From c9cf025fadfe043f0f2f679e10d1207d8a158bb6 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 17:01:31 +0200
Subject: Adding debian version 2.4.57-2.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/perl-framework/t/conf/ssl/ssl.conf.in | 289 +++++++++++++++++++++++++++
 1 file changed, 289 insertions(+)
 create mode 100644 debian/perl-framework/t/conf/ssl/ssl.conf.in

(limited to 'debian/perl-framework/t/conf/ssl/ssl.conf.in')

diff --git a/debian/perl-framework/t/conf/ssl/ssl.conf.in b/debian/perl-framework/t/conf/ssl/ssl.conf.in
new file mode 100644
index 0000000..6fadf33
--- /dev/null
+++ b/debian/perl-framework/t/conf/ssl/ssl.conf.in
@@ -0,0 +1,289 @@
+#test config derived from httpd-2.0/docs/conf/ssl-std.conf -*- text -*-
+
+<IfModule @ssl_module@>
+    #base config that can be used by any SSL enabled VirtualHosts
+    AddType application/x-x509-ca-cert .crt
+    AddType application/x-pkcs7-crl    .crl
+
+    <IfDefine TEST_SSL_SESSCACHE>
+       SSLSessionCache      ${SSL_SESSCACHE}
+    </IfDefine>
+    <IfDefine !TEST_SSL_SESSCACHE>
+      SSLSessionCache        none
+    </IfDefine>
+
+    <IfVersion < 2.3.4>
+    #SSLMutex  file:@ServerRoot@/logs/ssl_mutex
+    </IfVersion>
+    <IfVersion >= 2.3.4>
+    # mutex created automatically
+    # config needed only if file-based mutexes are used and
+    # default lock file dir is inappropriate
+    # Mutex file:/path/to/lockdir ssl-cache
+    </IfVersion>
+
+    SSLRandomSeed startup builtin
+    SSLRandomSeed connect builtin
+    #SSLRandomSeed startup file:/dev/random  512
+    #SSLRandomSeed startup file:/dev/urandom 512
+    #SSLRandomSeed connect file:/dev/random  512
+    #SSLRandomSeed connect file:/dev/urandom 512
+
+    SSLProtocol @sslproto@
+
+    <IfModule mod_log_config.c>
+        LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b" ssl
+        CustomLog logs/ssl_request_log ssl
+    </IfModule>
+
+    SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+    <IfDefine TEST_SSL_PASSPHRASE_EXEC>
+        SSLPassPhraseDialog  exec:@ServerRoot@/conf/ssl/httpd-passphrase.pl
+    </IfDefine>
+    #else the default is builtin
+    <IfDefine !TEST_SSL_PASSPHRASE_EXEC>
+        SSLPassPhraseDialog  builtin
+    </IfDefine>
+
+    <IfDefine TEST_SSL_DES3_KEY>
+        SSLCertificateFile @SSLCA@/asf/certs/server_des3.crt
+
+        SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3.pem
+
+#        SSLCertificateFile @SSLCA@/asf/certs/server_des3_dsa.crt
+
+#        SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3_dsa.pem
+    </IfDefine>
+    #else the default is an unencrypted key
+    <IfDefine !TEST_SSL_DES3_KEY>
+        SSLCertificateFile @SSLCA@/asf/certs/server.crt
+
+        SSLCertificateKeyFile @SSLCA@/asf/keys/server.pem
+
+#        SSLCertificateFile @SSLCA@/asf/certs/server_dsa.crt
+
+#        SSLCertificateKeyFile @SSLCA@/asf/keys/server_dsa.pem
+    </IfDefine>
+
+    #SSLCertificateChainFile @SSLCA@/asf/certs/cachain.crt
+
+    SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
+
+    SSLCACertificatePath @ServerRoot@/conf/ssl
+
+    SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
+    <IfVersion >= 2.3.15>
+        SSLCARevocationCheck chain
+    </IfVersion>
+
+    <VirtualHost @ssl_module_name@>
+        SSLEngine on
+
+        #t/ssl/verify.t
+        Alias /verify @DocumentRoot@
+
+        <Location /verify>
+            SSLVerifyClient require
+            SSLVerifyDepth  10
+        </Location>
+
+        # t/ssl/pha.t
+        <Location /require/small>
+            SSLVerifyClient require
+            SSLVerifyDepth  10
+
+            SSLRenegBufferSize 10
+        </Location>
+        Alias /require/small      @DocumentRoot@/modules/cgi
+
+        #t/ssl/require.t
+        Alias /require/asf        @DocumentRoot@
+        Alias /require/snakeoil   @DocumentRoot@
+        Alias /require/certext    @DocumentRoot@
+        Alias /require/strcmp     @DocumentRoot@
+        Alias /require/intcmp     @DocumentRoot@
+        Alias /ssl-fakebasicauth  @DocumentRoot@
+        Alias /ssl-fakebasicauth2 @DocumentRoot@
+        Alias /ssl-cgi            @DocumentRoot@/modules/cgi
+        Alias /require-ssl-cgi    @DocumentRoot@/modules/cgi
+
+        Alias /require-aes128-cgi    @DocumentRoot@/modules/cgi
+        Alias /require-aes256-cgi    @DocumentRoot@/modules/cgi
+
+        <Location /require/asf>
+            SSLVerifyClient require
+            SSLVerifyDepth  10
+            SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
+                        and %{SSL_CLIENT_S_DN_O} eq "ASF" \
+                        and %{SSL_CLIENT_S_DN_OU} in \
+                             {"httpd-test", "httpd", "modperl"} )
+        </Location>
+
+        <Location /require/snakeoil>
+            SSLVerifyClient require
+            SSLVerifyDepth  10
+            SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
