From c9cf025fadfe043f0f2f679e10d1207d8a158bb6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:01:31 +0200 Subject: Adding debian version 2.4.57-2. Signed-off-by: Daniel Baumann --- debian/perl-framework/t/conf/cache.conf.in | 25 + debian/perl-framework/t/conf/core.conf.in | 55 + debian/perl-framework/t/conf/extra.conf.in | 1474 ++++++++++++++++++++ debian/perl-framework/t/conf/http2.conf.in | 105 ++ .../perl-framework/t/conf/include-ssi-exec.conf.in | 499 +++++++ debian/perl-framework/t/conf/include.conf.in | 82 ++ debian/perl-framework/t/conf/proxy.conf.in | 194 +++ debian/perl-framework/t/conf/ssl/README | 17 + .../t/conf/ssl/ca-bundle-duplicates.crt | 114 ++ .../perl-framework/t/conf/ssl/ca-bundle-sample.crt | 393 ++++++ .../t/conf/ssl/httpd-passphrase.pl.PL | 2 + debian/perl-framework/t/conf/ssl/proxyssl.conf.in | 124 ++ debian/perl-framework/t/conf/ssl/ssl.conf.in | 289 ++++ debian/perl-framework/t/conf/vhost_alias.conf.in | 9 + 14 files changed, 3382 insertions(+) create mode 100644 debian/perl-framework/t/conf/cache.conf.in create mode 100644 debian/perl-framework/t/conf/core.conf.in create mode 100644 debian/perl-framework/t/conf/extra.conf.in create mode 100644 debian/perl-framework/t/conf/http2.conf.in create mode 100644 debian/perl-framework/t/conf/include-ssi-exec.conf.in create mode 100644 debian/perl-framework/t/conf/include.conf.in create mode 100644 debian/perl-framework/t/conf/proxy.conf.in create mode 100644 debian/perl-framework/t/conf/ssl/README create mode 100644 debian/perl-framework/t/conf/ssl/ca-bundle-duplicates.crt create mode 100644 debian/perl-framework/t/conf/ssl/ca-bundle-sample.crt create mode 100644 debian/perl-framework/t/conf/ssl/httpd-passphrase.pl.PL create mode 100644 debian/perl-framework/t/conf/ssl/proxyssl.conf.in create mode 100644 debian/perl-framework/t/conf/ssl/ssl.conf.in create mode 100644 debian/perl-framework/t/conf/vhost_alias.conf.in (limited to 'debian/perl-framework/t/conf') diff --git a/debian/perl-framework/t/conf/cache.conf.in b/debian/perl-framework/t/conf/cache.conf.in new file mode 100644 index 0000000..fa06db7 --- /dev/null +++ b/debian/perl-framework/t/conf/cache.conf.in @@ -0,0 +1,25 @@ +# +# Config for mod_cache tests +# + + + + + + CacheEnable disk /cache/ + CacheRoot @SERVERROOT@/conf/cacheroot/ + CacheDirLevels 1 + CacheDirLength 1 + + + + + CacheEnable disk /cache/ + CacheRoot @SERVERROOT@/conf/cacheroot/ + CacheDirLevels 1 + CacheDirLength 1 + + + DocumentRoot @SERVERROOT@/htdocs/modules/cache + + diff --git a/debian/perl-framework/t/conf/core.conf.in b/debian/perl-framework/t/conf/core.conf.in new file mode 100644 index 0000000..53122a8 --- /dev/null +++ b/debian/perl-framework/t/conf/core.conf.in @@ -0,0 +1,55 @@ +# NameVirtualHost sections for :core. All virtual hosts ending in :core +# will be converted to a set of NVH'es on the same dynamic port, so they +# are collected here. + +MaxMemFree 1 + + + ServerName default-strict + = 2.5.1> + # StrictHostCheck can only be configure globally or in a "default" vhost + StrictHostCheck ON + + + + ServerName nvh-strict + ServerAlias nvh-strict-alias + # Implicitly StrictHostCheck ON from default VH above + + +# MergeSlashes += 2.4.39> + + ServerName merge-default + + require all granted + + + require all denied + + + + ServerName merge-disabled + MergeSlashes OFF + + require all granted + + + require all denied + + + require all denied + + + require all denied + + + + RewriteEngine ON + RewriteCond %{REQUEST_URI} (.+)/$ + RewriteRule ^ %1 [L] + + + + + diff --git a/debian/perl-framework/t/conf/extra.conf.in b/debian/perl-framework/t/conf/extra.conf.in new file mode 100644 index 0000000..a684f76 --- /dev/null +++ b/debian/perl-framework/t/conf/extra.conf.in @@ -0,0 +1,1474 @@ +## +## FileETag test config +## + + AllowOverride All + Order Deny,Allow +# Satisfy Any + + +## +## Options override test config +## + + AllowOverride All + Options -Includes + + +## +## AcceptPathInfo test config +## + + + # default is AcceptPathInfo default + Order Deny,Allow + Allow from all + + AddHandler cgi-script .sh + Options +ExecCGI +Includes +Indexes + + + DirectoryIndex index.shtml + AddOutputFilter INCLUDES shtml + + + + AcceptPathInfo on + + + AcceptPathInfo off + + + +## +## mod_php4/mod_php5 test config +## + + + AddType application/x-httpd-php .php + AddType application/x-httpd-php-source .phps + + + + + AddType application/x-httpd-php .php + AddType application/x-httpd-php-source .phps + + + + + # t/htdocs/php/arg.php et al require argc/argv in _SERVER + + php_admin_flag "register_argc_argv" 1 + + + + Options MultiViews + + + + +## +## mod_expires test config +## + + + + ExpiresActive On + ExpiresDefault "modification plus \ + 10 years 6 months 2 weeks \ + 3 days 12 hours 30 minutes 19 seconds" + ExpiresByType text/plain M60 + ExpiresByType image/gif A120 + ExpiresByType image/jpeg A86400 + + + + AllowOverride All + + + +## +## mod_negotiation test config +## + + + AddLanguage en .en + AddLanguage fr .fr + AddLanguage de .de + AddLanguage fu .fu + AddLanguage zh-TW .zh-TW + AddHandler type-map .var + + + + + CacheNegotiatedDocs + + + + CacheNegotiatedDocs On + + + + Options +MultiViews + LanguagePriority en fr de fu zh-TW + + + + Options +MultiViews + LanguagePriority de en fr fu zh-TW + + + + Options +MultiViews + LanguagePriority fr en de fu zh-TW + + + + Options +MultiViews + LanguagePriority fu fr en de zh-TW + + + + Options +MultiViews + LanguagePriority zh-TW fr fu en de + + + + + + Options +MultiViews +ExecCGI + MultiviewsMatch any + AddHandler cgi-script .pl + + + + + + +## +## mod_rewrite test config +## + + + RewriteEngine On + + RewriteLog @SERVERROOT@/logs/rewrite_log + RewriteLogLevel 9 + + = 2.3.6> + LogLevel rewrite:trace8 + + + + + RewriteLock @SERVERROOT@/logs/rewrite_lock + + = 2.3.4> + # mutex created automatically + # config needed only if file-based mutexes are used and + # default lock file dir is inappropriate + # Mutex file:/path/to/lockdir rewrite-map + + + + RewriteLock @SERVERROOT@/logs/rewrite_lock + + RewriteMap numbers-txt txt:@SERVERROOT@/htdocs/modules/rewrite/numbers.txt + RewriteMap numbers-rnd rnd:@SERVERROOT@/htdocs/modules/rewrite/numbers.rnd + #RewriteMap numbers-dbm dbm:@SERVERROOT@/htdocs/modules/rewrite/numbers.dbm + RewriteMap numbers-prg prg:@SERVERROOT@/htdocs/modules/rewrite/numbers.pl + RewriteMap lower int:tolower + + + RewriteEngine On + = 2.5.0> + RewriteOptions inherit LongURLOptimization + + + RewriteOptions inherit + + + RewriteRule ^forbidden$ - [F] + RewriteRule ^gone$ - [G] + RewriteRule ^perm$ - [R=permanent] + RewriteRule ^temp$ - [R] + RewriteRule ^test\.blah$ - [T=text/html] + + ## config for testing >=< conditions + RewriteCond %{HTTP_ACCEPT} =lucky13 + RewriteRule ^$ lucky13.html [L] + + RewriteCond %{HTTP_ACCEPT} >6 + RewriteRule ^$ big.html [L] + + RewriteCond %{HTTP_ACCEPT} <1 + RewriteRule ^$ zero.html [L] + + ## config for testing rewrite maps + RewriteCond %{HTTP_ACCEPT} ^(TXT|RND|DBM|PRG)$ + RewriteRule ^([1-6])$ - [C,E=MAPTYPE:${lower:%1}] + RewriteCond %{ENV:MAPTYPE} =txt + RewriteRule ^([1-6])$ ${numbers-txt:$1}.html [S=3] + RewriteCond %{ENV:MAPTYPE} =rnd + RewriteRule ^([1-6])$ ${numbers-rnd:$1}.html [S=2] + RewriteCond %{ENV:MAPTYPE} =dbm + RewriteRule ^([1-6])$ ${numbers-dbm:$1}.html [S=1] + RewriteCond %{ENV:MAPTYPE} =prg + RewriteRule ^([1-6])$ ${numbers-prg:$1}.html [L] + + ## Proxy pass-through + RewriteRule ^proxy.html$ http://@SERVERNAME@:@PORT@/modules/rewrite/lucky13.html [L,P] + + ## Query-string append + RewriteRule ^qsa.html$ @SERVERROOT@/htdocs/modules/cgi/env.pl?foo=bar [QSA,L] + + ## Proxy and QSA + RewriteRule ^proxy-qsa.html$ http://@SERVERNAME@:@PORT@/modules/cgi/env.pl?foo=bar [QSA,L,P] + + ## Redirect, directory context + RewriteRule ^redirect-dir.html$ http://@SERVERNAME@:@PORT@/foobar.html [L,R=301] + + # PR 58231: Vary header not added to the response if the RewriteCond/Rule + # combination is in a directory context. + # Vary:Host header must not also be returned in any case. + RewriteCond %{HTTP_HOST} directory-domain + RewriteRule vary3.html vary4.html [L] + + RewriteCond %{HTTP_USER_AGENT} directory-agent + RewriteRule vary3.html vary4.html [L] + + RewriteCond %{HTTP:Accept} directory-accept [OR] + RewriteCond %{HTTP_REFERER} directory-referer + RewriteRule vary3.html vary4.html [L] + + + # PR 58231: Vary:Host header mistakenly added to the response + RewriteCond %{HTTP_HOST} test1 + RewriteRule /modules/rewrite/vary1.html /modules/rewrite/vary2.html [L] + + RewriteCond %{HTTP:Host} test2 + RewriteRule /modules/rewrite/vary1.html /modules/rewrite/vary2.html [L] + + + ### Proxy pass-through to env.pl + RewriteRule ^/modules/rewrite/proxy2/(.*)$ http://@SERVERNAME@:@PORT@/modules/cgi/$1 [L,P] + + ### Pass-through conditional on QUERY_STRING + RewriteCond %{QUERY_STRING} horse=trigger + RewriteRule ^/modules/rewrite/proxy3/(.