Update to 2.8.14:

  Changes with mod_ssl 2.8.14 (18-Mar-2002 to 21-Mar-2003)

   *) Fixed logic in the destruction of a temporary certificate
      structure and this way avoid a crash due to freeing NULL object.

   *) Removed one newly introduced X509_free() call in the context of
      SSL_get_certificate(), because this function does not increment a
      reference count (although SSL_get_peer_certificate() does).

   *) Fixed hash-table based shared memory session cache (shmht)
      implementation by making sure that the underlying hash table
      library does not crash if memory cannot be allocated.

  Changes with mod_ssl 2.8.13 (23-Oct-2002 to 18-Mar-2003)

   *) Always enforce RSA blinding on RSA private keys in order to be
      resistent to timing attacks.

   *) Added timeout also to the "pre-sucking" of the trailing data in
      POST request handling.

   *) Correctly shutdown shared memory pools on fork+exec situations.

   *) Bugfix SSL client certificate verification: OpenSSL was not
      informed with SSL_set_verify_result(ssl, X509_V_OK) in case
      mod_ssl forced the verification to be ok.

   *) Consistently use OPENSSL_free() instead of plain free() to
      deallocate memory chunks allocated inside OpenSSL.

   *) Fixed various memory leaks related to X509 certificates.

New patch-ac sent to maintainer.

3 files changed, 21 insertions, 8 deletions

diff --git a/www/ap-ssl/Makefile b/www/ap-ssl/Makefile
index 71d6bc1cee5..03c1569d295 100644
--- a/www/ap-ssl/Makefile
+++ b/www/ap-ssl/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.67 2003/03/14 19:37:59 jlam Exp $
+# $NetBSD: Makefile,v 1.68 2003/04/10 08:36:41 wiz Exp $
 
-DISTNAME=		mod_ssl-2.8.12-1.3.27
-PKGNAME=		ap-ssl-2.8.12
-PKGREVISION=		1
+DISTNAME=		mod_ssl-2.8.14-1.3.27
+PKGNAME=		ap-ssl-2.8.14
 CATEGORIES=		www security
 MASTER_SITES=		http://www.modssl.org/source/ \
 			ftp://ftp.pca.dfn.de/pub/tools/net/mod_ssl/source/ \
@@ -14,7 +13,7 @@ COMMENT=		SSL/TLS protocols module for Apache
 
 CONFLICTS=		apache-1.3.[0-9] apache-*modssl-[0-9]* apache6-[0-9]*
 
-BUILDLINK_DEPENDS.apache=	apache>=1.3.27nb1
+BUILDLINK_DEPENDS.apache=	apache>=1.3.27nb4
 
 USE_BUILDLINK2=		YES
 USE_PKGINSTALL=		YES
diff --git a/www/ap-ssl/distinfo b/www/ap-ssl/distinfo
index a427b561a93..40f38a86567 100644
--- a/www/ap-ssl/distinfo
+++ b/www/ap-ssl/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.16 2002/12/03 14:31:32 grant Exp $
+$NetBSD: distinfo,v 1.17 2003/04/10 08:36:41 wiz Exp $
 
-SHA1 (mod_ssl-2.8.12-1.3.27.tar.gz) = 76842c9cb12442d845bfb8e6920da28809da74bd
-Size (mod_ssl-2.8.12-1.3.27.tar.gz) = 753529 bytes
+SHA1 (mod_ssl-2.8.14-1.3.27.tar.gz) = 9a9d783d096fd7312481c03421db56ee73b49546
+Size (mod_ssl-2.8.14-1.3.27.tar.gz) = 754179 bytes
 SHA1 (patch-aa) = 6b66b8d9e8bd03613376dca3b4e0dad3a2e7ed15
 SHA1 (patch-ab) = 936bc956761559c51263cf7645d135abe40069cd
+SHA1 (patch-ac) = ebdd43a3ce98fbd20ea515e06eb7f41d440cd294
diff --git a/www/ap-ssl/patches/patch-ac b/www/ap-ssl/patches/patch-ac
new file mode 100644
index 00000000000..90319bd460e
--- /dev/null
+++ b/www/ap-ssl/patches/patch-ac
@@ -0,0 +1,13 @@
+$NetBSD: patch-ac,v 1.1 2003/04/10 08:36:42 wiz Exp $
+
+--- pkg.sslmod/ssl_util_ssl.h.orig	Thu Oct 24 09:08:11 2002
++++ pkg.sslmod/ssl_util_ssl.h
+@@ -86,7 +86,7 @@
+ /*
+  * Backward compatibility.
+  */
+-#if SSL_LIBRARY_VERSION < 0x00906100
++#ifndef OPENSSL_free
+ #define OPENSSL_free free
+ #endif
+