A new user interface for you! Read more...

File httpd-2.4.10-engine.patch of Package Apache2

diff -ur httpd-2.4.10/modules/ssl/mod_ssl.c httpd-2.4.10_patched/modules/ssl/mod_ssl.c
--- httpd-2.4.10/modules/ssl/mod_ssl.c	2015-10-20 08:31:37.368224731 +0200
+++ httpd-2.4.10_patched/modules/ssl/mod_ssl.c	2015-10-20 08:57:00.036564346 +0200
@@ -333,6 +333,11 @@
 #endif
     OpenSSL_add_all_algorithms();
     OPENSSL_load_builtin_modules();
+    if (CONF_modules_load_file(NULL, NULL, 0) <= 0) {
+        fprintf(stderr, "FATAL: error loading configuration file\n");
+        ERR_print_errors_fp(stderr);
+        return DECLINED;
+    }
 
     /*
      * Let us cleanup the ssl library when the module is unloaded
diff -ur httpd-2.4.10/modules/ssl/ssl_engine_config.c httpd-2.4.10_patched/modules/ssl/ssl_engine_config.c
--- httpd-2.4.10/modules/ssl/ssl_engine_config.c	2014-07-08 15:14:08.000000000 +0200
+++ httpd-2.4.10_patched/modules/ssl/ssl_engine_config.c	2015-10-20 09:51:28.682659945 +0200
@@ -816,14 +816,33 @@
                                           const char *arg)
 {
     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+    SSLModConfigRec *mc = sc->mc;
     const char *err;
+    const char *file = arg;
 
-    if ((err = ssl_cmd_check_file(cmd, &arg))) {
+    ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_STARTUP, 0, cmd->server,
+                 APLOGNO(02560)
+                 "Check SSLCertificateKeyFile %s", file);
+
+    if ((err = ssl_cmd_check_file(cmd, &arg)) && !mc->szCryptoDevice) {
         return err;
     }
 
-    *(const char **)apr_array_push(sc->server->pks->key_files) =
-        apr_pstrdup(cmd->pool, arg);
+    if(mc->szCryptoDevice) {
+        ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_STARTUP, 0, cmd->server,
+                     APLOGNO(02560)
+                     "Set SSLCertificateKeyFile to %s", file);
+
+        *(const char **)apr_array_push(sc->server->pks->key_files) =
+            apr_pstrdup(cmd->pool, file);
+    } else {
+        ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_STARTUP, 0, cmd->server,
+                     APLOGNO(02560)
+                     "Set SSLCertificateKeyFile to %s", arg);
+
+        *(const char **)apr_array_push(sc->server->pks->key_files) =
+            apr_pstrdup(cmd->pool, arg);
+    }
 
     return NULL;
 }
diff -ur httpd-2.4.10/modules/ssl/ssl_engine_init.c httpd-2.4.10_patched/modules/ssl/ssl_engine_init.c
--- httpd-2.4.10/modules/ssl/ssl_engine_init.c	2014-07-14 14:29:22.000000000 +0200
+++ httpd-2.4.10_patched/modules/ssl/ssl_engine_init.c	2015-10-19 21:35:55.120299612 +0200
@@ -368,7 +368,8 @@
                      "Init: loaded Crypto Device API `%s'",
                      mc->szCryptoDevice);
 
-        ENGINE_free(e);
+        //ENGINE_free(e);
+        mc->e = e;
     }
 
     return APR_SUCCESS;
@@ -994,7 +995,34 @@
 
         ERR_clear_error();
 
-        if ((SSL_CTX_use_PrivateKey_file(mctx->ssl_ctx, keyfile,
+        /* If SSLCryptoDevice is set we try to load the key from the ENGINE */
+        if(access(keyfile, F_OK) != 0 && mc->szCryptoDevice) {
+            EVP_PKEY *pkey;
+
+            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(02570)
+                         "Private key %s is not accessible. Try to load via"
+                         " OpenSSL ENGINE", keyfile);
+
+            pkey = ENGINE_load_private_key(mc->e, keyfile, NULL, NULL);
+            if (!pkey) 
+            {
+                ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(02571)
+                             "Cannot load private key %s from ENGINE",
+                             keyfile);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+                return APR_EGENERAL;
+            }
+
+            if(SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) < 0)
+            {
+                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02570)
+                             "Failed to configure private key %s", keyfile);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+                return APR_EGENERAL;
+            }
+            EVP_PKEY_free(pkey);
+
+        } else if ((SSL_CTX_use_PrivateKey_file(mctx->ssl_ctx, keyfile,
                                          SSL_FILETYPE_PEM) < 1) &&
             (ERR_GET_FUNC(ERR_peek_last_error())
                 != X509_F_X509_CHECK_PRIVATE_KEY)) {
diff -ur httpd-2.4.10/modules/ssl/ssl_private.h httpd-2.4.10_patched/modules/ssl/ssl_private.h
--- httpd-2.4.10/modules/ssl/ssl_private.h	2014-07-12 20:08:09.000000000 +0200
+++ httpd-2.4.10_patched/modules/ssl/ssl_private.h	2015-10-13 15:16:41.403386211 +0200
@@ -492,6 +492,7 @@
 
 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
     const char     *szCryptoDevice;
+    ENGINE         *e;
 #endif
 
 #ifdef HAVE_OCSP_STAPLING