*)$ http://@SERVERNAME@:@PORT@/modules/cgi/$1 [L,P] + + ### Redirect, server context + RewriteRule ^/modules/rewrite/redirect.html$ http://@SERVERNAME@:@PORT@/foobar.html [L,R=301] + + RewriteRule ^/modules/rewrite/cookie/$ - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly] + RewriteRule ^/modules/rewrite/cookie/0 - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly:0] + RewriteRule ^/modules/rewrite/cookie/false - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly:false] + RewriteRule ^/modules/rewrite/cookie/lax - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly:lax] + RewriteRule ^/modules/rewrite/cookie/none - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly:none] + RewriteRule ^/modules/rewrite/cookie/foo - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly:foo] + + + DocumentRoot @SERVERROOT@/htdocs/modules/proxy + RewriteEngine On + RewriteRule (.*) http://localhost$1 [P] + + + # PR60478: pathological rewrite expansion + = 2.4> + + # This pair of RewriteRules will loop but should eventually 500 once we + # reach LimitRequestLine * 2 bytes. (In this case, @limitrequestline@ * 2 = @limitrequestlinex2@.) + RewriteRule ^(.*)X(.*)$ $1x$2 + # Don't run the test machine out of memory on failure, just stop the loop + RewriteCond expr "util_strlen(%{REQUEST_FILENAME}) -le @limitrequestlinex2@" + RewriteRule X - [N] + + + + + + + + + DocumentRoot @SERVERROOT@/htdocs/modules/proxy + ProxyPass /reverse/notproxy/ ! + ProxyPass /reverse/ http://@SERVERNAME@:@PORT@/ + ProxyPassReverse /reverse/ http://@SERVERNAME@:@PORT@/ + ProxyPassMatch ^/reverse-match/(.*)$ http://@SERVERNAME@:@PORT@/$1 + ProxyPassMatch ^/reverse-slash(/.*)?$ http://@SERVERNAME@:@PORT@$1 + ProxyPassReverseCookieDomain local remote + ProxyPassReverseCookiePath /local /remote + = 2.4.7> + ProxyPass /uds/ unix:/tmp/test-ptf.sock|http: + + + ProxyPass http://@SERVERNAME@:@PORT@/ + + + SetEnvIf Request_URI "^/reverse/locproxy/index.html$" no-proxy + + + + + = 2.3.10> + ProxyAddHeaders off + + ProxyPass /reverse/ http://@SERVERNAME@:@PORT@/ + + + # Noop config to trigger merging bug. + Require all granted + + + + = 2.2.5> + + DocumentRoot @SERVERROOT@/htdocs/modules/proxy + ProxyPassMatch (.*) http://@SERVERNAME@$1 + + + + +## +## @ACCESS_MODULE@ test config +## + + + + AllowOverride Limit + + + +## +## mod_cgi test config +## + + + AddHandler cgi-script .sh + AddHandler cgi-script .pl + ScriptLog @SERVERROOT@/logs/mod_cgi.log + ScriptLogLength 40960 + ScriptLogBuffer 256 + + + Options +ExecCGI + + + + AcceptPathInfo on + + + AcceptPathInfo off + + + AcceptPathInfo default + + + + + + +## +## mod_alias test config +## + + + Alias /alias @SERVERROOT@/htdocs/modules/alias + Alias /bogu /bogus/path/to/nothing + + AliasMatch /ali([0-9]) @SERVERROOT@/htdocs/modules/alias/$1.html + + Redirect permanent /perm http://@SERVERNAME@:@PORT@/alias + Redirect temp /temp http://@SERVERNAME@:@PORT@/alias + Redirect seeother /seeother http://@SERVERNAME@:@PORT@/alias + Redirect gone /gone + Redirect 403 /forbid + + RedirectMatch permanent /p([0-9]) http://@SERVERNAME@:@PORT@/alias/$1.html + RedirectMatch temp /t([0-9]) http://@SERVERNAME@:@PORT@/alias/$1.html + RedirectMatch seeother /s([0-9]) http://@SERVERNAME@:@PORT@/alias/$1.html + RedirectMatch gone /g([0-9]) + RedirectMatch 403 /f([0-9]) + + RedirectTemp /temp2 http://@SERVERNAME@:@PORT@/alias/index.html + RedirectPermanent /perm2 http://@SERVERNAME@:@PORT@/alias/index.html + + Redirect permanent /modules/alias/redirect-me http://@SERVERNAME@:@PORT@/modules/alias/5.html + + ScriptAlias /cgi @SERVERROOT@/htdocs/modules/alias + ScriptAliasMatch /aliascgi-(.*) @SERVERROOT@/htdocs/modules/alias/$1 + + + = 2.4.19> + [0-9])> + Alias @SERVERROOT@/htdocs/modules/alias/%{env:MATCH_NUMBER}.html + + .*)> + ScriptAlias @SERVERROOT@/htdocs/modules/alias/%{env:MATCH_SUFFIX} + + [0-9])> + Redirect permanent http://@SERVERNAME@:@PORT@/alias/%{env:MATCH_NUMBER}.html + + [0-9])> + Redirect temp http://@SERVERNAME@:@PORT@/alias/%{env:MATCH_NUMBER}.html + + [0-9])> + Redirect seeother http://@SERVERNAME@:@PORT@/alias/%{env:MATCH_NUMBER}.html + + + Redirect gone + + + Redirect 403 + + + + + + += 2.5.1> + + Redirect /out-default + + + RedirectRelative ON + Redirect /out-on + + + RedirectRelative OFF + Redirect /out-off + + + Redirect fail-to-construct-url + + + +Alias /manual @inherit_documentroot@/manual + + Order deny,allow + Deny from all + Allow from @servername@ + + +## +## mod_asis test config +## + + + + AddHandler send-as-is asis + + + +## +## mod_headers test config +## + + + + AllowOverride All + + + + AllowOverride All + + + + + Header add mod_headers_foo bar + + + + # Should match anything mapped to disk + + Header append DMMATCH1 1 + + + +## +## mod_dir test config +## + + + + DirectorySlash OFF + + = 2.5.1> + + DirectorySlash NotFound + + + + AllowOverride Indexes + + + +## +## mod_env test config +## + + + PassEnv APACHE_TEST_HOSTNAME + SetEnv ENV_TEST "mod_env test environment variable" + SetEnv ENV_TEST_EMPTY + UnsetEnv UNSET + + PassEnv APACHE_TEST_HOSTTYPE + UnsetEnv APACHE_TEST_HOSTTYPE + + SetEnv NOT_HERE "this will not be here" + UnsetEnv NOT_HERE + + + Options +Includes + + + +## +## mod_setenvif test config +## + + + + Options +Includes + AllowOverride All + + + +## +## mod_dav test config +## + + + + DAVLockDB @SERVERROOT@/logs/davlock.db + + + + DAV On + + + +## +## mod_autoindex test config +## + + + + Options +Indexes + AllowOverride Indexes + + + Options +Indexes + AllowOverride All + + + +## +## LimitRequest* directive testing +## + +LimitRequestLine @limitrequestline@ +LimitRequestFieldSize 1024 +LimitRequestFields 32 + + LimitRequestBody 65536 + + +## +## mod_echo test config +## + + + + ProtocolEcho On + + + + + ProtocolEcho On + SSLEngine On + + + + +## +## mod_deflate test config +## + + + + SetOutputFilter DEFLATE + + + + Options +Includes + DirectoryIndex default.html + AddOutputFilter INCLUDES shtml + SetOutputFilter DEFLATE + + + + + SetOutputFilter BUCKETEER;DEFLATE + + + + + + SetOutputFilter DEFLATE + + + + SetInputFilter DEFLATE + SetHandler echo_post + + + + +### pr17629.t + + + SetOutputFilter CASEFILTER + + + + +## +## Test config for security issues +## + + Options +Includes + AllowOverride All + Order allow,deny + Allow from all + + # for CVE-2005-3352 test: + AddHandler imap-file map + + + + Options +Indexes + + + + Satisfy Any + + +## +## Digest test config +## + + + Alias /digest @DocumentRoot@ + + Require valid-user + AuthType Digest + AuthName realm1 + # 2.0 + + AuthDigestFile @ServerRoot@/realm1 + + # 2.1 + + AuthUserFile realm1 + + + SetEnvIf X-Browser "MSIE" AuthDigestEnableQueryStringHack=On + + + +## +## authz_core test config: authz by user or by env (modules/aaa.t) +## + + + + + + + Alias /authz/digest @DocumentRoot@ + + + Require valid-user + Require env allowed + + AuthType Digest + AuthName realm2 + AuthUserFile realm2 + + + + Alias /authz/basic @DocumentRoot@ + + + Require valid-user + Require env allowed + + AuthType Basic + AuthName basic1 + AuthUserFile basic1 + + + = 2.3.11> + + Alias /authz/fail/401 @DocumentRoot@ + Alias /authz/fail/403 @DocumentRoot@ + + Require user foo + AuthType Basic + AuthName basic1 + AuthUserFile basic1 + + + AuthzSendForbiddenOnFailure On + + + + + + Alias /authz/form @DocumentRoot@ + + AuthFormLoginRequiredLocation http://@SERVERNAME@:@PORT@/authz/login.html + AuthFormLoginSuccessLocation http://@SERVERNAME@:@PORT@/authz/form/ + AuthFormProvider file + AuthType Form + AuthUserFile form1 + AuthName form1 + Session On + SessionCookieName session path=/ + + Require valid-user + Require env allowed + + + + SetHandler form-login-handler + Require all granted + + + + SetEnvIf X-Allowed "yes" allowed + + + + + + +## +## authz_core test config: authz merging (modules/authz_core.t) +## + + + + + + AllowOverride all + + + SetEnvIf X-Allowed1 "yes" allowed1 + SetEnvIf X-Allowed2 "yes" allowed2 + SetEnvIf X-Allowed3 "yes" allowed3 + SetEnvIf X-Allowed4 "yes" allowed4 + + + + + +## +## Configuration for t/modules/ldap.t. +## + + Alias /modules/ldap/simple @DocumentRoot@ + Alias /modules/ldap/group @DocumentRoot@ + Alias /modules/ldap/refer @DocumentRoot@ + + # Simple user lookup + + AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid" + AuthLDAPBindDN "cn=httpd,dc=example,dc=com" + AuthLDAPBindPassword mod_authnz_ldap + AuthType Basic + AuthName ldap-simple@httpd.apache.org + AuthBasicProvider ldap + Require valid-user + + # Static group configuration + + AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid" + AuthLDAPBindDN "cn=httpd,dc=example,dc=com" + AuthLDAPBindPassword mod_authnz_ldap + AuthType Basic + AuthName ldap-group@httpd.apache.org + AuthBasicProvider ldap + Require ldap-group cn=Group One,dc=example,dc=com + + # Referral configuration -- the second user is only found if + # httpd follows the referral. + + AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid" + AuthLDAPBindDN "cn=httpd,dc=example,dc=com" + AuthLDAPBindPassword mod_authnz_ldap + AuthType Basic + AuthName ldap-refer@httpd.apache.org + AuthBasicProvider ldap + Require ldap-group cn=Subgroup,ou=dept,dc=example,dc=com + + + +## +## ErrorDocument handling +## create