> + # ProxyFCGISetEnvIf tests + <Location /fcgisetenv> + SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT} + + ProxyFCGISetEnvIf true QUERY_STRING test_value + ProxyFCGISetEnvIf true TEST_EMPTY + ProxyFCGISetEnvIf false TEST_NOT_SET + ProxyFCGISetEnvIf true TEST_DOCROOT "%{DOCUMENT_ROOT}" + ProxyFCGISetEnvIf "reqenv('GATEWAY_INTERFACE') =~ m#CGI/(.\..)#" TEST_CGI_VERSION "v$1" + ProxyFCGISetEnvIf true !REMOTE_ADDR + </Location> + </IfVersion> + + <Directory @SERVERROOT@/htdocs/modules/proxy/fcgi> + <FilesMatch \.php$> + SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT} + </FilesMatch> + </Directory> + + <IfVersion >= 2.4.26> + <Directory @SERVERROOT@/htdocs/modules/proxy/fcgi-generic> + ProxyFCGIBackendType GENERIC + <FilesMatch \.php$> + SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT} + </FilesMatch> + </Directory> + <Directory @SERVERROOT@/htdocs/php/fpm> + ProxyFCGIBackendType FPM + </Directory> + </IfVersion> + + <IfModule mod_rewrite.c> + <IfVersion >= 2.4.26> + <Directory @SERVERROOT@/htdocs/modules/proxy/fcgi-generic-rewrite> + ProxyFCGIBackendType GENERIC + RewriteEngine On + RewriteRule ^.*\.php(/.*)?$ fcgi://127.0.0.1:${FCGI_PORT}@SERVERROOT@/htdocs/modules/proxy/fcgi-generic-rewrite/$0 [L,P] + </Directory> + </IfVersion> + + <Directory @SERVERROOT@/htdocs/modules/proxy/fcgi-rewrite-path-info> + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^.*$ index.php/$0 [L] + <Files index.php> + SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT} + </Files> + </Directory> + </IfModule> + + <IfModule mod_actions.c> + #AddType application/x-php-fpm .php + Action application/x-php-fpm /php/fpm/action virtual + <Location /php/fpm/action> + SetHandler proxy:fcgi://localhost:9001 + </Location> + <Directory @SERVERROOT@/htdocs/modules/proxy/fcgi-action> + AddType application/x-fcgi-action .php + Action application/x-fcgi-action /fcgi-action-virtual virtual + </Directory> + <Location /fcgi-action-virtual> + SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT} + </Location> + Action application/x-php-fpm /php-fpm-pp/ + ProxyPass /php-fpm-pp/ fcgi://localhost:9001/@SERVERROOT@/htdocs/ + ProxyPassReverse /php-fpm-pp/ fcgi://localhost:9001/@SERVERROOT@/htdocs/ + </IfModule> + + + </VirtualHost> +</IfModule> + +<IfModule mod_rewrite.c> + <Directory @SERVERROOT@/htdocs/modules/proxy/rewrite> + AllowOverride All + </Directory> +</IfModule> diff --git a/debian/perl-framework/t/conf/ssl/README b/debian/perl-framework/t/conf/ssl/README new file mode 100644 index 0000000..dc86a58 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/README @@ -0,0 +1,17 @@ +certs/ + client_revoked.crt - client certificate that has been revoked + client_ok.crt - valid client certificate + client_snakeoil.crt - valid client certificate (different DN from above) + server.crt - the server certificate + ca-bundle.crt - the test server CA certificate, used to + sign above certs + +keys/ - private keys for above certificates + client_revoked.pem + client_ok.pem + client_snakeoil.pem + server.pem + +crl/ + ca-bundle.crl - certificate revocation list (client_revoked.crt) + diff --git a/debian/perl-framework/t/conf/ssl/ca-bundle-duplicates.crt b/debian/perl-framework/t/conf/ssl/ca-bundle-duplicates.crt new file mode 100644 index 0000000..ca35140 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/ca-bundle-duplicates.crt @@ -0,0 +1,114 @@ +#some duplicates of certs found in mod_ssl-2.x.x-1.3.xx/pkg.sslcfg/ca-bundle.crt +#to make sure mod_ssl can handle duplicates + +ABAecom (sub., Am. Bankers Assn.) Root CA +========================================= +MD5 Fingerprint: 82:12:F7:89:E1:0B:91:60:A4:B6:22:9F:94:68:11:92 +PEM Data: +-----BEGIN CERTIFICATE----- +MIID+DCCAuCgAwIBAgIRANAeQJAAACdLAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw +gYwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExh +a2UgQ2l0eTEYMBYGA1UEChMPWGNlcnQgRVogYnkgRFNUMRgwFgYDVQQDEw9YY2Vy +dCBFWiBieSBEU1QxITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAe +Fw05OTA3MTQxNjE0MThaFw0wOTA3MTExNjE0MThaMIGMMQswCQYDVQQGEwJVUzEN +MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxGDAWBgNVBAoT +D1hjZXJ0IEVaIGJ5IERTVDEYMBYGA1UEAxMPWGNlcnQgRVogYnkgRFNUMSEwHwYJ +KoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCtVBjetL/3reh0qu2LfI/C1HUa1YS5tmL8ie/kl2GS+x24 +4VpHNJ6eBiL70+o4y7iLB/caoBd3B1owHNQpOCDXJ0DYUJNDv9IYoil2BXKqa7Zp +mKt5Hhxl9WqL/MUWqqJy2mDtTm4ZJXoKHTDjUJtCPETrobAgHtsCfv49H7/QAIrb +QHamGKUVp1e2UsIBF5h3j4qBxhq0airmr6nWAKzP2BVJfNsbof6B+of505DBAsD5 +0ELpkWglX8a/hznplQBgKL+DLMDnXrbXNhbnYId26OcnsiUNi3rlqh3lWc3OCw5v +xsic4xDZhTnTt5v6xrp8dNJddVardKSiUb9SfO5xAgMBAAGjUzBRMA8GA1UdEwEB +/wQFMAMBAf8wHwYDVR0jBBgwFoAUCCBsZuuBCmxc1bWmPEHdHJaRJ3cwHQYDVR0O +BBYEFAggbGbrgQpsXNW1pjxB3RyWkSd3MA0GCSqGSIb3DQEBBQUAA4IBAQBah1iP +Lat2IWtUDNnxQfZOzSue4x+boy1/2St9WMhnpCn16ezVvZY/o3P4xFs2fNBjLDQ5 +m0i4PW/2FMWeY+anNG7T6DOzxzwYbiOuQ5KZP5jFaTDxNjutuTCC1rZZFpYCCykS +YbQRifcML5SQhZgonFNsfmPdc/QZ/0qB0bJSI/08SjTOWhvgUIrtT4GV2GDn5MQN +u1g+WPdOaG8+Z8nLepcWJ+xCYRR2uwDF6wg9FX9LtiJdhzuQ9PPA/jez6dliDMDD +Wa9gvR8N26E0HzDEPYutsB0Ek+1f1eS/IDAE9EjpMwHRLpAnUrOb3jocq6mXf5vr +wo3CbezcE9NGxXl8 +-----END CERTIFICATE----- +Certificate Ingredients: + Data: + Version: 3 (0x2) + Serial Number: + d0:1e:40:90:00:00:27:4b:00:00:00:01:00:00:00:04 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com + Validity + Not Before: Jul 14 16:14:18 1999 GMT + Not After : Jul 11 16:14:18 2009 GMT + Subject: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:ad:54:18:de:b4:bf:f7:ad:e8:74:aa:ed:8b:7c: + 8f:c2:d4:75:1a:d5:84:b9:b6:62:fc:89:ef:e4:97: + 61:92:fb:1d:b8:e1:5a:47:34:9e:9e:06:22:fb:d3: + ea:38:cb:b8:8b:07:f7:1a:a0:17:77:07:5a:30:1c: + d4:29:38:20:d7:27:40:d8:50:93:43:bf:d2:18:a2: + 29:76:05:72:aa:6b:b6:69:98:ab:79:1e:1c:65:f5: + 6a:8b:fc:c5:16:aa:a2:72:da:60:ed:4e:6e:19:25: + 7a:0a:1d:30:e3:50:9b:42:3c:44:eb:a1:b0:20:1e: + db:02:7e:fe:3d:1f:bf:d0:00:8a:db:40:76:a6:18: + a5:15:a7:57:b6:52:c2:01:17:98:77:8f:8a:81:c6: + 1a:b4:6a:2a:e6:af:a9:d6:00:ac:cf:d8:15:49:7c: + db:1b:a1:fe:81:fa:87:f9:d3:90:c1:02:c0:f9:d0: + 42:e9:91:68:25:5f:c6:bf:87:39:e9:95:00:60:28: + bf:83:2c:c0:e7:5e:b6:d7:36:16:e7:60:87:76:e8: + e7:27:b2:25:0d:8b:7a:e5:aa:1d:e5:59:cd:ce:0b: + 0e:6f:c6:c8:9c:e3:10:d9:85:39:d3:b7:9b:fa:c6: + ba:7c:74:d2:5d:75:56:ab:74:a4:a2:51:bf:52:7c: + ee:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77 + + X509v3 Subject Key Identifier: + 08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77 + Signature Algorithm: sha1WithRSAEncryption + 5a:87:58:8f:2d:ab:76:21:6b:54:0c:d9:f1:41:f6:4e:cd:2b: + 9e:e3:1f:9b:a3:2d:7f:d9:2b:7d:58:c8:67:a4:29:f5:e9:ec: + d5:bd:96:3f:a3:73:f8:c4:5b:36:7c:d0:63:2c:34:39:9b:48: + b8:3d:6f:f6:14:c5:9e:63:e6:a7:34:6e:d3:e8:33:b3:c7:3c: + 18:6e:23:ae:43:92:99:3f:98:c5:69:30:f1:36:3b:ad:b9:30: + 82:d6:b6:59:16:96:02:0b:29:12:61:b4:11:89:f7:0c:2f:94: + 90:85:98:28:9c:53:6c:7e:63:dd:73:f4:19:ff:4a:81:d1:b2: + 52:23:fd:3c:4a:34:ce:5a:1b:e0:50:8a:ed:4f:81:95:d8:60: + e7:e4:c4:0d:bb:58:3e:58:f7:4e:68:6f:3e:67:c9:cb:7a:97: + 16:27:ec:42:61:14:76:bb:00:c5:eb:08:3d:15:7f:4b:b6:22: + 5d:87:3b:90:f4:f3:c0:fe:37:b3:e9:d9:62:0c:c0:c3:59:af: + 60:bd:1f:0d:db:a1:34:1f:30:c4:3d:8b:ad:b0:1d:04:93:ed: + 5f:d5:e4:bf:20:30:04:f4:48:e9:33:01:d1:2e:90:27:52:b3: + 9b:de:3a:1c:ab:a9:97:7f:9b:eb:c2:8d:c2:6d:ec:dc:13:d3: + 46:c5:79:7c + +ANX Network CA by DST +===================== +MD5 Fingerprint: A8:ED:DE:EB:93:88:66:D8:2F:C3:BD:1D:BE:45:BE:4D +PEM Data: +-----BEGIN CERTIFICATE----- +MIIDTTCCAragAwIBAgIENm6ibzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV +UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMR0wGwYDVQQL +ExREU1QgKEFOWCBOZXR3b3JrKSBDQTAeFw05ODEyMDkxNTQ2NDhaFw0xODEyMDkx +NjE2NDhaMFIxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy +ZSBUcnVzdCBDby4xHTAbBgNVBAsTFERTVCAoQU5YIE5ldHdvcmspIENBMIGdMA0G +CSqGSIb3DQEBAQUAA4GLADCBhwKBgQC0SBGAWKDVpZkP9jcsRLZu0XzzKmueEbaI +IwRccSWeahJ3EW6/aDllqPay9qIYsokVoGe3eowiSGv2hDQftsr3G3LL8ltI04ce +InYTBLSsbJZ/5w4IyTJRMC3VgOghZ7rzXggkLAdZnZAa7kbJtaQelrRBkdR/0o04 +JrBvQ24JfQIBA6OCATAwggEsMBEGCWCGSAGG+EIBAQQEAwIABzB0BgNVHR8EbTBr +MGmgZ6BlpGMwYTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0 +dXJlIFRydXN0IENvLjEdMBsGA1UECxMURFNUIChBTlggTmV0d29yaykgQ0ExDTAL +BgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxNTQ2NDhagQ8yMDE4MTIw +OTE1NDY0OFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFIwWVXDMFgpTZMKlhKqz +ZBdDP4I2MB0GA1UdDgQWBBSMFlVwzBYKU2TCpYSqs2QXQz+CNjAMBgNVHRMEBTAD +AQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GB +AEklyWCxDF+pORDTxTRVfc95wynr3vnCQPnoVsXwL+z02exIUbhjOF6TbhiWhbnK +UJykuOpmJmiThW9vTHHQvnoLPDG5975pnhDX0UDorBZxq66rOOFwscqSFuBdhaYY +gAYAnOGmGEJRp2hoWe8mlF+tMQz+KR4XAYQ3W+gSMqNd +-----END CERTIFICATE----- diff --git a/debian/perl-framework/t/conf/ssl/ca-bundle-sample.crt b/debian/perl-framework/t/conf/ssl/ca-bundle-sample.crt new file mode 100644 index 0000000..85b5f36 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/ca-bundle-sample.crt @@ -0,0 +1,393 @@ +#pkg.sslcfg/ca-bundle.crt is ~250k, so it is not checked into cvs +#for better test results, copy that file into this directory +#and leave this one in place + +ABAecom (sub., Am. Bankers Assn.) Root CA +========================================= +MD5 Fingerprint: 82:12:F7:89:E1:0B:91:60:A4:B6:22:9F:94:68:11:92 +PEM Data: +-----BEGIN CERTIFICATE----- +MIID+DCCAuCgAwIBAgIRANAeQJAAACdLAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw +gYwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExh +a2UgQ2l0eTEYMBYGA1UEChMPWGNlcnQgRVogYnkgRFNUMRgwFgYDVQQDEw9YY2Vy +dCBFWiBieSBEU1QxITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAe +Fw05OTA3MTQxNjE0MThaFw0wOTA3MTExNjE0MThaMIGMMQswCQYDVQQGEwJVUzEN +MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxGDAWBgNVBAoT +D1hjZXJ0IEVaIGJ5IERTVDEYMBYGA1UEAxMPWGNlcnQgRVogYnkgRFNUMSEwHwYJ +KoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCtVBjetL/3reh0qu2LfI/C1HUa1YS5tmL8ie/kl2GS+x24 +4VpHNJ6eBiL70+o4y7iLB/caoBd3B1owHNQpOCDXJ0DYUJNDv9IYoil2BXKqa7Zp +mKt5Hhxl9WqL/MUWqqJy2mDtTm4ZJXoKHTDjUJtCPETrobAgHtsCfv49H7/QAIrb +QHamGKUVp1e2UsIBF5h3j4qBxhq0airmr6nWAKzP2BVJfNsbof6B+of505DBAsD5 +0ELpkWglX8a/hznplQBgKL+DLMDnXrbXNhbnYId26OcnsiUNi3rlqh3lWc3OCw5v +xsic4xDZhTnTt5v6xrp8dNJddVardKSiUb9SfO5xAgMBAAGjUzBRMA8GA1UdEwEB +/wQFMAMBAf8wHwYDVR0jBBgwFoAUCCBsZuuBCmxc1bWmPEHdHJaRJ3cwHQYDVR0O +BBYEFAggbGbrgQpsXNW1pjxB3RyWkSd3MA0GCSqGSIb3DQEBBQUAA4IBAQBah1iP +Lat2IWtUDNnxQfZOzSue4x+boy1/2St9WMhnpCn16ezVvZY/o3P4xFs2fNBjLDQ5 +m0i4PW/2FMWeY+anNG7T6DOzxzwYbiOuQ5KZP5jFaTDxNjutuTCC1rZZFpYCCykS +YbQRifcML5SQhZgonFNsfmPdc/QZ/0qB0bJSI/08SjTOWhvgUIrtT4GV2GDn5MQN +u1g+WPdOaG8+Z8nLepcWJ+xCYRR2uwDF6wg9FX9LtiJdhzuQ9PPA/jez6dliDMDD +Wa9gvR8N26E0HzDEPYutsB0Ek+1f1eS/IDAE9EjpMwHRLpAnUrOb3jocq6mXf5vr +wo3CbezcE9NGxXl8 +-----END CERTIFICATE----- +Certificate Ingredients: + Data: + Version: 3 (0x2) + Serial Number: + d0:1e:40:90:00:00:27:4b:00:00:00:01:00:00:00:04 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com + Validity + Not Before: Jul 14 16:14:18 1999 GMT + Not After : Jul 11 16:14:18 2009 GMT + Subject: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:ad:54:18:de:b4:bf:f7:ad:e8:74:aa:ed:8b:7c: + 8f:c2:d4:75:1a:d5:84:b9:b6:62:fc:89:ef:e4:97: + 61:92:fb:1d:b8:e1:5a:47:34:9e:9e:06:22:fb:d3: + ea:38:cb:b8:8b:07:f7:1a:a0:17:77:07:5a:30:1c: + d4:29:38:20:d7:27:40:d8:50:93:43:bf:d2:18:a2: + 29:76:05:72:aa:6b:b6:69:98:ab:79:1e:1c:65:f5: + 6a:8b:fc:c5:16:aa:a2:72:da:60:ed:4e:6e:19:25: + 7a:0a:1d:30:e3:50:9b:42:3c:44:eb:a1:b0:20:1e: + db:02:7e:fe:3d:1f:bf:d0:00:8a:db:40:76:a6:18: + a5:15:a7:57:b6:52:c2:01:17:98:77:8f:8a:81:c6: + 1a:b4:6a:2a:e6:af:a9:d6:00:ac:cf:d8:15:49:7c: + db:1b:a1:fe:81:fa:87:f9:d3:90:c1:02:c0:f9:d0: + 42:e9:91:68:25:5f:c6:bf:87:39:e9:95:00:60:28: + bf:83:2c:c0:e7:5e:b6:d7:36:16:e7:60:87:76:e8: + e7:27:b2:25:0d:8b:7a:e5:aa:1d:e5:59:cd:ce:0b: + 0e:6f:c6:c8:9c:e3:10:d9:85:39:d3:b7:9b:fa:c6: + ba:7c:74:d2:5d:75:56:ab:74:a4:a2:51:bf:52:7c: + ee:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77 + + X509v3 Subject Key Identifier: + 08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77 + Signature Algorithm: sha1WithRSAEncryption + 5a:87:58:8f:2d:ab:76:21:6b:54:0c:d9:f1:41:f6:4e:cd:2b: + 9e:e3:1f:9b:a3:2d:7f:d9:2b:7d:58:c8:67:a4:29:f5:e9:ec: + d5:bd:96:3f:a3:73:f8:c4:5b:36:7c:d0:63:2c:34:39:9b:48: + b8:3d:6f:f6:14:c5:9e:63:e6:a7:34:6e:d3:e8:33:b3:c7:3c: + 18:6e:23:ae:43:92:99:3f:98:c5:69:30:f1:36:3b:ad:b9:30: + 82:d6:b6:59:16:96:02:0b:29:12:61:b4:11:89:f7:0c:2f:94: + 90:85:98:28:9c:53:6c:7e:63:dd:73:f4:19:ff:4a:81:d1:b2: + 52:23:fd:3c:4a:34:ce:5a:1b:e0:50:8a:ed:4f:81:95:d8:60: + e7:e4:c4:0d:bb:58:3e:58:f7:4e:68:6f:3e:67:c9:cb:7a:97: + 16:27:ec:42:61:14:76:bb:00:c5:eb:08:3d:15:7f:4b:b6:22: + 5d:87:3b:90:f4:f3:c0:fe:37:b3:e9:d9:62:0c:c0:c3:59:af: + 60:bd:1f:0d:db:a1:34:1f:30:c4:3d:8b:ad:b0:1d:04:93:ed: + 5f:d5:e4:bf:20:30:04:f4:48:e9:33:01:d1:2e:90:27:52:b3: + 9b:de:3a:1c:ab:a9:97:7f:9b:eb:c2:8d:c2:6d:ec:dc:13:d3: + 46:c5:79:7c + +ANX Network CA by DST +===================== +MD5 Fingerprint: A8:ED:DE:EB:93:88:66:D8:2F:C3:BD:1D:BE:45:BE:4D +PEM Data: +-----BEGIN CERTIFICATE----- +MIIDTTCCAragAwIBAgIENm6ibzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV +UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMR0wGwYDVQQL +ExREU1QgKEFOWCBOZXR3b3JrKSBDQTAeFw05ODEyMDkxNTQ2NDhaFw0xODEyMDkx +NjE2NDhaMFIxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy +ZSBUcnVzdCBDby4xHTAbBgNVBAsTFERTVCAoQU5YIE5ldHdvcmspIENBMIGdMA0G +CSqGSIb3DQEBAQUAA4GLADCBhwKBgQC0SBGAWKDVpZkP9jcsRLZu0XzzKmueEbaI +IwRccSWeahJ3EW6/aDllqPay9qIYsokVoGe3eowiSGv2hDQftsr3G3LL8ltI04ce +InYTBLSsbJZ/5w4IyTJRMC3VgOghZ7rzXggkLAdZnZAa7kbJtaQelrRBkdR/0o04 +JrBvQ24JfQIBA6OCATAwggEsMBEGCWCGSAGG+EIBAQQEAwIABzB0BgNVHR8EbTBr +MGmgZ6BlpGMwYTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0 +dXJlIFRydXN0IENvLjEdMBsGA1UECxMURFNUIChBTlggTmV0d29yaykgQ0ExDTAL +BgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxNTQ2NDhagQ8yMDE4MTIw +OTE1NDY0OFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFIwWVXDMFgpTZMKlhKqz +ZBdDP4I2MB0GA1UdDgQWBBSMFlVwzBYKU2TCpYSqs2QXQz+CNjAMBgNVHRMEBTAD +AQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GB +AEklyWCxDF+pORDTxTRVfc95wynr3vnCQPnoVsXwL+z02exIUbhjOF6TbhiWhbnK +UJykuOpmJmiThW9vTHHQvnoLPDG5975pnhDX0UDorBZxq66rOOFwscqSFuBdhaYY +gAYAnOGmGEJRp2hoWe8mlF+tMQz+KR4XAYQ3W+gSMqNd +-----END CERTIFICATE----- +Certificate Ingredients: + Data: + Version: 3 (0x2) + Serial Number: 913220207 (0x366ea26f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA + Validity + Not Before: Dec 9 15:46:48 1998 GMT + Not After : Dec 9 16:16:48 2018 GMT + Subject: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b4:48:11:80:58:a0:d5:a5:99:0f:f6:37:2c:44: + b6:6e:d1:7c:f3:2a:6b:9e:11:b6:88:23:04:5c:71: + 25:9e:6a:12:77:11:6e:bf:68:39:65:a8:f6:b2:f6: + a2:18:b2:89:15:a0:67:b7:7a:8c:22:48:6b:f6:84: + 34:1f:b6:ca:f7:1b:72:cb:f2:5b:48:d3:87:1e:22: + 76:13:04:b4:ac:6c:96:7f:e7:0e:08:c9:32:51:30: + 2d:d5:80:e8:21:67:ba:f3:5e:08:24:2c:07:59:9d: + 90:1a:ee:46:c9:b5:a4:1e:96:b4:41:91:d4:7f:d2: + 8d:38:26:b0:6f:43:6e:09:7d + Exponent: 3 (0x3) + X509v3 extensions: + Netscape Cert Type: + SSL CA, S/MIME CA, Object Signing CA + X509v3 CRL Distribution Points: + DirName:/C=US/O=Digital Signature Trust Co./OU=DST (ANX Network) CA/CN=CRL1 + + X509v3 Private Key Usage Period: + Not Before: Dec 9 15:46:48 1998 GMT, Not After: Dec 9 15:46:48 2018 GMT + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Authority Key Identifier: + keyid:8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36 + + X509v3 Subject Key Identifier: + 8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36 + X509v3 Basic Constraints: + CA:TRUE + 1.2.840.113533.7.65.0: + 0 +..V4.0.... + Signature Algorithm: sha1WithRSAEncryption + 49:25:c9:60:b1:0c:5f:a9:39:10:d3:c5:34:55:7d:cf:79:c3: + 29:eb:de:f9:c2:40:f9:e8:56:c5:f0:2f:ec:f4:d9:ec:48:51: + b8:63:38:5e:93:6e:18:96:85:b9:ca:50:9c:a4:b8:ea:66:26: + 68:93:85:6f:6f:4c:71:d0:be:7a:0b:3c:31:b9:f7:be:69:9e: + 10:d7:d1:40:e8:ac:16:71:ab:ae:ab:38:e1:70:b1:ca:92:16: + e0:5d:85:a6:18:80:06:00:9c:e1:a6:18:42:51:a7:68:68:59: + ef:26:94:5f:ad:31:0c:fe:29:1e:17:01:84:37:5b:e8:12:32: + a3:5d + +American Express CA +=================== +MD5 Fingerprint: 1C:D5:8E:82:BE:70:55:8E:39:61:DF:AD:51:DB:6B:A0 +PEM Data: +-----BEGIN CERTIFICATE----- +MIICkDCCAfkCAgCNMA0GCSqGSIb3DQEBBAUAMIGPMQswCQYDVQQGEwJVUzEnMCUG +A1UEChMeQW1lcmljYW4gRXhwcmVzcyBDb21wYW55LCBJbmMuMSYwJAYDVQQLEx1B +bWVyaWNhbiBFeHByZXNzIFRlY2hub2xvZ2llczEvMC0GA1UEAxMmQW1lcmljYW4g +RXhwcmVzcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgwODE0MjIwMTAwWhcN +MDYwODE0MjM1OTAwWjCBjzELMAkGA1UEBhMCVVMxJzAlBgNVBAoTHkFtZXJpY2Fu +IEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1lcmljYW4gRXhwcmVz +cyBUZWNobm9sb2dpZXMxLzAtBgNVBAMTJkFtZXJpY2FuIEV4cHJlc3MgQ2VydGlm +aWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ8kmS +hcr9FSm1BrZE7PyIo/KGzv8UTyQckvnCI8HOQ99dNMi4FOzVKnCRSZXXVs2U8amT +0Ggi3E19oApyKkfqJfCFAF82VGHPC/k3Wmed6R/pZD9wlWGn0DAC3iYopGYDBOkw ++48zB/lvYYeictvzaHhjZlmpybdm4RWySDYs+QIDAQABMA0GCSqGSIb3DQEBBAUA +A4GBAGgXYrhzi0xs60qlPqvlnS7SzYoHV/PGWZd2Fxf4Uo4nk9hY2Chs9KIEeorC +diSxArTfKPL386infiNIYYj0EWiuJl32oUtTJWrYKhQCDuCHIG6eGVxzkAsj4jGX +Iz/VIqLTBnvaN/XXtUFEF3pFAtmFRWbWjsfwegyZYiJpW+3S +-----END CERTIFICATE----- +Certificate Ingredients: + Data: + Version: 1 (0x0) + Serial Number: 141 (0x8d) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority + Validity + Not Before: Aug 14 22:01:00 1998 GMT + Not After : Aug 14 23:59:00 2006 GMT + Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c9:f2:49:92:85:ca:fd:15:29:b5:06:b6:44:ec: + fc:88:a3:f2:86:ce:ff:14:4f:24:1c:92:f9:c2:23: + c1:ce:43:df:5d:34:c8:b8:14:ec:d5:2a:70:91:49: + 95:d7:56:cd:94:f1:a9:93:d0:68:22:dc:4d:7d:a0: + 0a:72:2a:47:ea:25:f0:85:00:5f:36:54:61:cf:0b: + f9:37:5a:67:9d:e9:1f:e9:64:3f:70:95:61:a7:d0: + 30:02:de:26:28:a4:66:03:04:e9:30:fb:8f:33:07: + f9:6f:61:87:a2:72:db:f3:68:78:63:66:59:a9:c9: + b7:66:e1:15:b2:48:36:2c:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 68:17:62:b8:73:8b:4c:6c:eb:4a:a5:3e:ab:e5:9d:2e:d2:cd: + 8a:07:57:f3:c6:59:97:76:17:17:f8:52:8e:27:93:d8:58:d8: + 28:6c:f4:a2:04:7a:8a:c2:76:24:b1:02:b4:df:28:f2:f7:f3: + a8:a7:7e:23:48:61:88:f4:11:68:ae:26:5d:f6:a1:4b:53:25: + 6a:d8:2a:14:02:0e:e0:87:20:6e:9e:19:5c:73:90:0b:23:e2: + 31:97:23:3f:d5:22:a2:d3:06:7b:da:37:f5:d7:b5:41:44:17: + 7a:45:02:d9:85:45:66:d6:8e:c7:f0:7a:0c:99:62:22:69:5b: + ed:d2 + +American Express Global CA +========================== +MD5 Fingerprint: 63:1B:66:93:8C:F3:66:CB:3C:79:57:DC:05:49:EA:DB +PEM Data: +-----BEGIN CERTIFICATE----- +MIIEBDCCAuygAwIBAgICAIUwDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNVBAYTAlVT +MScwJQYDVQQKEx5BbWVyaWNhbiBFeHByZXNzIENvbXBhbnksIEluYy4xJjAkBgNV +BAsTHUFtZXJpY2FuIEV4cHJlc3MgVGVjaG5vbG9naWVzMTYwNAYDVQQDEy1BbWVy +aWNhbiBFeHByZXNzIEdsb2JhbCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgw +ODE0MTkwNjAwWhcNMTMwODE0MjM1OTAwWjCBljELMAkGA1UEBhMCVVMxJzAlBgNV +BAoTHkFtZXJpY2FuIEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1l +cmljYW4gRXhwcmVzcyBUZWNobm9sb2dpZXMxNjA0BgNVBAMTLUFtZXJpY2FuIEV4 +cHJlc3MgR2xvYmFsIENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAPAkJmYu++tKc3FTiUfLJjxTkpRMysKFtQ34w1e9 +Lyofahi3V68MABb6oLaQpvcaoS5mJsdoo4qTaWa1RlYtHYLqkAwKIsKJUI0F89Sr +c0HwzxKsKLRvFJSWWUuekHWG3+JH6+HpT0N+h8onGGaetcFAZX38YW+tm3LPqV7Y +8/nabpEQ+ky16n4g3qk5L/WI5IpvNcYgnCuGRjMK/DFVpWusFkDpzTVZbzIEw3u1 +D3t3cPNIuypSgs6vKW3xEW9t5gcAAe+a8yYNpnkTZ6/4qxx1rJG1a75AsN6cDLFp +hRlxkRNFyt/R/eayypaDedvFuKpbepALeFY+xteflEgR9a0CAwEAAaNaMFgwEgYD +VR0TAQH/BAgwBgEB/wIBBTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgoq +hkiG+Q8KAQUBMBkGA1UdDgQSBBBXRzV7NicRqAj8L0Yl6yRpMA0GCSqGSIb3DQEB +BQUAA4IBAQDHYUWoinG5vjTpIXshzVYTmNUwY+kYqkuSFb8LHbvskmnFLsNhi+gw +RcsQRsFzOFyLGdIr80DrfHKzLh4n43WVihybLsSVBYZy0FX0oZJSeVzb9Pjc5dcS +sUDHPIbkMWVKyjfG3nZXGWlMRmn8Kq0WN3qTrPchSy3766lQy8HRQAjaA2mHpzde +VcHF7cTjjgwml5tcV0ty4/IDBdACOyYDQJCevgtbSQx48dVMVSng9v1MA6lUAjLR +V1qFrEPtWzsWX6C/NdtLnnvo/+cNPDuom0lBRvVzTv+SZSGDE1Vx60k8f4gawhIo +JaFGS0E3l3/sjvHUoZbCILZerakcHhGg +-----END CERTIFICATE----- +Certificate Ingredients: + Data: + Version: 3 (0x2) + Serial Number: 133 (0x85) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority + Validity + Not Before: Aug 14 19:06:00 1998 GMT + Not After : Aug 14 23:59:00 2013 GMT + Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:f0:24:26:66:2e:fb:eb:4a:73:71:53:89:47:cb: + 26:3c:53:92:94:4c:ca:c2:85:b5:0d:f8:c3:57:bd: + 2f:2a:1f:6a:18:b7:57:af:0c:00:16:fa:a0:b6:90: + a6:f7:1a:a1:2e:66:26:c7:68:a3:8a:93:69:66:b5: + 46:56:2d:1d:82:ea:90:0c:0a:22:c2:89:50:8d:05: + f3:d4:ab:73:41:f0:cf:12:ac:28:b4:6f:14:94:96: + 59:4b:9e:90:75:86:df:e2:47:eb:e1:e9:4f:43:7e: + 87:ca:27:18:66:9e:b5:c1:40:65:7d:fc:61:6f:ad: + 9b:72:cf:a9:5e:d8:f3:f9:da:6e:91:10:fa:4c:b5: + ea:7e:20:de:a9:39:2f:f5:88:e4:8a:6f:35:c6:20: + 9c:2b:86:46:33:0a:fc:31:55:a5:6b:ac:16:40:e9: + cd:35:59:6f:32:04:c3:7b:b5:0f:7b:77:70:f3:48: + bb:2a:52:82:ce:af:29:6d:f1:11:6f:6d:e6:07:00: + 01:ef:9a:f3:26:0d:a6:79:13:67:af:f8:ab:1c:75: + ac:91:b5:6b:be:40:b0:de:9c:0c:b1:69:85:19:71: + 91:13:45:ca:df:d1:fd:e6:b2:ca:96:83:79:db:c5: + b8:aa:5b:7a:90:0b:78:56:3e:c6:d7:9f:94:48:11: + f5:ad + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:5 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 1.2.840.113807.10.1.5.1 + + X509v3 Subject Key Identifier: + 57:47:35:7B:36:27:11:A8:08:FC:2F:46:25:EB:24:69 + Signature Algorithm: sha1WithRSAEncryption + c7:61:45:a8:8a:71:b9:be:34:e9:21:7b:21:cd:56:13:98:d5: + 30:63:e9:18:aa:4b:92:15:bf:0b:1d:bb:ec:92:69:c5:2e:c3: + 61:8b:e8:30:45:cb:10:46:c1:73:38:5c:8b:19:d2:2b:f3:40: + eb:7c:72:b3:2e:1e:27:e3:75:95:8a:1c:9b:2e:c4:95:05:86: + 72:d0:55:f4:a1:92:52:79:5c:db:f4:f8:dc:e5:d7:12:b1:40: + c7:3c:86:e4:31:65:4a:ca:37:c6:de:76:57:19:69:4c:46:69: + fc:2a:ad:16:37:7a:93:ac:f7:21:4b:2d:fb:eb:a9:50:cb:c1: + d1:40:08:da:03:69:87:a7:37:5e:55:c1:c5:ed:c4:e3:8e:0c: + 26:97:9b:5c:57:4b:72:e3:f2:03:05:d0:02:3b:26:03:40:90: + 9e:be:0b:5b:49:0c:78:f1:d5:4c:55:29:e0:f6:fd:4c:03:a9: + 54:02:32:d1:57:5a:85:ac:43:ed:5b:3b:16:5f:a0:bf:35:db: + 4b:9e:7b:e8:ff:e7:0d:3c:3b:a8:9b:49:41:46:f5:73:4e:ff: + 92:65:21:83:13:55:71:eb:49:3c:7f:88:1a:c2:12:28:25:a1: + 46:4b:41:37:97:7f:ec:8e:f1:d4:a1:96:c2:20:b6:5e:ad:a9: + 1c:1e:11:a0 + +BelSign Object Publishing CA +============================ +MD5 Fingerprint: 8A:02:F8:DF:B8:E1:84:9F:5A:C2:60:24:65:D1:73:FB +PEM Data: +-----BEGIN