+                        and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+                        and %{SSL_CLIENT_S_DN_OU} in \
+                             {"Staff", "CA", "Dev"} )
+        </Location>
+
+        <Location /require/certext>
+            SSLVerifyClient require
+            <IfVersion > 2.3.0>
+               SSLRequire "Lemons" in PeerExtList("1.3.6.1.4.1.18060.12.0")
+            </IfVersion>
+            <IfVersion < 2.3.0>
+               <IfVersion > 2.1.6>
+                  SSLRequire "Lemons" in OID("1.3.6.1.4.1.18060.12.0")
+               </IfVersion>
+            </IfVersion>
+        </Location>
+
+        <Location /require/strcmp>
+            SSLRequire "a" < "b"
+            SSLRequire "a" lt "b"
+        </Location>
+
+        <Location /require/intcmp>
+            SSLRequire 2 < 10
+            SSLRequire 2 lt 10
+        </Location>
+
+        <Location /ssl-cgi>
+            SSLOptions +StdEnvVars
+        </Location>
+
+        <Location /require-ssl-cgi>
+            SSLOptions +StdEnvVars
+            SSLVerifyClient require
+            SSLVerifyDepth  10
+        </Location>
+
+        <Location /require-aes128-cgi>
+            SSLCipherSuite AES128-SHA
+        </Location>
+
+        <Location /require-aes256-cgi>
+            SSLCipherSuite AES256-SHA
+        </Location>
+
+        <IfModule @AUTH_MODULE@>
+            <Location /ssl-fakebasicauth>
+                SSLVerifyClient      require
+                SSLVerifyDepth       5
+                SSLOptions           +FakeBasicAuth
+                AuthName             "Snake Oil Authentication"
+                AuthType             Basic
+                AuthUserFile         @SSLCA@/asf/ssl.htpasswd
+                require              valid-user
+            </Location>
+        </IfModule>
+
+        # specific to 2.1
+        <IfModule mod_authn_anon.c>
+            <IfModule mod_auth_basic.c>
+                <Location /ssl-fakebasicauth2>
+                    SSLVerifyClient      require
+                    SSLOptions           +FakeBasicAuth +StdEnvVars
+                    AuthName             "Snake Oil Authentication"
+                    AuthType             Basic
+                    AuthBasicProvider    anon
+                    Anonymous            dummy "*"
+                    require              valid-user
+                </Location>
+            </IfModule>
+        </IfModule>
+
+        ##
+        ## mod_h2 test config
+        ##
+        <IfModule h2_module>
+            LogLevel h2:debug
+        </IfModule>
+
+        <IfModule @CGI_MODULE@>
+            <Directory @SERVERROOT@/htdocs/modules/h2>
+                Options +ExecCGI
+                AddHandler cgi-script .pl
+
+            </Directory>
+        </IfModule>
+        <Location /modules/h2/hello.pl>
+            SSLOptions +StdEnvVars
+        </Location>
+        <IfModule mod_rewrite.c>
+            RewriteEngine on
+            RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC]
+        </IfModule>
+
+    </VirtualHost>
+
+    # An SSL vhost which does optional ccert checks at vhost level, to
+    # check for CVE CAN-2005-2700.
+      
+    <VirtualHost ssl_optional_cc>
+        SSLEngine on
+        
+        SSLVerifyClient optional
+
+        Alias /require/any        @DocumentRoot@
+        Alias /require/none       @DocumentRoot@
+
+        <Location /require/any>
+            SSLVerifyClient require
+            SSLVerifyDepth  10
+        </Location>
+    </VirtualHost>
+
+    # An SSL vhost which can be used to trigger PR 33791
+
+    <VirtualHost ssl_pr33791>
+       SSLEngine On
+
+       ErrorDocument 400 /index.html
+
+       <Location />
+           SSLVerifyClient require
+       </Location>
+    </VirtualHost>
+
+    # For t/ssl/ocsp.t --
+    <Location /modules/ssl/ocsp>
+        SetEnv SSL_CA_ROOT @sslca@/asf
+    </Location>
+    Alias /modules/ssl/ocsp            @DocumentRoot@/modules/cgi/ocsp.pl
+
+    <VirtualHost ssl_ocsp>
+       SSLEngine on
+
+     # SSLOCSPResponderCertificateFile is available from 2.4.26
+     <IfVersion >= 2.4.26>
+       SSLVerifyClient on
+
+       SSLOCSPEnable on
+       SSLOCSPDefaultResponder http://@SERVERNAME@:@PORT@/modules/ssl/ocsp
+       SSLOCSPResponderCertificateFile @SSLCA@/asf/certs/server.crt
+
+       # Ignore CRL check results
+       SSLCARevocationCheck none
+     </IfVersion>
+    </VirtualHost>
+
+    # For t/ssl/pr43738.t:
+    <IfModule mod_actions.c>
+        Action application/x-pf-action /modules/cgi/action.pl
+        
+        AddType application/x-pf-action .pfa
+    </IfModule>
+
+    <Location /modules/ssl/aes128/>
+         SSLCipherSuite AES128-SHA
+    </Location>
+
+    <Location /modules/ssl/aes256/>
+         SSLCipherSuite AES256-SHA
+    </Location>
+
+</IfModule>
-- 
cgit v1.2.3