it's own virtual host so it doesn't interfere +## with other tests for 404 messages +## + + ErrorDocument 404 "per-server 404 + + + ErrorDocument 404 "per-dir 404 + + + + # nothing here + + + + ErrorDocument 404 /modules/expires/expire.html + + + + # special "default" value = restore canned error response + ErrorDocument 404 default + + + + ErrorDocument 404 "testing merge + + + + # 404 should be inherited from /apache + ErrorDocument 500 "hmph + + + + + + Header always set TestDuplicateHeader "shouldnotbeduplicated" + + + + + SetOutputFilter BUCKETEER + + + + + ExtendedStatus On + + + + + + FilterDeclare xother CONTENT_SET + = 2.3.9> + FilterProvider xother CASEFILTER "resp('X-Foo') == 'bar'" + + + FilterProvider xother CASEFILTER resp=X-Foo bar + + FilterChain xother + + + + + Options +Includes + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + + + FilterDeclare pr49328 CONTENT_SET + + FilterProvider pr49328 DEFLATE resp=Content-Type $text/ + + = 2.3.0> + + FilterProvider pr49328 DEFLATE "$content-type = /text\//" + + + = 2.3.9> + FilterProvider pr49328 DEFLATE "%{CONTENT_TYPE} =~ m!text/!" + + FilterChain pr49328 + + + + + AddOutputFilterByType DEFLATE application/xml + AddOutputFilterByType DEFLATE text/xml + AddOutputFilterByType DEFLATE text/css + + + AddOutputFilterByType CASEFILTER application/xml + AddOutputFilterByType CASEFILTER text/xml + AddOutputFilterByType CASEFILTER text/plain + + + + +## +## mod_dumpio configuration +## + + DumpIOInput on + DumpIOOutput on + LogLevel dumpio:trace7 + + +## +## LogLevel configuration +## + + = 2.3.6> + + LogLevel info core:crit + + + LogLevel crit core:info + + + LogLevel crit + + + LogLevel core:info + + + LogLevel crit + + + LogLevel info + + + LogLevel core:crit + + + LogLevel info + + + + + + AllowOverride All + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + Options +Includes + + + + AllowOverride All + + +## +## expression parser test config +## + += 2.3.9> + + AllowOverride All + + AllowOverrideList LogMessage + + + + + + = 2.3.11> + + + ProxyPass /if_sec/proxy/ http://@SERVERNAME@:@PORT@/ + + # Directory context + + + Header merge Out-Trace dir1 + + Header merge Out-Trace nested11 + + Header merge Out-Trace nested111 + + + Header merge Out-Trace nested112 + + + Header merge Out-Trace nested113 + + + + + Header merge Out-Trace dir2 + + + + Header merge Out-Trace dir_files1 + + + + + # Location context + + + Header merge Out-Trace locp1 + + + Header merge Out-Trace locp2 + + + + + Header merge Out-Trace loc1 + + Header merge Out-Trace nested11 + + Header merge Out-Trace nested111 + + + Header merge Out-Trace nested112 + + + Header merge Out-Trace nested113 + + + + + Header merge Out-Trace loc2 + + + + # Files context + + + Header merge Out-Trace files2 + + Header merge Out-Trace nested11 + + Header merge Out-Trace nested111 + + + Header merge Out-Trace nested112 + + + Header merge Out-Trace nested113 + + + + + + # Global context + + Header merge Out-Trace global1 + + Header merge Out-Trace nested11 + + Header merge Out-Trace nested111 + + + Header merge Out-Trace nested112 + + + Header merge Out-Trace nested113 + + + + + + + + + + = 2.3.15> + + AliasMatch /maxranges/([^/])+/ @SERVERROOT@/htdocs/apache/chunked/byteranges.txt + + MaxRanges none + + + MaxRanges default + + + MaxRanges 1 + + + MaxRanges 2 + + + MaxRanges none + + + MaxRanges unlimited + + + + = 2.2.21> + + AliasMatch /maxranges/([^/])+/ @SERVERROOT@/htdocs/apache/chunked/byteranges.txt + + MaxRanges none + + + MaxRanges default + + + MaxRanges 1 + + + MaxRanges 2 + + + MaxRanges none + + + MaxRanges unlimited + + + + + + + + AddHandler lua-script .lua + LuaHookTranslateName @SERVERROOT@/htdocs/modules/lua/translate.lua translate_name + + LuaHookTranslateName @SERVERROOT@/htdocs/modules/lua/translate.lua translate_name2 + LuaInherit parent-last + + + LuaHookTranslateName @SERVERROOT@/htdocs/modules/lua/translate.lua translate_name2 + LuaInherit parent-first + + + LuaHookTranslateName @SERVERROOT@/htdocs/modules/lua/translate.lua translate_name2 + # default: LuaInherit parent-first + + + # Filtering tests + LuaOutputFilter LUA_OUTPUT @SERVERROOT@/htdocs/modules/lua/filters.lua output_filter + Alias /modules/lua/filtered @DocumentRoot@ + + SetOutputFilter LUA_OUTPUT + + + + +# +# Strict HTTP mode test config +# + + = 2.2.32> + + Options +ExecCGI + AddHandler cgi-script .pl + + + DocumentRoot @SERVERROOT@/htdocs/ + HttpProtocolOptions Unsafe Allow0.9 + + + # Use two examples to ensure multiple bad headers are caught + # Note the vertical tab (^K or 0x0B) embedded in the header value + Header always set X-Bad "vertical tab" + Header always set X?Bad "badly named header" + + + + + DocumentRoot @SERVERROOT@/htdocs/ + HttpProtocolOptions Strict Require1.0 RegisteredMethods + + + # Use two examples to ensure multiple bad headers are caught + # Note the vertical tab (^K or 0x0B) embedded in the header value + Header always set X-Bad "vertical tab" + Header always set X?Bad "badly named header" + + + + + + +# +# mod_brotli test config +# + + + + # Reuse existing data for mod_deflate + Alias /only_brotli @SERVERROOT@/htdocs/modules/deflate + + SetOutputFilter BROTLI_COMPRESS + + + + Alias /brotli_and_deflate @SERVERROOT@/htdocs/modules/deflate + + SetOutputFilter BROTLI_COMPRESS;DEFLATE + + + + + + +# +# test config (see t/apache/iffile.t) +# + + = 2.4.34> + + + + # First, the IfFiles that should succeed. + + Header merge X-Out success1 + + + Header merge X-Out success2 + + + Header merge X-Out success3 + + + Header merge X-Out success4 + + + Header merge X-Out success5 + + # Followed by the IfFiles that should fail. + + Header merge X-Out fail1 + + + Header merge X-Out fail2 + + + Header merge X-Out fail3 + + + Header merge X-Out fail4 + + + Header merge X-Out fail5 + + + + + + + + +# +# t/modules/ext_filter.t test config +# + + + ExtFilterDefine foo-to-bar mode=output cmd="@SERVERROOT@/htdocs/modules/ext_filter/eval-cmd.pl s,foo,bar,g" + ExtFilterDefine ifoo-to-bar mode=input cmd="@SERVERROOT@/htdocs/modules/ext_filter/eval-cmd.pl s,foo,bar,g" + ExtFilterDefine sleepy-cat-out mode=output cmd=@SERVERROOT@/htdocs/modules/ext_filter/sleepycat.pl + ExtFilterDefine sleepy-cat-in mode=input cmd=@SERVERROOT@/htdocs/modules/ext_filter/sleepycat.pl + AliasMatch /apache/extfilter/[^/]+/(.*) @DocumentRoot@/$1 + + + SetOutputFilter foo-to-bar + + + + SetOutputFilter sleepy-cat-out + + + + SetInputFilter ifoo-to-bar + + + + SetOutputFilter foo-to-bar + LimitRequestBody 6 + + + + + +## +## mod_ssl_ct configuration +## + + # If mod_ssl_ct is loaded, CTSCTStorage is needed to pass the configtest. + CTSCTStorage . + + +## +## mod_remote_ip configuration +## + + + DocumentRoot @SERVERROOT@/htdocs/modules/remoteip + = 2.4.30> + RemoteIPProxyProtocol On + + + + + + + AliasMatch ^/apache/ratelimit/autoindex/$ @SERVERROOT@/htdocs/ + AliasMatch ^/apache/ratelimit/$ @SERVERROOT@/htdocs/index.html + + Options +Indexes + SetOutputFilter RATE_LIMIT + + SetEnv rate-limit 1024 + SetEnv rate-initial-burst 512 + + + + SetHandler random_chunk + + + + + + SetHandler reflector + # Do not set any filter + ReflectorHeader header2reflect + ReflectorHeader header2update header2updateUpdated + + + SetHandler reflector + SetOutputFilter DEFLATE + ReflectorHeader header2reflect + ReflectorHeader header2update header2updateUpdated + + + + + + Options +Indexes + + = 2.5.1> + + AllowMethods -POST + + + + AllowMethods GET + + = 2.5.1> + + AllowMethods +POST + + + AllowMethods -GET + + + + AllowMethods HEAD + + + AllowMethods POST + + + AllowMethods reset + + + + + + + SetHandler reflector + SetInputFilter BUFFER + + + SetHandler reflector + SetOutputFilter BUFFER + + + SetHandler reflector + SetInputFilter BUFFER + SetOutputFilter BUFFER + + + + + + + SetOutputFilter DATA + + + + + + CookieTracking on + CookieName usertrack_test + CookieExpires "60 seconds" + + + + + + Session On + SessionCookieName thisisatest path=/ + SessionMaxAge 1 + + + + + + CheckSpelling on + + + CheckSpelling on + CheckCaseOnly on + + + + + ScriptAlias /cgi_mod_actions @SERVERROOT@/htdocs/modules/cgi + + SetHandler my-handler + Action my-handler "/cgi_mod_actions/perl_echo.pl" virtual + + + + AddHandler my-file-type1 .xyz1 + Action my-file-type1 "/cgi_mod_actions/perl_echo.pl" + AddHandler my-file-type2 .xyz2 + Action my-file-type2 "/cgi_mod_actions/perl_echo.pl" virtual + + + + Script GET "/cgi_mod_actions/perl_echo.pl" + Script POST "/cgi_mod_actions/perl_post.pl" + + + + + + HeartbeatListen 239.0.0.1:27999 + HeartbeatAddress 239.0.0.1:27999 + + + +# +# t/modules/sed.t test config +# + + AliasMatch /apache/sed/[^/]+/(.