CERTIFICATE----- +MIIDAzCCAmygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBuzELMAkGA1UEBhMCQkUx +ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQL +Ey9CZWxTaWduIE9iamVjdCBQdWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0 +eTElMCMGA1UEAxMcQmVsU2lnbiBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqG +SIb3DQEJARYUd2VibWFzdGVyQGJlbHNpZ24uYmUwHhcNOTcwOTE5MjIwMzAwWhcN +MDcwOTE5MjIwMzAwWjCBuzELMAkGA1UEBhMCQkUxETAPBgNVBAcTCEJydXNzZWxz +MRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQLEy9CZWxTaWduIE9iamVjdCBQ +dWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0eTElMCMGA1UEAxMcQmVsU2ln +biBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqGSIb3DQEJARYUd2VibWFzdGVy +QGJlbHNpZ24uYmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMQuH7a/7oJA +3fm3LkHVngWxWtAmfGJVA5v8y2HeS+/+6Jn+h7mIz5DaDwk8dt8Xl7bLPyVF/bS8 +WAC+sFq2FIeP7mdkrR2Ig7tnn2VhAFgIgFCfgMkx9iqQHC33SmwQ9iNDXTgJYIhX +As0WbBj8zfuSKnfQnpOjXYhk0Mj4XVRRAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQE +AwIABzANBgkqhkiG9w0BAQQFAAOBgQBjdhd8lvBTpV0BHFPOKcJ+daxMDaIIc7Rq +Mf0CBhSZ3FQEpL/IloafMUMyJVf2hfYluze+oXkjyVcGJXFrRU/49AJAFoIir1Tq +Mij2De6ZuksIUQ9uhiMhTC0liIHELg7xEyw4ipUCJMM6lWPkk45IuwhHcl+u5jpa +R9Zxxp6aUg== +-----END CERTIFICATE----- +Certificate Ingredients: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster@belsign.be + Validity + Not Before: Sep 19 22:03:00 1997 GMT + Not After : Sep 19 22:03:00 2007 GMT + Subject: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster@belsign.be + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c4:2e:1f:b6:bf:ee:82:40:dd:f9:b7:2e:41:d5: + 9e:05:b1:5a:d0:26:7c:62:55:03:9b:fc:cb:61:de: + 4b:ef:fe:e8:99:fe:87:b9:88:cf:90:da:0f:09:3c: + 76:df:17:97:b6:cb:3f:25:45:fd:b4:bc:58:00:be: + b0:5a:b6:14:87:8f:ee:67:64:ad:1d:88:83:bb:67: + 9f:65:61:00:58:08:80:50:9f:80:c9:31:f6:2a:90: + 1c:2d:f7:4a:6c:10:f6:23:43:5d:38:09:60:88:57: + 02:cd:16:6c:18:fc:cd:fb:92:2a:77:d0:9e:93:a3: + 5d:88:64:d0:c8:f8:5d:54:51 + Exponent: 65537 (0x10001) + X509v3 extensions: + Netscape Cert Type: + SSL CA, S/MIME CA, Object Signing CA + Signature Algorithm: md5WithRSAEncryption + 63:76:17:7c:96:f0:53:a5:5d:01:1c:53:ce:29:c2:7e:75:ac: + 4c:0d:a2:08:73:b4:6a:31:fd:02:06:14:99:dc:54:04:a4:bf: + c8:96:86:9f:31:43:32:25:57:f6:85:f6:25:bb:37:be:a1:79: + 23:c9:57:06:25:71:6b:45:4f:f8:f4:02:40:16:82:22:af:54: + ea:32:28:f6:0d:ee:99:ba:4b:08:51:0f:6e:86:23:21:4c:2d: + 25:88:81:c4:2e:0e:f1:13:2c:38:8a:95:02:24:c3:3a:95:63: + e4:93:8e:48:bb:08:47:72:5f:ae:e6:3a:5a:47:d6:71:c6:9e: + 9a:52 + +BelSign Secure Server CA +======================== +MD5 Fingerprint: 3D:5E:82:C6:D9:AD:D9:8B:93:6B:0C:10:B9:49:0A:B1 +PEM Data: +-----BEGIN CERTIFICATE----- +MIIC8zCCAlygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBszELMAkGA1UEBhMCQkUx +ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTQwMgYDVQQL +EytCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSEw +HwYDVQQDExhCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ0ExIzAhBgkqhkiG9w0BCQEW +FHdlYm1hc3RlckBiZWxzaWduLmJlMB4XDTk3MDcxNjIyMDA1NFoXDTA3MDcxNjIy +MDA1NFowgbMxCzAJBgNVBAYTAkJFMREwDwYDVQQHEwhCcnVzc2VsczETMBEGA1UE +ChMKQmVsU2lnbiBOVjE0MDIGA1UECxMrQmVsU2lnbiBTZWN1cmUgU2VydmVyIENl +cnRpZmljYXRlIEF1dGhvcml0eTEhMB8GA1UEAxMYQmVsU2lnbiBTZWN1cmUgU2Vy +dmVyIENBMSMwIQYJKoZIhvcNAQkBFhR3ZWJtYXN0ZXJAYmVsc2lnbi5iZTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gESeJL4BEJ/yccig/x8R3AwK0kLPjZA +kCjaIXODU/LE0RZAwFP/rqbGJLMnbaWzPTl3XagG9ubpvGMRTgZlcAqdk/miQIt/ +SoQOjRax1swIZBIM4ChLyKWEkBf7EUYu1qeFGMsYrmOasFgG9ADP+MQJGjUMofnu +Sv1t3v4mpTsCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgCgMA0GCSqGSIb3DQEB +BAUAA4GBAGw9mcMF4h3K5S2qaIWLQDEgZhNo5lg6idCNdbLFYth9go/32TKBd/Y1 +W4UpzmeyubwrGXjP84f9RvGVdbIJVwMwwXrNckdxgMp9ncllPEcRIn36BwsoeKGT +6AVFSOIyMko96FMcELfHc4wHUOH5yStTQfWDjeUJOUqOA2KqQGOL +-----END CERTIFICATE----- diff --git a/debian/perl-framework/t/conf/ssl/httpd-passphrase.pl.PL b/debian/perl-framework/t/conf/ssl/httpd-passphrase.pl.PL new file mode 100644 index 0000000..36eba94 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/httpd-passphrase.pl.PL @@ -0,0 +1,2 @@ +#for testing SSLPassPhraseDialog exec:@ServerRoot@/conf/ssl/httpd-passphrase.pl +print "httpd\n"; diff --git a/debian/perl-framework/t/conf/ssl/proxyssl.conf.in b/debian/perl-framework/t/conf/ssl/proxyssl.conf.in new file mode 100644 index 0000000..dc18fdf --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/proxyssl.conf.in @@ -0,0 +1,66 @@ +<IfModule @ssl_module@> + +<IfModule mod_proxy.c> + + #here