web/SOURCES/httpd-2.4.6-r1825120.patch

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 57b76c0..814ec4f 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1522,70 +1522,18 @@ void ssl_init_CheckServers(SSLModConfigRec *mc, server_rec *base_server, apr_poo
     }
 }
 
-static int ssl_init_FindCAList_X509NameCmp(const X509_NAME * const *a,
-                                           const X509_NAME * const *b)
-{
-    return(X509_NAME_cmp(*a, *b));
-}
-
-static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list,
-                                server_rec *s, apr_pool_t *ptemp,
-                                const char *file)
-{
-    int n;
-    STACK_OF(X509_NAME) *sk;
-
-    sk = (STACK_OF(X509_NAME) *)
-             SSL_load_client_CA_file(file);
-
-    if (!sk) {
-        return;
-    }
-
-    for (n = 0; n < sk_X509_NAME_num(sk); n++) {
-        X509_NAME *name = sk_X509_NAME_value(sk, n);
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02209)
-                     "CA certificate: %s",
-                     SSL_X509_NAME_to_string(ptemp, name, 0));
-
-        /*
-         * note that SSL_load_client_CA_file() checks for duplicates,
-         * but since we call it multiple times when reading a directory
-         * we must also check for duplicates ourselves.
-         */
-
-        if (sk_X509_NAME_find(ca_list, name) < 0) {
-            /* this will be freed when ca_list is */
-            sk_X509_NAME_push(ca_list, name);
-        }
-        else {
-            /* need to free this ourselves, else it will leak */
-            X509_NAME_free(name);
-        }
-    }
-
-    sk_X509_NAME_free(sk);
-}
-
 STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s,
                                          apr_pool_t *ptemp,
                                          const char *ca_file,
                                          const char *ca_path)
 {
-    STACK_OF(X509_NAME) *ca_list;
-
-    /*
-     * Start with a empty stack/list where new
-     * entries get added in sorted order.
-     */
-    ca_list = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp);
+    STACK_OF(X509_NAME) *ca_list = sk_X509_NAME_new_null();;
 
     /*
      * Process CA certificate bundle file
      */
     if (ca_file) {
-        ssl_init_PushCAList(ca_list, s, ptemp, ca_file);
+        SSL_add_file_cert_subjects_to_stack(ca_list, ca_file);
         /*
          * If ca_list is still empty after trying to load ca_file
          * then the file failed to load, and users should hear about that.
@@ -1619,17 +1567,12 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s,
                 continue; /* don't try to load directories */
             }
             file = apr_pstrcat(ptemp, ca_path, "/", direntry.name, NULL);
-            ssl_init_PushCAList(ca_list, s, ptemp, file);
+            SSL_add_file_cert_subjects_to_stack(ca_list, file);
         }
 
         apr_dir_close(dir);
     }
 
-    /*
-     * Cleanup
-     */
-    (void) sk_X509_NAME_set_cmp_func(ca_list, NULL);
-
     return ca_list;
 }
httpd package update Signed-off-by: webbuilder_pel7ppc64lebuilder0 <webbuilder@powerel.org> 5 years ago			`diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c`
			`index 57b76c0..814ec4f 100644`
			`--- a/modules/ssl/ssl_engine_init.c`
			`+++ b/modules/ssl/ssl_engine_init.c`
			`@@ -1522,70 +1522,18 @@ void ssl_init_CheckServers(SSLModConfigRec mc, server_rec base_server, apr_poo`
			`}`
			`}`

			`-static int ssl_init_FindCAList_X509NameCmp(const X509_NAME * const *a,`
			`- const X509_NAME * const *b)`
			`-{`
			`- return(X509_NAME_cmp(a, b));`
			`-}`
			`-`
			`-static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list,`
			`- server_rec s, apr_pool_t ptemp,`
			`- const char *file)`
			`-{`
			`- int n;`
			`- STACK_OF(X509_NAME) *sk;`
			`-`
			`- sk = (STACK_OF(X509_NAME) *)`
			`- SSL_load_client_CA_file(file);`
			`-`
			`- if (!sk) {`
			`- return;`
			`- }`
			`-`
			`- for (n = 0; n < sk_X509_NAME_num(sk); n++) {`
			`- X509_NAME *name = sk_X509_NAME_value(sk, n);`
			`-`
			`- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02209)`
			`- "CA certificate: %s",`
			`- SSL_X509_NAME_to_string(ptemp, name, 0));`
			`-`
			`- /*`
			`- * note that SSL_load_client_CA_file() checks for duplicates,`
			`- * but since we call it multiple times when reading a directory`
			`- * we must also check for duplicates ourselves.`
			`- */`
			`-`
			`- if (sk_X509_NAME_find(ca_list, name) < 0) {`
			`- /* this will be freed when ca_list is */`
			`- sk_X509_NAME_push(ca_list, name);`
			`- }`
			`- else {`
			`- /* need to free this ourselves, else it will leak */`
			`- X509_NAME_free(name);`
			`- }`
			`- }`
			`-`
			`- sk_X509_NAME_free(sk);`
			`-}`
			`-`
			`STACK_OF(X509_NAME) ssl_init_FindCAList(server_rec s,`
			`apr_pool_t *ptemp,`
			`const char *ca_file,`
			`const char *ca_path)`
			`{`
			`- STACK_OF(X509_NAME) *ca_list;`
			`-`
			`- /*`
			`- * Start with a empty stack/list where new`
			`- * entries get added in sorted order.`
			`- */`
			`- ca_list = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp);`
			`+ STACK_OF(X509_NAME) *ca_list = sk_X509_NAME_new_null();;`

			`/*`
			`* Process CA certificate bundle file`
			`*/`
			`if (ca_file) {`
			`- ssl_init_PushCAList(ca_list, s, ptemp, ca_file);`
			`+ SSL_add_file_cert_subjects_to_stack(ca_list, ca_file);`
			`/*`
			`* If ca_list is still empty after trying to load ca_file`
			`* then the file failed to load, and users should hear about that.`
			`@@ -1619,17 +1567,12 @@ STACK_OF(X509_NAME) ssl_init_FindCAList(server_rec s,`
			`continue; /* don't try to load directories */`
			`}`
			`file = apr_pstrcat(ptemp, ca_path, "/", direntry.name, NULL);`
			`- ssl_init_PushCAList(ca_list, s, ptemp, file);`
			`+ SSL_add_file_cert_subjects_to_stack(ca_list, file);`
			`}`

			`apr_dir_close(dir);`
			`}`

			`- /*`
			`- * Cleanup`
			`- */`
			`- (void) sk_X509_NAME_set_cmp_func(ca_list, NULL);`
			`-`
			`return ca_list;`
			`}`