*) @DocumentRoot@/$1 + + + AddOutputFilter sed .html + + + + OutputSed "s/foo/bar/g" + + + + diff --git a/debian/perl-framework/t/conf/http2.conf.in b/debian/perl-framework/t/conf/http2.conf.in new file mode 100644 index 0000000..2e6ca67 --- /dev/null +++ b/debian/perl-framework/t/conf/http2.conf.in @@ -0,0 +1,105 @@ +## +## mod_http2 test config +## + + + + + LogLevel http2:debug + + + Protocols h2c http/1.1 + + + + Options +ExecCGI + AddHandler cgi-script .pl + + + + + + + + RewriteEngine on + RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC] + + + + + + + + Protocols h2 http/1.1 + H2Direct on + + SSLEngine on + SSLCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLCACertificatePath @ServerRoot@/conf/ssl + SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + SSLCARevocationCheck chain + + # taken from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + # + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK + SSLProtocol All -SSLv2 -SSLv3 + SSLOptions +StdEnvVars + + = 2.4.18> + # need this off as long as we ran on old openssl + H2ModernTLSOnly off + + + + + Options +ExecCGI + AddHandler cgi-script .pl + + + + + + + RewriteEngine on + RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC] + + + + + + Protocols http/1.1 + H2Direct off + + + + Protocols h2 http/1.1 + H2Direct on + + SSLEngine on + SSLCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLCACertificatePath @ServerRoot@/conf/ssl + SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + SSLCARevocationCheck chain + + # taken from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + # + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK + SSLProtocol All -SSLv2 -SSLv3 + SSLOptions +StdEnvVars + + + + + Protocols http/1.1 h2 + H2Direct on + + + + + + + + + + + diff --git a/debian/perl-framework/t/conf/include-ssi-exec.conf.in b/debian/perl-framework/t/conf/include-ssi-exec.conf.in new file mode 100644 index 0000000..42b72f9 --- /dev/null +++ b/debian/perl-framework/t/conf/include-ssi-exec.conf.in @@ -0,0 +1,499 @@ +# Test cases for Includes options inheritance, see test case +# t/security/CVE-2009-1195.t + + += 2.1.0> + + + + Options None + AllowOverride Options=IncludesNoExec + + + Options None + AllowOverride Options=IncludesNoExec + + + Options None + AllowOverride Options=IncludesNoExec + + + Options None + AllowOverride Options=IncludesNoExec + + + Options None + AllowOverride Options=IncludesNoExec + + + Options None + AllowOverride Options=IncludesNoExec + + + Options None + AllowOverride Options=IncludesNoExec + + + Options None + AllowOverride Options=IncludesNoExec + + + Options None + AllowOverride Options=IncludesNoExec + + + Options None + AllowOverride Options=IncludesNoExec + + + Options None + AllowOverride Options=Includes + + + Options None + AllowOverride Options=Includes + + + Options None + AllowOverride Options=Includes + + + Options None + AllowOverride Options=Includes + + + Options None + AllowOverride Options=Includes + + + Options None + AllowOverride Options=Includes + + + Options None + AllowOverride Options=Includes + + + Options None + AllowOverride Options=Includes + + + Options None + AllowOverride Options=Includes + + + Options None + AllowOverride Options=Includes + + + Options None + AllowOverride All + + + Options None + AllowOverride All + + + Options None + AllowOverride All + + + Options None + AllowOverride All + + + Options None + AllowOverride All + + + Options None + AllowOverride All + + + Options None + AllowOverride All + + + Options None + AllowOverride All + + + Options None + AllowOverride All + + + Options None + AllowOverride All + + + Options None + AllowOverride None + + + Options None + AllowOverride None + + + Options None + AllowOverride None + + + Options None + AllowOverride None + + + Options None + AllowOverride None + + + Options None + AllowOverride None + + + Options None + AllowOverride None + + + Options None + AllowOverride None + + + Options None + AllowOverride None + + + Options None + AllowOverride None + + + Options IncludesNoExec + AllowOverride Options=IncludesNoExec + + + Options IncludesNoExec + AllowOverride Options=IncludesNoExec + + + Options IncludesNoExec + AllowOverride Options=IncludesNoExec + + + Options IncludesNoExec + AllowOverride Options=IncludesNoExec + + + Options IncludesNoExec + AllowOverride Options=IncludesNoExec + + + Options IncludesNoExec + AllowOverride Options=IncludesNoExec + + + Options IncludesNoExec + AllowOverride Options=IncludesNoExec + + + Options IncludesNoExec + AllowOverride Options=IncludesNoExec + + + Options IncludesNoExec + AllowOverride Options=IncludesNoExec + + + Options IncludesNoExec + AllowOverride Options=IncludesNoExec + + + Options IncludesNoExec + AllowOverride Options=Includes + + + Options IncludesNoExec + AllowOverride Options=Includes + + + Options IncludesNoExec + AllowOverride Options=Includes + + + Options IncludesNoExec + AllowOverride Options=Includes + + + Options IncludesNoExec + AllowOverride Options=Includes + + + Options IncludesNoExec + AllowOverride Options=Includes + + + Options IncludesNoExec + AllowOverride Options=Includes + + + Options IncludesNoExec + AllowOverride Options=Includes + + + Options IncludesNoExec + AllowOverride Options=Includes + + + Options IncludesNoExec + AllowOverride Options=Includes + + + Options IncludesNoExec + AllowOverride All + + + Options IncludesNoExec + AllowOverride All + + + Options IncludesNoExec + AllowOverride All + + + Options IncludesNoExec + AllowOverride All + + + Options IncludesNoExec + AllowOverride All + + + Options IncludesNoExec + AllowOverride All + + + Options IncludesNoExec + AllowOverride All + + + Options IncludesNoExec + AllowOverride All + + + Options IncludesNoExec + AllowOverride All + + + Options IncludesNoExec + AllowOverride All + + + Options IncludesNoExec + AllowOverride None + + + Options IncludesNoExec + AllowOverride None + + + Options IncludesNoExec + AllowOverride None + + + Options IncludesNoExec + AllowOverride None + + + Options IncludesNoExec + AllowOverride None + + + Options IncludesNoExec + AllowOverride None + + + Options IncludesNoExec + AllowOverride None + + + Options IncludesNoExec + AllowOverride None + + + Options IncludesNoExec + AllowOverride None + + + Options IncludesNoExec + AllowOverride None + + + Options Includes + AllowOverride Options=IncludesNoExec + + + Options Includes + AllowOverride Options=IncludesNoExec + + + Options Includes + AllowOverride Options=IncludesNoExec + + + Options Includes + AllowOverride Options=IncludesNoExec + + + Options Includes + AllowOverride Options=IncludesNoExec + + + Options Includes + AllowOverride Options=IncludesNoExec + + + Options Includes + AllowOverride Options=IncludesNoExec + + + Options Includes + AllowOverride Options=IncludesNoExec + + + Options Includes + AllowOverride Options=IncludesNoExec + + + Options Includes + AllowOverride Options=IncludesNoExec + + + Options Includes + AllowOverride Options=Includes + + + Options Includes + AllowOverride Options=Includes + + + Options Includes + AllowOverride Options=Includes + + + Options Includes + AllowOverride Options=Includes + + + Options Includes + AllowOverride Options=Includes + + + Options Includes + AllowOverride Options=Includes + + + Options Includes + AllowOverride Options=Includes + + + Options Includes + AllowOverride Options=Includes + + + Options Includes + AllowOverride Options=Includes + + + Options Includes + AllowOverride Options=Includes + + + Options Includes + AllowOverride All + + + Options Includes + AllowOverride All + + + Options Includes + AllowOverride All + + + Options Includes + AllowOverride All + + + Options Includes + AllowOverride All + + + Options Includes + AllowOverride All + + + Options Includes + AllowOverride All + + + Options Includes + AllowOverride All + + + Options Includes + AllowOverride All + + + Options Includes + AllowOverride All + + + Options Includes + AllowOverride None + + + Options Includes + AllowOverride None + + + Options Includes + AllowOverride None + + + Options Includes + AllowOverride None + + + Options Includes + AllowOverride None + + + Options Includes + AllowOverride None + + + Options Includes + AllowOverride None + + + Options Includes + AllowOverride None + + + Options Includes + AllowOverride None + + + Options Includes + AllowOverride None + + + Options Includes + AllowOverride None + + +# Just a dummy directive that is always available to make this a valid block + FileETag All + + + + + diff --git a/debian/perl-framework/t/conf/include.conf.in b/debian/perl-framework/t/conf/include.conf.in new file mode 100644 index 0000000..349f565 --- /dev/null +++ b/debian/perl-framework/t/conf/include.conf.in @@ -0,0 +1,82 @@ +## +## mod_include test config +## + + + + AddType text/html .shtml + + + AddHandler server-parsed .shtml + + + AddOutputFilter INCLUDES .shtml + + + + = 2.3.13> + SSILegacyExprParser on + + Options +IncludesNOEXEC + + + + = 2.3.13> + SSILegacyExprParser off + + Options +IncludesNOEXEC + + + + Options +IncludesNOEXEC + XBitHack on + + + + Options Includes + XBitHack on + + + + Options +IncludesNOEXEC + XBitHack full + + + + Options Includes + + + + Options Includes + KeptBodySize 32 + + + + + + SetOutputFilter BUCKETEER + + + + + + # fallback host + + + + + SSIStartTag ---> + SSIEndTag ---> + + + + SSIStartTag ---> + SSIEndTag printenw + + + + SSIUndefinedEcho "" + + + + diff --git a/debian/perl-framework/t/conf/proxy.conf.in