we can test http <-> https + <VirtualHost proxy_http_https> + #these are not on by default in the 1.x based mod_ssl + <IfDefine APACHE2> + SSLProxyEngine On + + SSLProxyProtocol All + SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyCACertificatePath @ServerRoot@/conf/ssl + SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + <IfVersion >= 2.3.15> + SSLProxyCARevocationCheck chain + </IfVersion> + SSLProxyVerify on + SSLProxyVerifyDepth 10 + </IfDefine> + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + </VirtualHost> + + + #here we can test https <-> https + <VirtualHost proxy_https_https> + SSLEngine on + + #these are not on by default in the 1.x based mod_ssl + <IfDefine APACHE2> + SSLProxyEngine On + # ensure that client_ok.pem is picked first: + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyVerify on + SSLProxyCARevocationPath @SSLCA@/asf/crl + <IfVersion >= 2.3.15> + SSLProxyCARevocationCheck chain + </IfVersion> + </IfDefine> + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + </VirtualHost> + + #here we can test https <-> http + <VirtualHost proxy_https_http> + SSLEngine on + + ProxyPass / http://@servername@:@port@/ + ProxyPassReverse / http://@servername@:@port@/ + </VirtualHost> + +</IfModule> + +</IfModule> diff --git a/debian/perl-framework/t/conf/ssl/ssl.conf.in b/debian/perl-framework/t/conf/ssl/ssl.conf.in new file mode 100644 index 0000000..f796b34 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/ssl.conf.in @@ -0,0 +1,279 @@ +#test config derived from httpd-2.0/docs/conf/ssl-std.conf -*- text -*- + +<IfModule @ssl_module@> + #base config that can be used by any SSL enabled VirtualHosts + AddType application/x-x509-ca-cert .crt + AddType application/x-pkcs7-crl .crl + + SSLSessionCache none + #XXX: would be nice to test these + #SSLSessionCache shm:@ServerRoot@/logs/ssl_scache(512000) + #SSLSessionCache dbm:@ServerRoot@/logs/ssl_scache + #SSLSessionCacheTimeout 300 + + <IfVersion < 2.3.4> + #SSLMutex file:@ServerRoot@/logs/ssl_mutex + </IfVersion> + <IfVersion >= 2.3.4> + # mutex created automatically + # config needed only if file-based mutexes are used and + # default lock file dir is inappropriate + # Mutex file:/path/to/lockdir ssl-cache + </IfVersion> + + SSLRandomSeed startup builtin + SSLRandomSeed connect builtin + #SSLRandomSeed startup file:/dev/random 512 + #SSLRandomSeed startup file:/dev/urandom 512 + #SSLRandomSeed connect file:/dev/random 512 + #SSLRandomSeed connect file:/dev/urandom 512 + + SSLProtocol @sslproto@ + + <IfModule mod_log_config.c> + LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b" ssl + CustomLog logs/ssl_request_log ssl + </IfModule> + + SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + <IfDefine TEST_SSL_PASSPHRASE_EXEC> + SSLPassPhraseDialog exec:@ServerRoot@/conf/ssl/httpd-passphrase.pl + </IfDefine> + #else the default is builtin + <IfDefine !TEST_SSL_PASSPHRASE_EXEC> + SSLPassPhraseDialog builtin + </IfDefine> + + <IfDefine TEST_SSL_DES3_KEY> + SSLCertificateFile @SSLCA@/asf/certs/server_des3.crt + + SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3.pem + +# SSLCertificateFile @SSLCA@/asf/certs/server_des3_dsa.crt + +# SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3_dsa.pem + </IfDefine> + #else the default is an unencrypted key + <IfDefine !TEST_SSL_DES3_KEY> + SSLCertificateFile @SSLCA@/asf/certs/server.crt + + SSLCertificateKeyFile @SSLCA@/asf/keys/server.pem + +# SSLCertificateFile @SSLCA@/asf/certs/server_dsa.crt + +# SSLCertificateKeyFile @SSLCA@/asf/keys/server_dsa.pem + </IfDefine> + + #SSLCertificateChainFile @SSLCA@/asf/certs/cachain.crt + + SSLCACertificateFile @SSLCA@/asf/certs/ca.crt + + SSLCACertificatePath @ServerRoot@/conf/ssl + + SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + <IfVersion >= 2.3.15> + SSLCARevocationCheck chain + </IfVersion> + + <VirtualHost @ssl_module_name@> + SSLEngine on + + #t/ssl/verify.t + Alias /verify @DocumentRoot@ + + <Location /verify> + SSLVerifyClient require + SSLVerifyDepth 10 + </Location> + + #t/ssl/require.t + Alias /require/asf @DocumentRoot@ + Alias /require/snakeoil @DocumentRoot@ + Alias /require/certext @DocumentRoot@ + Alias /require/strcmp @DocumentRoot@ + Alias /require/intcmp @DocumentRoot@ + Alias /ssl-fakebasicauth @DocumentRoot@ + Alias /ssl-fakebasicauth2 @DocumentRoot@ + Alias /ssl-cgi @DocumentRoot@/modules/cgi + Alias /require-ssl-cgi @DocumentRoot@/modules/cgi + + Alias /require-aes128-cgi @DocumentRoot@/modules/cgi + Alias /require-aes256-cgi @DocumentRoot@/modules/cgi + + <Location /require/asf> + SSLVerifyClient require + SSLVerifyDepth 10 + SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ + and %{SSL_CLIENT_S_DN_O} eq "ASF" \ + and %{SSL_CLIENT_S_DN_OU} in \ + {"httpd-test", "httpd", "modperl"} ) + </Location> + + <Location /require/snakeoil> + SSLVerifyClient require + SSLVerifyDepth 10 + SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ + and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ + and %{SSL_CLIENT_S_DN_OU} in \ + {"Staff", "CA", "Dev"} ) + </Location> + + <Location /require/certext> + SSLVerifyClient require + <IfVersion > 2.3.0> + SSLRequire "Lemons" in PeerExtList("1.3.6.1.4.1.18060.12.0") + </IfVersion> + <IfVersion < 2.3.0> + <IfVersion > 2.1.6> + SSLRequire "Lemons" in OID("1.3.6.1.4.1.18060.12.0") + </IfVersion> + </IfVersion> + </Location> + + <Location /require/strcmp> + SSLRequire "a" < "b" + SSLRequire "a" lt "b" + </Location> + + <Location /require/intcmp> + SSLRequire 2 < 10 + SSLRequire 2 lt 10 + </Location> + + <Location /ssl-cgi> + SSLOptions +StdEnvVars + </Location> + + <Location /require-ssl-cgi> + SSLOptions +StdEnvVars + SSLVerifyClient require + SSLVerifyDepth 10 + </Location> + + <Location /require-aes128-cgi> + SSLCipherSuite AES128-SHA + </Location> + + <Location /require-aes256-cgi> + SSLCipherSuite AES256-SHA + </Location> + + <IfModule @AUTH_MODULE@> + <Location /ssl-fakebasicauth> + SSLVerifyClient require + SSLVerifyDepth 5 + SSLOptions +FakeBasicAuth + AuthName "Snake Oil Authentication" + AuthType Basic + AuthUserFile @SSLCA@/asf/ssl.htpasswd + require valid-user + </Location> + </IfModule> + + # specific to 2.1 + <IfModule mod_authn_anon.c> + <IfModule mod_auth_basic.c> + <Location /ssl-fakebasicauth2> + SSLVerifyClient require + SSLOptions +FakeBasicAuth +StdEnvVars + AuthName "Snake Oil Authentication" + AuthType Basic + AuthBasicProvider anon + Anonymous dummy "*" + require valid-user + </Location> + </IfModule> + </IfModule> + + ## + ## mod_h2 test config + ## + <IfModule h2_module> + LogLevel h2:debug + </IfModule> + + <IfModule @CGI_MODULE@> + <Directory @SERVERROOT@/htdocs/modules/h2> + Options +ExecCGI + AddHandler cgi-script .pl + + </Directory> + </IfModule> + <Location /modules/h2/hello.pl> + SSLOptions +StdEnvVars + </Location> + <IfModule mod_rewrite.c> + RewriteEngine on + RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC] + </IfModule> + + </VirtualHost> + + # An SSL vhost which does optional ccert checks at vhost level, to + # check for CVE CAN-2005-2700. + + <VirtualHost ssl_optional_cc> + SSLEngine on + + SSLVerifyClient optional + + Alias /require/any @DocumentRoot@ + Alias /require/none @DocumentRoot@ + + <Location /require/any> + SSLVerifyClient require + SSLVerifyDepth 10 + </Location> + </VirtualHost> + + # An SSL vhost which can be used to trigger PR 33791 + + <VirtualHost ssl_pr33791> + SSLEngine On + + ErrorDocument 400 /index.html + + <Location /> + SSLVerifyClient require + </Location> + </VirtualHost> + + # For t/ssl/ocsp.t -- + <Location /modules/ssl/ocsp> + SetEnv SSL_CA_ROOT @sslca@/asf + </Location> + Alias /modules/ssl/ocsp @DocumentRoot@/modules/cgi/ocsp.pl + + <VirtualHost ssl_ocsp> + SSLEngine on + + # SSLOCSPResponderCertificateFile is available from 2.4.26 + <IfVersion >= 2.4.26> + SSLVerifyClient on + + SSLOCSPEnable on + SSLOCSPDefaultResponder http://@SERVERNAME@:@PORT@/modules/ssl/ocsp + SSLOCSPResponderCertificateFile @SSLCA@/asf/certs/server.crt + + # Ignore CRL check results + SSLCARevocationCheck none + </IfVersion> + </VirtualHost> + + # For t/ssl/pr43738.t: + <IfModule mod_actions.c> + Action application/x-pf-action /modules/cgi/action.pl + + AddType application/x-pf-action .pfa + </IfModule> + + <Location /modules/ssl/aes128/> + SSLCipherSuite AES128-SHA + </Location> + + <Location /modules/ssl/aes256/> + SSLCipherSuite AES256-SHA + </Location> + +</IfModule> diff --git a/debian/perl-framework/t/conf/vhost_alias.conf.in b/debian/perl-framework/t/conf/vhost_alias.conf.in new file mode 100644 index 0000000..1173886 --- /dev/null +++ b/debian/perl-framework/t/conf/vhost_alias.conf.in @@ -0,0 +1,9 @@ +<IfModule mod_vhost_alias.c> + + <VirtualHost _default_:mod_vhost_alias> + UseCanonicalName Off + VirtualDocumentRoot @SERVERROOT@/htdocs/modules/vhost_alias/%2/%1.4/%-2/%2+ + VirtualScriptAlias @SERVERROOT@/htdocs/modules/vhost_alias/%0 + </VirtualHost> + +</IfModule> |