b/debian/perl-framework/t/conf/proxy.conf.in new file mode 100644 index 0000000..a199ca8 --- /dev/null +++ b/debian/perl-framework/t/conf/proxy.conf.in @@ -0,0 +1,194 @@ +#t/TEST -proxy + + + + + ProxyRequests On + + + = 2.4.49> + # Test the mapping. + ProxyPass /mapping http://@SERVERNAME@:@PORT@/servlet mapping=servlet + + + + + + # Suppress the error_log spam every 100ms watchdog cycle at trace5 + LogLevel proxy_hcheck:trace4 + + + + + + DocumentRoot @SERVERROOT@/htdocs + + + + DocumentRoot @SERVERROOT@/htdocs + + + + + + + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1 + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL2_PORT@ loadfactor=1 + + ProxySet balancer://foo1 lbmethod=byrequests + + ProxyPass balancer://foo1/ + + + + + + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1 + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL2_PORT@ loadfactor=1 + + ProxySet balancer://foo2 lbmethod=bytraffic + + ProxyPass balancer://foo2/ + + + + + + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1 + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL2_PORT@ loadfactor=1 + + ProxySet balancer://foo3 lbmethod=bybusyness + + ProxyPass balancer://foo3/ + + + + + + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1 + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL2_PORT@ loadfactor=1 + + ProxySet balancer://foo4 lbmethod=heartbeat + + # TODO heartbeat needs additional configuration to have it work + ProxyPass balancer://foo4/ + + + + ## PR 45434 tests + + BalancerMember http://@SERVERNAME@:@PORT@/modules + + + ProxyPass /pr45434 balancer://pr45434/alias + ProxyPassReverse /pr45434 balancer://pr45434/alias + + + BalancerMember http://@SERVERNAME@:@NextAvailablePort@ loadfactor=1 retry=1ms + BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1 status=H + + ProxyPassMatch ^/baltest_echo_post balancer://failover/echo_post + + ## Test "dynamic balancer + + ProxySet growth=10 + + + SetHandler balancer-manager + Allow from all + + ProxyPass /dynproxy balancer://dynproxy/ + + + + + +# +# Test config for FCGI (see t/modules/proxy_fcgi.t) +# + + # XXX we have no way to retrieve the NextAvailablePort from Apache::Test... + Define FCGI_PORT @NextAvailablePort@ + + + = 2.4.26> + # ProxyFCGISetEnvIf tests + + SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT} + + ProxyFCGISetEnvIf true QUERY_STRING test_value + ProxyFCGISetEnvIf true TEST_EMPTY + ProxyFCGISetEnvIf false TEST_NOT_SET + ProxyFCGISetEnvIf true TEST_DOCROOT "%{DOCUMENT_ROOT}" + ProxyFCGISetEnvIf "reqenv('GATEWAY_INTERFACE') =~ m#CGI/(.\..)#" TEST_CGI_VERSION "v$1" + ProxyFCGISetEnvIf true !REMOTE_ADDR + + + + + + SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT} + + + + = 2.4.26> + + ProxyFCGIBackendType GENERIC + + SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT} + + + + ProxyFCGIBackendType FPM + + + + + = 2.4.26> + + ProxyFCGIBackendType GENERIC + RewriteEngine On + RewriteRule ^.*\.php(/.*)?$ fcgi://127.0.0.1:${FCGI_PORT}@SERVERROOT@/htdocs/modules/proxy/fcgi-generic-rewrite/$0 [L,P] + + + + + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^.*$ index.php/$0 [L] + + SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT} + + + + + + #AddType application/x-php-fpm .php + Action application/x-php-fpm /php/fpm/action virtual + + SetHandler proxy:fcgi://localhost:9001 + + + AddType application/x-fcgi-action .php + Action application/x-fcgi-action /fcgi-action-virtual virtual + + + SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT} + + Action application/x-php-fpm /php-fpm-pp/ + ProxyPass /php-fpm-pp/ fcgi://localhost:9001/@SERVERROOT@/htdocs/ + ProxyPassReverse /php-fpm-pp/ fcgi://localhost:9001/@SERVERROOT@/htdocs/ + + + + + + ProxyPass /proxy/wsoc ws://@SERVERNAME@:@PORT@/modules/lua/websockets.lua + + + + + + AllowOverride All + + diff --git a/debian/perl-framework/t/conf/ssl/README b/debian/perl-framework/t/conf/ssl/README new file mode 100644 index 0000000..dc86a58 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/README @@ -0,0 +1,17 @@ +certs/ + client_revoked.crt - client certificate that has been revoked + client_ok.crt - valid client certificate + client_snakeoil.crt - valid client certificate (different DN from above) + server.crt - the server certificate + ca-bundle.crt - the test server CA certificate, used to + sign above certs + +keys/ - private keys for above certificates + client_revoked.pem + client_ok.pem + client_snakeoil.pem + server.pem + +crl/ + ca-bundle.crl - certificate revocation list (client_revoked.crt) + diff --git a/debian/perl-framework/t/conf/ssl/ca-bundle-duplicates.crt b/debian/perl-framework/t/conf/ssl/ca-bundle-duplicates.crt new file mode 100644 index 0000000..ca35140 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/ca-bundle-duplicates.crt @@ -0,0 +1,114 @@ +#some duplicates of certs found in mod_ssl-2.x.x-1.3.xx/pkg.sslcfg/ca-bundle.crt +#to make sure mod_ssl can handle duplicates + +ABAecom (sub., Am. Bankers Assn.) Root CA +========================================= +MD5 Fingerprint: 82:12:F7:89:E1:0B:91:60:A4:B6:22:9F:94:68:11:92 +PEM Data: +-----BEGIN CERTIFICATE----- +MIID+DCCAuCgAwIBAgIRANAeQJAAACdLAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw +gYwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExh +a2UgQ2l0eTEYMBYGA1UEChMPWGNlcnQgRVogYnkgRFNUMRgwFgYDVQQDEw9YY2Vy +dCBFWiBieSBEU1QxITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAe +Fw05OTA3MTQxNjE0MThaFw0wOTA3MTExNjE0MThaMIGMMQswCQYDVQQGEwJVUzEN +MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxGDAWBgNVBAoT +D1hjZXJ0IEVaIGJ5IERTVDEYMBYGA1UEAxMPWGNlcnQgRVogYnkgRFNUMSEwHwYJ +KoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCtVBjetL/3reh0qu2LfI/C1HUa1YS5tmL8ie/kl2GS+x24 +4VpHNJ6eBiL70+o4y7iLB/caoBd3B1owHNQpOCDXJ0DYUJNDv9IYoil2BXKqa7Zp +mKt5Hhxl9WqL/MUWqqJy2mDtTm4ZJXoKHTDjUJtCPETrobAgHtsCfv49H7/QAIrb +QHamGKUVp1e2UsIBF5h3j4qBxhq0airmr6nWAKzP2BVJfNsbof6B+of505DBAsD5 +0ELpkWglX8a/hznplQBgKL+DLMDnXrbXNhbnYId26OcnsiUNi3rlqh3lWc3OCw5v +xsic4xDZhTnTt5v6xrp8dNJddVardKSiUb9SfO5xAgMBAAGjUzBRMA8GA1UdEwEB +/wQFMAMBAf8wHwYDVR0jBBgwFoAUCCBsZuuBCmxc1bWmPEHdHJaRJ3cwHQYDVR0O +BBYEFAggbGbrgQpsXNW1pjxB3RyWkSd3MA0GCSqGSIb3DQEBBQUAA4IBAQBah1iP +Lat2IWtUDNnxQfZOzSue4x+boy1/2St9WMhnpCn16ezVvZY/o3P4xFs2fNBjLDQ5 +m0i4PW/2FMWeY+anNG7T6DOzxzwYbiOuQ5KZP5jFaTDxNjutuTCC1rZZFpYCCykS +YbQRifcML5SQhZgonFNsfmPdc/QZ/0qB0bJSI/08SjTOWhvgUIrtT4GV2GDn5MQN +u1g+WPdOaG8+Z8nLepcWJ+xCYRR2uwDF6wg9FX9LtiJdhzuQ9PPA/jez6dliDMDD +Wa9gvR8N26E0HzDEPYutsB0Ek+1f1eS/IDAE9EjpMwHRLpAnUrOb3jocq6mXf5vr +wo3CbezcE9NGxXl8 +-----END CERTIFICATE----- +Certificate Ingredients: + Data: + Version: 3 (0x2) + Serial Number: + d0:1e:40:90:00:00:27:4b:00:00:00:01:00:00:00:04 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com + Validity + Not Before: Jul 14 16:14:18 1999 GMT + Not After : Jul 11 16:14:18 2009 GMT + Subject: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:ad:54:18:de:b4:bf:f7:ad:e8:74:aa:ed:8b:7c: + 8f:c2:d4:75:1a:d5:84:b9:b6:62:fc:89:ef:e4:97: + 61:92:fb:1d:b8:e1:5a:47:34:9e:9e:06:22:fb:d3: + ea:38:cb:b8:8b:07:f7:1a:a0:17:77:07:5a:30:1c: + d4:29:38:20:d7:27:40:d8:50:93:43:bf:d2:18:a2: + 29:76:05:72:aa:6b:b6:69:98:ab:79:1e:1c:65:f5: + 6a:8b:fc:c5:16:aa:a2:72:da:60:ed:4e:6e:19:25: + 7a:0a:1d:30:e3:50:9b:42:3c:44:eb:a1:b0:20:1e: + db:02:7e:fe:3d:1f:bf:d0:00:8a:db:40:76:a6:18: + a5:15:a7:57:b6:52:c2:01:17:98:77:8f:8a:81:c6: + 1a:b4:6a:2a:e6:af:a9:d6:00:ac:cf:d8:15:49:7c: + db:1b:a1:fe:81:fa:87:f9:d3:90:c1:02:c0:f9:d0: + 42:e9:91:68:25:5f:c6:bf:87:39:e9:95:00:60:28: + bf:83:2c:c0:e7:5e:b6:d7:36:16:e7:60:87:76:e8: + e7:27:b2:25:0d:8b:7a:e5:aa:1d:e5:59:cd:ce:0b: + 0e:6f:c6:c8:9c:e3:10:d9:85:39:d3:b7:9b:fa:c6: + ba:7c:74:d2:5d:75:56:ab:74:a4:a2:51:bf:52:7c: + ee:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77 + + X509v3 Subject Key Identifier: + 08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77 + Signature Algorithm: sha1WithRSAEncryption + 5a:87:58:8f:2d:ab:76:21:6b:54:0c:d9:f1:41:f6:4e:cd:2b: + 9e:e3:1f:9b:a3:2d:7f:d9:2b:7d:58:c8:67:a4:29:f5:e9:ec: + d5:bd:96:3f:a3:73:f8:c4:5b:36:7c:d0:63:2c:34:39:9b:48: + b8:3d:6f:f6:14:c5:9e:63:e6:a7:34:6e:d3:e8:33:b3:c7:3c: + 18:6e:23:ae:43:92:99:3f:98:c5:69:30:f1:36:3b:ad:b9:30: + 82:d6:b6:59:16:96:02:0b:29:12:61:b4:11:89:f7:0c:2f:94: + 90:85:98:28:9c:53:6c:7e:63:dd:73:f4:19:ff:4a:81:d1:b2: + 52:23:fd:3c:4a:34:ce:5a:1b:e0:50:8a:ed:4f:81:95:d8:60: + e7:e4:c4:0d:bb:58:3e:58:f7:4e:68:6f:3e:67:c9:cb:7a:97: + 16:27:ec:42:61:14:76:bb:00:c5:eb:08:3d:15:7f:4b:b6:22: + 5d:87:3b:90:f4:f3:c0:fe:37:b3:e9:d9:62:0c:c0:c3:59:af: + 60:bd:1f:0d:db:a1:34:1f:30:c4:3d:8b:ad:b0:1d:04:93:ed: + 5f:d5:e4:bf:20:30:04:f4:48:e9:33:01:d1:2e:90:27:52:b3: + 9b:de:3a:1c:ab:a9:97:7f:9b:eb:c2:8d:c2:6d:ec:dc:13:d3: + 46:c5:79:7c + +ANX Network CA by DST +===================== +MD5 Fingerprint: A8:ED:DE:EB:93:88:66:D8:2F:C3:BD:1D:BE:45:BE:4D +PEM Data: +-----BEGIN CERTIFICATE----- +MIIDTTCCAragAwIBAgIENm6ibzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV +UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMR0wGwYDVQQL +ExREU1QgKEFOWCBOZXR3b3JrKSBDQTAeFw05ODEyMDkxNTQ2NDhaFw0xODEyMDkx +NjE2NDhaMFIxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy +ZSBUcnVzdCBDby4xHTAbBgNVBAsTFERTVCAoQU5YIE5ldHdvcmspIENBMIGdMA0G +CSqGSIb3DQEBAQUAA4GLADCBhwKBgQC0SBGAWKDVpZkP9jcsRLZu0XzzKmueEbaI +IwRccSWeahJ3EW6/aDllqPay9qIYsokVoGe3eowiSGv2hDQftsr3G3LL8ltI04ce +InYTBLSsbJZ/5w4IyTJRMC3VgOghZ7rzXggkLAdZnZAa7kbJtaQelrRBkdR/0o04 +JrBvQ24JfQIBA6OCATAwggEsMBEGCWCGSAGG+EIBAQQEAwIABzB0BgNVHR8EbTBr +MGmgZ6BlpGMwYTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0 +dXJlIFRydXN0IENvLjEdMBsGA1UECxMURFNUIChBTlggTmV0d29yaykgQ0ExDTAL +BgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxNTQ2NDhagQ8yMDE4MTIw +OTE1NDY0OFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFIwWVXDMFgpTZMKlhKqz +ZBdDP4I2MB0GA1UdDgQWBBSMFlVwzBYKU2TCpYSqs2QXQz+CNjAMBgNVHRMEBTAD +AQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GB +AEklyWCxDF+pORDTxTRVfc95wynr3vnCQPnoVsXwL+z02exIUbhjOF6TbhiWhbnK +UJykuOpmJmiThW9vTHHQvnoLPDG5975pnhDX0UDorBZxq66rOOFwscqSFuBdhaYY +gAYAnOGmGEJRp2hoWe8mlF+tMQz+KR4XAYQ3W+gSMqNd +-----END CERTIFICATE----- diff --git a/debian/perl-framework/t/conf/ssl/ca-bundle-sample.crt b/debian/perl-framework/t/conf/ssl/ca-bundle-sample.crt new file mode 100644 index 0000000..85b5f36 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/ca-bundle-sample.crt @@ -0,0 +1,393 @@ +#pkg.sslcfg/ca-bundle.crt is ~250k, so it is not checked into cvs +#for better test results, copy that file into this directory +#and leave this one in place + +ABAecom (sub., Am. Bankers Assn.) Root CA +========================================= +MD5 Fingerprint: 82:12:F7:89:E1:0B:91:60:A4:B6:22:9F:94:68:11:92 +PEM Data: +-----BEGIN CERTIFICATE----- +MIID+DCCAuCgAwIBAgIRANAeQJAAACdLAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw +gYwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExh +a2UgQ2l0eTEYMBYGA1UEChMPWGNlcnQgRVogYnkgRFNUMRgwFgYDVQQDEw9YY2Vy +dCBFWiBieSBEU1QxITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAe +Fw05OTA3MTQxNjE0MThaFw0wOTA3MTExNjE0MThaMIGMMQswCQYDVQQGEwJVUzEN +MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxGDAWBgNVBAoT +D1hjZXJ0IEVaIGJ5IERTVDEYMBYGA1UEAxMPWGNlcnQgRVogYnkgRFNUMSEwHwYJ +KoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCtVBjetL/3reh0qu2LfI/C1HUa1YS5tmL8ie/kl2GS+x24 +4VpHNJ6eBiL70+o4y7iLB/caoBd3B1owHNQpOCDXJ0DYUJNDv9IYoil2BXKqa7Zp +mKt5Hhxl9WqL/MUWqqJy2mDtTm4ZJXoKHTDjUJtCPETrobAgHtsCfv49H7/QAIrb +QHamGKUVp1e2UsIBF5h3j4qBxhq0airmr6nWAKzP2BVJfNsbof6B+of505DBAsD5 +0ELpkWglX8a/hznplQBgKL+DLMDnXrbXNhbnYId26OcnsiUNi3rlqh3lWc3OCw5v +xsic4xDZhTnTt5v6xrp8dNJddVardKSiUb9SfO5xAgMBAAGjUzBRMA8GA1UdEwEB +/wQFMAMBAf8wHwYDVR0jBBgwFoAUCCBsZuuBCmxc1bWmPEHdHJaRJ3cwHQYDVR0O +BBYEFAggbGbrgQpsXNW1pjxB3RyWkSd3MA0GCSqGSIb3DQEBBQUAA4IBAQBah1iP +Lat2IWtUDNnxQfZOzSue4x+boy1/2St9WMhnpCn16ezVvZY/o3P4xFs2fNBjLDQ5 +m0i4PW/2FMWeY+anNG7T6DOzxzwYbiOuQ5KZP5jFaTDxNjutuTCC1rZZFpYCCykS +YbQRifcML5SQhZgonFNsfmPdc/QZ/0qB0bJSI/08SjTOWhvgUIrtT4GV2GDn5MQN +u1g+WPdOaG8+Z8nLepcWJ+xCYRR2uwDF6wg9FX9LtiJdhzuQ9PPA/jez6dliDMDD +Wa9gvR8N26E0HzDEPYutsB0Ek+1f1eS/IDAE9EjpMwHRLpAnUrOb3jocq6mXf5vr +wo3CbezcE9NGxXl8 +-----END CERTIFICATE----- +Certificate Ingredients: + Data: + Version: 3 (0x2) + Serial Number: + d0:1e:40:90:00:00:27:4b:00:00:00:01:00:00:00:04 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com + Validity + Not Before: Jul 14 16:14:18 1999 GMT + Not After : Jul 11 16:14:18 2009 GMT + Subject: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:ad:54:18:de:b4:bf:f7:ad:e8:74:aa:ed:8b:7c: + 8f:c2:d4:75:1a:d5:84:b9:b6:62:fc:89:ef:e4:97: + 61:92:fb:1d:b8:e1:5a:47:34:9e:9e:06:22:fb:d3: + ea:38:cb:b8:8b:07:f7:1a:a0:17:77:07:5a:30:1c: + d4:29:38:20:d7:27:40:d8:50:93:43:bf:d2:18:a2: + 29:76:05:72:aa:6b:b6:69:98:ab:79:1e:1c:65:f5: + 6a:8b:fc:c5:16:aa:a2:72:da:60:ed:4e:6e:19:25: + 7a:0a:1d:30:e3:50:9b:42:3c:44:eb:a1:b0:20:1e: + db:02:7e:fe:3d:1f:bf:d0:00:8a:db:40:76:a6:18: + a5:15:a7:57:b6:52:c2:01:17:98:77:8f:8a:81:c6: + 1a:b4:6a:2a:e6:af:a9:d6:00:ac:cf:d8:15:49:7c: + db:1b:a1:fe:81:fa:87:f9:d3:90:c1:02:c0:f9:d0: + 42:e9:91:68:25:5f:c6:bf:87:39:e9:95:00:60:28: + bf:83:2c:c0:e7:5e:b6:d7:36:16:e7:60:87:76:e8: + e7:27:b2:25:0d:8b:7a:e5:aa:1d:e5:59:cd:ce:0b: + 0e:6f:c6:c8:9c:e3:10:d9:85:39:d3:b7:9b:fa:c6: + ba:7c:74:d2:5d:75:56:ab:74:a4:a2:51:bf:52:7c: + ee:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77 + + X509v3 Subject Key Identifier: + 08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77 + Signature Algorithm: sha1WithRSAEncryption + 5a:87:58:8f:2d:ab:76:21:6b:54:0c:d9:f1:41:f6:4e:cd:2b: + 9e:e3:1f:9b:a3:2d:7f:d9:2b:7d:58:c8:67:a4:29:f5:e9:ec: + d5:bd:96:3f:a3:73:f8:c4:5b:36:7c:d0:63:2c:34:39:9b:48: + b8:3d:6f:f6:14:c5:9e:63:e6:a7:34:6e:d3:e8:33:b3:c7:3c: + 18:6e:23:ae:43:92:99:3f:98:c5:69:30:f1:36:3b:ad:b9:30: + 82:d6:b6:59:16:96:02:0b:29:12:61:b4:11:89:f7:0c:2f:94: + 90:85:98:28:9c:53:6c:7e:63:dd:73:f4:19:ff:4a:81:d1:b2: + 52:23:fd:3c:4a:34:ce:5a:1b:e0:50:8a:ed:4f:81:95:d8:60: + e7:e4:c4:0d:bb:58:3e:58:f7:4e:68:6f:3e:67:c9:cb:7a:97: + 16:27:ec:42:61:14:76:bb:00:c5:eb:08:3d:15:7f:4b:b6:22: + 5d:87:3b:90:f4:f3:c0:fe:37:b3:e9:d9:62:0c:c0:c3:59:af: + 60:bd:1f:0d:db:a1:34:1f:30:c4:3d:8b:ad:b0:1d:04:93:ed: + 5f:d5:e4:bf:20:30:04:f4:48:e9:33:01:d1:2e:90:27:52:b3: + 9b:de:3a:1c:ab:a9:97:7f:9b:eb:c2:8d:c2:6d:ec:dc:13:d3: + 46:c5:79:7c + +ANX Network CA by DST +===================== +MD5 Fingerprint: A8:ED:DE:EB:93:88:66:D8:2F:C3:BD:1D:BE:45:BE:4D +PEM Data: +-----BEGIN CERTIFICATE----- +MIIDTTCCAragAwIBAgIENm6ibzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV +UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMR0wGwYDVQQL +ExREU1QgKEFOWCBOZXR3b3JrKSBDQTAeFw05ODEyMDkxNTQ2NDhaFw0xODEyMDkx +NjE2NDhaMFIxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy +ZSBUcnVzdCBDby4xHTAbBgNVBAsTFERTVCAoQU5YIE5ldHdvcmspIENBMIGdMA0G +CSqGSIb3DQEBAQUAA4GLADCBhwKBgQC0SBGAWKDVpZkP9jcsRLZu0XzzKmueEbaI +IwRccSWeahJ3EW6/aDllqPay9qIYsokVoGe3eowiSGv2hDQftsr3G3LL8ltI04ce +InYTBLSsbJZ/5w4IyTJRMC3VgOghZ7rzXggkLAdZnZAa7kbJtaQelrRBkdR/0o04 +JrBvQ24JfQIBA6OCATAwggEsMBEGCWCGSAGG+EIBAQQEAwIABzB0BgNVHR8EbTBr +MGmgZ6BlpGMwYTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0 +dXJlIFRydXN0IENvLjEdMBsGA1UECxMURFNUIChBTlggTmV0d29yaykgQ0ExDTAL +BgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxNTQ2NDhagQ8yMDE4MTIw +OTE1NDY0OFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFIwWVXDMFgpTZMKlhKqz +ZBdDP4I2MB0GA1UdDgQWBBSMFlVwzBYKU2TCpYSqs2QXQz+CNjAMBgNVHRMEBTAD +AQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GB +AEklyWCxDF+pORDTxTRVfc95wynr3vnCQPnoVsXwL+z02exIUbhjOF6TbhiWhbnK +UJykuOpmJmiThW9vTHHQvnoLPDG5975pnhDX0UDorBZxq66rOOFwscqSFuBdhaYY +gAYAnOGmGEJRp2hoWe8mlF+tMQz+KR4XAYQ3W+gSMqNd +-----END CERTIFICATE----- +Certificate Ingredients: + Data: + Version: 3 (0x2) + Serial Number: 913220207 (0x366ea26f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA + Validity + Not Before: Dec 9 15:46:48 1998 GMT + Not After : Dec 9 16:16:48 2018 GMT + Subject: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b4:48:11:80:58:a0:d5:a5:99:0f:f6:37:2c:44: + b6:6e:d1:7c:f3:2a:6b:9e:11:b6:88:23:04:5c:71: + 25:9e:6a:12:77:11:6e:bf:68:39:65:a8:f6:b2:f6: + a2:18:b2:89:15:a0:67:b7:7a:8c:22:48:6b:f6:84: + 34:1f:b6:ca:f7:1b:72:cb:f2:5b:48:d3:87:1e:22: + 76:13:04:b4:ac:6c:96:7f:e7:0e:08:c9:32:51:30: + 2d:d5:80:e8:21:67:ba:f3:5e:08:24:2c:07:59:9d: + 90:1a:ee:46:c9:b5:a4:1e:96:b4:41:91:d4:7f:d2: + 8d:38:26:b0:6f:43:6e:09:7d + Exponent: 3 (0x3) + X509v3 extensions: + Netscape Cert Type: + SSL CA, S/MIME CA, Object Signing CA + X509v3 CRL Distribution Points: + DirName:/C=US/O=Digital Signature Trust Co./OU=DST (ANX Network) CA/CN=CRL1 + + X509v3 Private Key Usage Period: + Not Before: Dec 9 15:46:48 1998 GMT, Not After: Dec 9 15:46:48 2018 GMT + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Authority Key Identifier: + keyid:8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36 + + X509v3 Subject Key Identifier: + 8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36 + X509v3 Basic Constraints: + CA:TRUE + 1.2.840.113533.7.65.0: + 0 +..V4.0.... + Signature Algorithm: sha1WithRSAEncryption + 49:25:c9:60:b1:0c:5f:a9:39:10:d3:c5:34:55:7d:cf:79:c3: + 29:eb:de:f9:c2:40:f9:e8:56:c5:f0:2f:ec:f4:d9:ec:48:51: + b8:63:38:5e:93:6e:18:96:85:b9:ca:50:9c:a4:b8:ea:66:26: + 68:93:85:6f:6f:4c:71:d0:be:7a:0b:3c:31:b9:f7:be:69:9e: + 10:d7:d1:40:e8:ac:16:71:ab:ae:ab:38:e1:70:b1:ca:92:16: + e0:5d:85:a6:18:80:06:00:9c:e1:a6:18:42:51:a7:68:68:59: + ef:26:94:5f:ad:31:0c:fe:29:1e:17:01:84:37:5b:e8:12:32: + a3:5d + +American Express CA +=================== +MD5 Fingerprint: 1C:D5:8E:82:BE:70:55:8E:39:61:DF:AD:51:DB:6B:A0 +PEM Data: +-----BEGIN CERTIFICATE----- +MIICkDCCAfkCAgCNMA0GCSqGSIb3DQEBBAUAMIGPMQswCQYDVQQGEwJVUzEnMCUG +A1UEChMeQW1lcmljYW4gRXhwcmVzcyBDb21wYW55LCBJbmMuMSYwJAYDVQQLEx1B +bWVyaWNhbiBFeHByZXNzIFRlY2hub2xvZ2llczEvMC0GA1UEAxMmQW1lcmljYW4g +RXhwcmVzcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgwODE0MjIwMTAwWhcN +MDYwODE0MjM1OTAwWjCBjzELMAkGA1UEBhMCVVMxJzAlBgNVBAoTHkFtZXJpY2Fu +IEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1lcmljYW4gRXhwcmVz +cyBUZWNobm9sb2dpZXMxLzAtBgNVBAMTJkFtZXJpY2FuIEV4cHJlc3MgQ2VydGlm +aWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ8kmS +hcr9FSm1BrZE7PyIo/KGzv8UTyQckvnCI8HOQ99dNMi4FOzVKnCRSZXXVs2U8amT +0Ggi3E19oApyKkfqJfCFAF82VGHPC/k3Wmed6R/pZD9wlWGn0DAC3iYopGYDBOkw ++48zB/lvYYeictvzaHhjZlmpybdm4RWySDYs+QIDAQABMA0GCSqGSIb3DQEBBAUA +A4GBAGgXYrhzi0xs60qlPqvlnS7SzYoHV/PGWZd2Fxf4Uo4nk9hY2Chs9KIEeorC +diSxArTfKPL386infiNIYYj0EWiuJl32oUtTJWrYKhQCDuCHIG6eGVxzkAsj4jGX +Iz/VIqLTBnvaN/XXtUFEF3pFAtmFRWbWjsfwegyZYiJpW+3S +-----END CERTIFICATE----- +Certificate Ingredients: + Data: + Version: 1 (0x0) + Serial Number: 141 (0x8d) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority + Validity + Not Before: Aug 14 22:01:00 1998 GMT + Not After : Aug 14 23:59:00 2006 GMT + Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c9:f2:49:92:85:ca:fd:15:29:b5:06:b6:44:ec: + fc:88:a3:f2:86:ce:ff:14:4f:24:1c:92:f9:c2:23: + c1:ce:43:df:5d:34:c8:b8:14:ec:d5:2a:70:91:49: + 95:d7:56:cd:94:f1:a9:93:d0:68:22:dc:4d:7d:a0: + 0a:72:2a:47:ea:25:f0:85:00:5f:36:54:61:cf:0b: + f9:37:5a:67:9d:e9:1f:e9:64:3f:70:95:61:a7:d0: + 30:02:de:26:28:a4:66:03:04:e9:30:fb:8f:33:07: + f9:6f:61:87:a2:72:db:f3:68:78:63:66:59:a9:c9: + b7:66:e1:15:b2:48:36:2c:f9 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 68:17:62:b8:73:8b:4c:6c:eb:4a:a5:3e:ab:e5:9d:2e:d2:cd: + 8a:07:57:f3:c6:59:97:76:17:17:f8:52:8e:27:93:d8:58:d8: + 28:6c:f4:a2:04:7a:8a:c2:76:24:b1:02:b4:df:28:f2:f7:f3: + a8:a7:7e:23:48:61:88:f4:11:68:ae:26:5d:f6:a1:4b:53:25: + 6a:d8:2a:14:02:0e:e0:87:20:6e:9e:19:5c:73:90:0b:23:e2: + 31:97:23:3f:d5:22:a2:d3:06:7b:da:37:f5:d7:b5:41:44:17: + 7a:45:02:d9:85:45:66:d6:8e:c7:f0:7a:0c:99:62:22:69:5b: + ed:d2 + +American Express Global CA +========================== +MD5 Fingerprint: 63:1B:66:93:8C:F3:66:CB:3C:79:57:DC:05:49:EA:DB +PEM Data: +-----BEGIN CERTIFICATE----- +MIIEBDCCAuygAwIBAgICAIUwDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNVBAYTAlVT +MScwJQYDVQQKEx5BbWVyaWNhbiBFeHByZXNzIENvbXBhbnksIEluYy4xJjAkBgNV +BAsTHUFtZXJpY2FuIEV4cHJlc3MgVGVjaG5vbG9naWVzMTYwNAYDVQQDEy1BbWVy +aWNhbiBFeHByZXNzIEdsb2JhbCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgw +ODE0MTkwNjAwWhcNMTMwODE0MjM1OTAwWjCBljELMAkGA1UEBhMCVVMxJzAlBgNV +BAoTHkFtZXJpY2FuIEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1l +cmljYW4gRXhwcmVzcyBUZWNobm9sb2dpZXMxNjA0BgNVBAMTLUFtZXJpY2FuIEV4 +cHJlc3MgR2xvYmFsIENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAPAkJmYu++tKc3FTiUfLJjxTkpRMysKFtQ34w1e9 +Lyofahi3V68MABb6oLaQpvcaoS5mJsdoo4qTaWa1RlYtHYLqkAwKIsKJUI0F89Sr +c0HwzxKsKLRvFJSWWUuekHWG3+JH6+HpT0N+h8onGGaetcFAZX38YW+tm3LPqV7Y +8/nabpEQ+ky16n4g3qk5L/WI5IpvNcYgnCuGRjMK/DFVpWusFkDpzTVZbzIEw3u1 +D3t3cPNIuypSgs6vKW3xEW9t5gcAAe+a8yYNpnkTZ6/4qxx1rJG1a75AsN6cDLFp +hRlxkRNFyt/R/eayypaDedvFuKpbepALeFY+xteflEgR9a0CAwEAAaNaMFgwEgYD +VR0TAQH/BAgwBgEB/wIBBTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgoq +hkiG+Q8KAQUBMBkGA1UdDgQSBBBXRzV7NicRqAj8L0Yl6yRpMA0GCSqGSIb3DQEB +BQUAA4IBAQDHYUWoinG5vjTpIXshzVYTmNUwY+kYqkuSFb8LHbvskmnFLsNhi+gw +RcsQRsFzOFyLGdIr80DrfHKzLh4n43WVihybLsSVBYZy0FX0oZJSeVzb9Pjc5dcS +sUDHPIbkMWVKyjfG3nZXGWlMRmn8Kq0WN3qTrPchSy3766lQy8HRQAjaA2mHpzde +VcHF7cTjjgwml5tcV0ty4/IDBdACOyYDQJCevgtbSQx48dVMVSng9v1MA6lUAjLR +V1qFrEPtWzsWX6C/NdtLnnvo/+cNPDuom0lBRvVzTv+SZSGDE1Vx60k8f4gawhIo +JaFGS0E3l3/sjvHUoZbCILZerakcHhGg +-----END CERTIFICATE----- +Certificate Ingredients: + Data: + Version: 3 (0x2) + Serial Number: 133 (0x85) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority + Validity + Not Before: Aug 14 19:06:00 1998 GMT + Not After : Aug 14 23:59:00 2013 GMT + Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:f0:24:26:66:2e:fb:eb:4a:73:71:53:89:47:cb: + 26:3c:53:92:94:4c:ca:c2:85:b5:0d:f8:c3:57:bd: + 2f:2a:1f:6a:18:b7:57:af:0c:00:16:fa:a0:b6:90: + a6:f7:1a:a1:2e:66:26:c7:68:a3:8a:93:69:66:b5: + 46:56:2d:1d:82:ea:90:0c:0a:22:c2:89:50:8d:05: + f3:d4:ab:73:41:f0:cf:12:ac:28:b4:6f:14:94:96: + 59:4b:9e:90:75:86:df:e2:47:eb:e1:e9:4f:43:7e: + 87:ca:27:18:66:9e:b5:c1:40:65:7d:fc:61:6f:ad: + 9b:72:cf:a9:5e:d8:f3:f9:da:6e:91:10:fa:4c:b5: + ea:7e:20:de:a9:39:2f:f5:88:e4:8a:6f:35:c6:20: + 9c:2b:86:46:33:0a:fc:31:55:a5:6b:ac:16:40:e9: + cd:35:59:6f:32:04:c3:7b:b5:0f:7b:77:70:f3:48: + bb:2a:52:82:ce:af:29:6d:f1:11:6f:6d:e6:07:00: + 01:ef:9a:f3:26:0d:a6:79:13:67:af:f8:ab:1c:75: + ac:91:b5:6b:be:40:b0:de:9c:0c:b1:69:85:19:71: + 91:13:45:ca:df:d1:fd:e6:b2:ca:96:83:79:db:c5: + b8:aa:5b:7a:90:0b:78:56:3e:c6:d7:9f:94:48:11: + f5:ad + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:5 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: 1.2.840.113807.10.1.5.1 + + X509v3 Subject Key Identifier: + 57:47:35:7B:36:27:11:A8:08:FC:2F:46:25:EB:24:69 + Signature Algorithm: sha1WithRSAEncryption + c7:61:45:a8:8a:71:b9:be:34:e9:21:7b:21:cd:56:13:98:d5: + 30:63:e9:18:aa:4b:92:15:bf:0b:1d:bb:ec:92:69:c5:2e:c3: + 61:8b:e8:30:45:cb:10:46:c1:73:38:5c:8b:19:d2:2b:f3:40: + eb:7c:72:b3:2e:1e:27:e3:75:95:8a:1c:9b:2e:c4:95:05:86: + 72:d0:55:f4:a1:92:52:79:5c:db:f4:f8:dc:e5:d7:12:b1:40: + c7:3c:86:e4:31:65:4a:ca:37:c6:de:76:57:19:69:4c:46:69: + fc:2a:ad:16:37:7a:93:ac:f7:21:4b:2d:fb:eb:a9:50:cb:c1: + d1:40:08:da:03:69:87:a7:37:5e:55:c1:c5:ed:c4:e3:8e:0c: + 26:97:9b:5c:57:4b:72:e3:f2:03:05:d0:02:3b:26:03:40:90: + 9e:be:0b:5b:49:0c:78:f1:d5:4c:55:29:e0:f6:fd:4c:03:a9: + 54:02:32:d1:57:5a:85:ac:43:ed:5b:3b:16:5f:a0:bf:35:db: + 4b:9e:7b:e8:ff:e7:0d:3c:3b:a8:9b:49:41:46:f5:73:4e:ff: + 92:65:21:83:13:55:71:eb:49:3c:7f:88:1a:c2:12:28:25:a1: + 46:4b:41:37:97:7f:ec:8e:f1:d4:a1:96:c2:20:b6:5e:ad:a9: + 1c:1e:11:a0 + +BelSign Object Publishing CA +============================ +MD5 Fingerprint: 8A:02:F8:DF:B8:E1:84:9F:5A:C2:60:24:65:D1:73:FB +PEM Data: +-----BEGIN CERTIFICATE----- +MIIDAzCCAmygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBuzELMAkGA1UEBhMCQkUx +ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQL +Ey9CZWxTaWduIE9iamVjdCBQdWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0 +eTElMCMGA1UEAxMcQmVsU2lnbiBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqG +SIb3DQEJARYUd2VibWFzdGVyQGJlbHNpZ24uYmUwHhcNOTcwOTE5MjIwMzAwWhcN +MDcwOTE5MjIwMzAwWjCBuzELMAkGA1UEBhMCQkUxETAPBgNVBAcTCEJydXNzZWxz +MRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQLEy9CZWxTaWduIE9iamVjdCBQ +dWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0eTElMCMGA1UEAxMcQmVsU2ln +biBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqGSIb3DQEJARYUd2VibWFzdGVy +QGJlbHNpZ24uYmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMQuH7a/7oJA +3fm3LkHVngWxWtAmfGJVA5v8y2HeS+/+6Jn+h7mIz5DaDwk8dt8Xl7bLPyVF/bS8 +WAC+sFq2FIeP7mdkrR2Ig7tnn2VhAFgIgFCfgMkx9iqQHC33SmwQ9iNDXTgJYIhX +As0WbBj8zfuSKnfQnpOjXYhk0Mj4XVRRAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQE +AwIABzANBgkqhkiG9w0BAQQFAAOBgQBjdhd8lvBTpV0BHFPOKcJ+daxMDaIIc7Rq +Mf0CBhSZ3FQEpL/IloafMUMyJVf2hfYluze+oXkjyVcGJXFrRU/49AJAFoIir1Tq +Mij2De6ZuksIUQ9uhiMhTC0liIHELg7xEyw4ipUCJMM6lWPkk45IuwhHcl+u5jpa +R9Zxxp6aUg== +-----END CERTIFICATE----- +Certificate Ingredients: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster@belsign.be + Validity + Not Before: Sep 19 22:03:00 1997 GMT + Not After : Sep 19 22:03:00 2007 GMT + Subject: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster@belsign.be + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c4:2e:1f:b6:bf:ee:82:40:dd:f9:b7:2e:41:d5: + 9e:05:b1:5a:d0:26:7c:62:55:03:9b:fc:cb:61:de: + 4b:ef:fe:e8:99:fe:87:b9:88:cf:90:da:0f:09:3c: + 76:df:17:97:b6:cb:3f:25:45:fd:b4:bc:58:00:be: + b0:5a:b6:14:87:8f:ee:67:64:ad:1d:88:83:bb:67: + 9f:65:61:00:58:08:80:50:9f:80:c9:31:f6:2a:90: + 1c:2d:f7:4a:6c:10:f6:23:43:5d:38:09:60:88:57: + 02:cd:16:6c:18:fc:cd:fb:92:2a:77:d0:9e:93:a3: + 5d:88:64:d0:c8:f8:5d:54:51 + Exponent: 65537 (0x10001) + X509v3 extensions: + Netscape Cert Type: + SSL CA, S/MIME CA, Object Signing CA + Signature Algorithm: md5WithRSAEncryption + 63:76:17:7c:96:f0:53:a5:5d:01:1c:53:ce:29:c2:7e:75:ac: + 4c:0d:a2:08:73:b4:6a:31:fd:02:06:14:99:dc:54:04:a4:bf: + c8:96:86:9f:31:43:32:25:57:f6:85:f6:25:bb:37:be:a1:79: + 23:c9:57:06:25:71:6b:45:4f:f8:f4:02:40:16:82:22:af:54: + ea:32:28:f6:0d:ee:99:ba:4b:08:51:0f:6e:86:23:21:4c:2d: + 25:88:81:c4:2e:0e:f1:13:2c:38:8a:95:02:24:c3:3a:95:63: + e4:93:8e:48:bb:08:47:72:5f:ae:e6:3a:5a:47:d6:71:c6:9e: + 9a:52 + +BelSign Secure Server CA +======================== +MD5 Fingerprint: 3D:5E:82:C6:D9:AD:D9:8B:93:6B:0C:10:B9:49:0A:B1 +PEM Data: +-----BEGIN CERTIFICATE----- +MIIC8zCCAlygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBszELMAkGA1UEBhMCQkUx +ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTQwMgYDVQQL +EytCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSEw +HwYDVQQDExhCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ0ExIzAhBgkqhkiG9w0BCQEW +FHdlYm1hc3RlckBiZWxzaWduLmJlMB4XDTk3MDcxNjIyMDA1NFoXDTA3MDcxNjIy +MDA1NFowgbMxCzAJBgNVBAYTAkJFMREwDwYDVQQHEwhCcnVzc2VsczETMBEGA1UE +ChMKQmVsU2lnbiBOVjE0MDIGA1UECxMrQmVsU2lnbiBTZWN1cmUgU2VydmVyIENl +cnRpZmljYXRlIEF1dGhvcml0eTEhMB8GA1UEAxMYQmVsU2lnbiBTZWN1cmUgU2Vy +dmVyIENBMSMwIQYJKoZIhvcNAQkBFhR3ZWJtYXN0ZXJAYmVsc2lnbi5iZTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gESeJL4BEJ/yccig/x8R3AwK0kLPjZA +kCjaIXODU/LE0RZAwFP/rqbGJLMnbaWzPTl3XagG9ubpvGMRTgZlcAqdk/miQIt/ +SoQOjRax1swIZBIM4ChLyKWEkBf7EUYu1qeFGMsYrmOasFgG9ADP+MQJGjUMofnu +Sv1t3v4mpTsCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgCgMA0GCSqGSIb3DQEB +BAUAA4GBAGw9mcMF4h3K5S2qaIWLQDEgZhNo5lg6idCNdbLFYth9go/32TKBd/Y1 +W4UpzmeyubwrGXjP84f9RvGVdbIJVwMwwXrNckdxgMp9ncllPEcRIn36BwsoeKGT +6AVFSOIyMko96FMcELfHc4wHUOH5yStTQfWDjeUJOUqOA2KqQGOL +-----END CERTIFICATE----- diff --git a/debian/perl-framework/t/conf/ssl/httpd-passphrase.pl.PL b/debian/perl-framework/t/conf/ssl/httpd-passphrase.pl.PL new file mode 100644 index 0000000..36eba94 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/httpd-passphrase.pl.PL @@ -0,0 +1,2 @@ +#for testing SSLPassPhraseDialog exec:@ServerRoot@/conf/ssl/httpd-passphrase.pl +print "httpd\n"; diff --git a/debian/perl-framework/t/conf/ssl/proxyssl.conf.in b/debian/perl-framework/t/conf/ssl/proxyssl.conf.in new file mode 100644 index 0000000..3c86c13 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/proxyssl.conf.in @@ -0,0 +1,124 @@ + + + + + #here we can test http <-> https + + #these are not on by default in the 1.x based mod_ssl + + SSLProxyEngine On + + SSLProxyProtocol All + SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyCACertificatePath @ServerRoot@/conf/ssl + SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + = 2.3.15> + SSLProxyCARevocationCheck chain + + SSLProxyVerify on + SSLProxyVerifyDepth 10 + + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + + + + #here we can test https <-> https + + SSLEngine on + + #these are not on by default in the 1.x based mod_ssl + + SSLProxyEngine On + # ensure that client_ok.pem is picked first: + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyVerify on + SSLProxyCARevocationPath @SSLCA@/asf/crl + = 2.3.15> + SSLProxyCARevocationCheck chain + + + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + + + #here we can test http <-> https using SSLProxyMachine* inside + + #these are not on by default in the 1.x based mod_ssl + + SSLProxyEngine On + + SSLProxyProtocol All + SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyCACertificatePath @ServerRoot@/conf/ssl + SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + = 2.3.15> + SSLProxyCARevocationCheck chain + + SSLProxyVerify on + SSLProxyVerifyDepth 10 + + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + + + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + + + + + + #here we can test https <-> https using SSLProxyMachine* inside + + SSLEngine on + + #these are not on by default in the 1.x based mod_ssl + + SSLProxyEngine On + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyVerify on + SSLProxyCARevocationPath @SSLCA@/asf/crl + = 2.3.15> + SSLProxyCARevocationCheck chain + + + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + + + # ensure that client_ok.pem is picked first: + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + + + + + #here we can test https <-> http + + SSLEngine on + + ProxyPass / http://@servername@:@port@/ + ProxyPassReverse / http://@servername@:@port@/ + + + + + diff --git a/debian/perl-framework/t/conf/ssl/ssl.conf.in b/debian/perl-framework/t/conf/ssl/ssl.conf.in new file mode 100644 index 0000000..6fadf33 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/ssl.conf.in @@ -0,0 +1,289 @@ +#test config derived from httpd-2.0/docs/conf/ssl-std.conf -*- text -*- + + + #base config that can be used by any SSL enabled VirtualHosts + AddType application/x-x509-ca-cert .crt + AddType application/x-pkcs7-crl .crl + + + SSLSessionCache ${SSL_SESSCACHE} + + + SSLSessionCache none + + + + #SSLMutex file:@ServerRoot@/logs/ssl_mutex + + = 2.3.4> + # mutex created automatically + # config needed only if file-based mutexes are used and + # default lock file dir is inappropriate + # Mutex file:/path/to/lockdir ssl-cache + + + SSLRandomSeed startup builtin + SSLRandomSeed connect builtin + #SSLRandomSeed startup file:/dev/random 512 + #SSLRandomSeed startup file:/dev/urandom 512 + #SSLRandomSeed connect file:/dev/random 512 + #SSLRandomSeed connect file:/dev/urandom 512 + + SSLProtocol @sslproto@ + + + LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b" ssl + CustomLog logs/ssl_request_log ssl + + + SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + + SSLPassPhraseDialog exec:@ServerRoot@/conf/ssl/httpd-passphrase.pl + + #else the default is builtin + + SSLPassPhraseDialog builtin + + + + SSLCertificateFile @SSLCA@/asf/certs/server_des3.crt + + SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3.pem + +# SSLCertificateFile @SSLCA@/asf/certs/server_des3_dsa.crt + +# SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3_dsa.pem + + #else the default is an unencrypted key + + SSLCertificateFile @SSLCA@/asf/certs/server.crt + + SSLCertificateKeyFile @SSLCA@/asf/keys/server.pem + +# SSLCertificateFile @SSLCA@/asf/certs/server_dsa.crt + +# SSLCertificateKeyFile @SSLCA@/asf/keys/server_dsa.pem + + + #SSLCertificateChainFile @SSLCA@/asf/certs/cachain.crt + + SSLCACertificateFile @SSLCA@/asf/certs/ca.crt + + SSLCACertificatePath @ServerRoot@/conf/ssl + + SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + = 2.3.15> + SSLCARevocationCheck chain + + + + SSLEngine on + + #t/ssl/verify.t + Alias /verify @DocumentRoot@ + + + SSLVerifyClient require + SSLVerifyDepth 10 + + + # t/ssl/pha.t + + SSLVerifyClient require + SSLVerifyDepth 10 + + SSLRenegBufferSize 10 + + Alias /require/small @DocumentRoot@/modules/cgi + + #t/ssl/require.t + Alias /require/asf @DocumentRoot@ + Alias /require/snakeoil @DocumentRoot@ + Alias /require/certext @DocumentRoot@ + Alias /require/strcmp @DocumentRoot@ + Alias /require/intcmp @DocumentRoot@ + Alias /ssl-fakebasicauth @DocumentRoot@ + Alias /ssl-fakebasicauth2 @DocumentRoot@ + Alias /ssl-cgi @DocumentRoot@/modules/cgi + Alias /require-ssl-cgi @DocumentRoot@/modules/cgi + + Alias /require-aes128-cgi @DocumentRoot@/modules/cgi + Alias /require-aes256-cgi @DocumentRoot@/modules/cgi + + + SSLVerifyClient require + SSLVerifyDepth 10 + SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ + and %{SSL_CLIENT_S_DN_O} eq "ASF" \ + and %{SSL_CLIENT_S_DN_OU} in \ + {"httpd-test", "httpd", "modperl"} ) + + + + SSLVerifyClient require + SSLVerifyDepth 10 + SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ + and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ + and %{SSL_CLIENT_S_DN_OU} in \ + {"Staff", "CA", "Dev"} ) + + + + SSLVerifyClient require + 2.3.0> + SSLRequire "Lemons" in PeerExtList("1.3.6.1.4.1.18060.12.0") + + + 2.1.6> + SSLRequire "Lemons" in OID("1.3.6.1.4.1.18060.12.0") + + + + + + SSLRequire "a" < "b" + SSLRequire "a" lt "b" + + + + SSLRequire 2 < 10 + SSLRequire 2 lt 10 + + + + SSLOptions +StdEnvVars + + + + SSLOptions +StdEnvVars + SSLVerifyClient require + SSLVerifyDepth 10 + + + + SSLCipherSuite AES128-SHA + + + + SSLCipherSuite AES256-SHA + + + + + SSLVerifyClient require + SSLVerifyDepth 5 + SSLOptions +FakeBasicAuth + AuthName "Snake Oil Authentication" + AuthType Basic + AuthUserFile @SSLCA@/asf/ssl.htpasswd + require valid-user + + + + # specific to 2.1 + + + + SSLVerifyClient require + SSLOptions +FakeBasicAuth +StdEnvVars + AuthName "Snake Oil Authentication" + AuthType Basic + AuthBasicProvider anon + Anonymous dummy "*" + require valid-user + + + + + ## + ## mod_h2 test config + ## + + LogLevel h2:debug + + + + + Options +ExecCGI + AddHandler cgi-script .pl + + + + + SSLOptions +StdEnvVars + + + RewriteEngine on + RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC] + + + + + # An SSL vhost which does optional ccert checks at vhost level, to + # check for CVE CAN-2005-2700. + + + SSLEngine on + + SSLVerifyClient optional + + Alias /require/any @DocumentRoot@ + Alias /require/none @DocumentRoot@ + + + SSLVerifyClient require + SSLVerifyDepth 10 + + + + # An SSL vhost which can be used to trigger PR 33791 + + + SSLEngine On + + ErrorDocument 400 /index.html + + + SSLVerifyClient require + + + + # For t/ssl/ocsp.t -- + + SetEnv SSL_CA_ROOT @sslca@/asf + + Alias /modules/ssl/ocsp @DocumentRoot@/modules/cgi/ocsp.pl + + + SSLEngine on + + # SSLOCSPResponderCertificateFile is available from 2.4.26 + = 2.4.26> + SSLVerifyClient on + + SSLOCSPEnable on + SSLOCSPDefaultResponder http://@SERVERNAME@:@PORT@/modules/ssl/ocsp + SSLOCSPResponderCertificateFile @SSLCA@/asf/certs/server.crt + + # Ignore CRL check results + SSLCARevocationCheck none + + + + # For t/ssl/pr43738.t: + + Action application/x-pf-action /modules/cgi/action.pl + + AddType application/x-pf-action .pfa + + + + SSLCipherSuite AES128-SHA + + + + SSLCipherSuite AES256-SHA + + + diff --git a/debian/perl-framework/t/conf/vhost_alias.conf.in b/debian/perl-framework/t/conf/vhost_alias.conf.in new file mode 100644 index 0000000..1173886 --- /dev/null +++ b/debian/perl-framework/t/conf/vhost_alias.conf.in @@ -0,0 +1,9 @@ + + + + UseCanonicalName Off + VirtualDocumentRoot @SERVERROOT@/htdocs/modules/vhost_alias/%2/%1.4/%-2/%2+ + VirtualScriptAlias @SERVERROOT@/htdocs/modules/vhost_alias/%0 + + + -- cgit v1.2.3