Merge branch 'release/4.4.23'

Author: GrahamDumpleton

docs/release-notes.rst

@@ -5,6 +5,7 @@ Release Notes
 .. toctree::
    :maxdepth: 2
 
+   release-notes/version-4.4.23
    release-notes/version-4.4.22
    release-notes/version-4.4.21
    release-notes/version-4.4.20

docs/release-notes/version-4.4.23.rst

@@ -0,0 +1,20 @@
+==============
+Version 4.4.23
+==============
+
+Version 4.4.23 of mod_wsgi can be obtained from:
+
+  https://codeload.github.com/GrahamDumpleton/mod_wsgi/tar.gz/4.4.23
+
+For details on the availability of Windows binaries see:
+
+  https://github.com/GrahamDumpleton/mod_wsgi/tree/master/win32
+
+New Features
+------------
+
+1. Added the ``--ssl-certificate-chain-file`` option to
+``mod_wsgi-express``, for specifying the path to a file containing the
+certificates of Certification Authorities (CA) which form the certificate
+chain of the server certificate. This is equivalent to having used the
+Apache ``SSLCertificateChainFile`` directive.

src/server/__init__.py

@@ -570,6 +570,9 @@ def find_mimetypes():
 SSLCACertificateFile %(ssl_ca_certificate_file)s
 SSLVerifyClient none
 </IfDefine>
+<IfDefine MOD_WSGI_CERTIFICATE_CHAIN>
+SSLCertificateChainFile %(ssl_certificate_chain_file)s
+</IfDefine>
 </VirtualHost>
 <VirtualHost *:%(https_port)s>
 ServerName %(server_name)s
@@ -583,6 +586,9 @@ def find_mimetypes():
 SSLCACertificateFile %(ssl_ca_certificate_file)s
 SSLVerifyClient none
 </IfDefine>
+<IfDefine MOD_WSGI_CERTIFICATE_CHAIN>
+SSLCertificateChainFile %(ssl_certificate_chain_file)s
+</IfDefine>
 <IfDefine MOD_WSGI_HTTPS_ONLY>
 <IfDefine MOD_WSGI_HSTS_POLICY>
 Header set Strict-Transport-Security %(hsts_policy)s
@@ -603,6 +609,9 @@ def find_mimetypes():
 SSLCACertificateFile %(ssl_ca_certificate_file)s
 SSLVerifyClient none
 </IfDefine>
+<IfDefine MOD_WSGI_CERTIFICATE_CHAIN>
+SSLCertificateChainFile %(ssl_certificate_chain_file)s
+</IfDefine>
 </VirtualHost>
 </IfDefine>
 </IfDefine>
@@ -1819,6 +1828,11 @@ def check_percentage(option, opt_str, value, parser):
             'whole site will be disabled and verification will only be '
             'required for the specified sub URL.'),
 
+    optparse.make_option('--ssl-certificate-chain-file', default=None,
+            metavar='FILE-PATH', help='Specify the path to a file '
+            'containing the certificates of Certification Authorities (CA) '
+            'which form the certificate chain of the server certificate.'),
+
     optparse.make_option('--ssl-environment', action='store_true',
             default=False, help='Flag indicating whether the standard set '
             'of SSL related variables are passed in the per request '
@@ -2477,6 +2491,10 @@ def _cmd_setup_server(command, args, options):
         options['ssl_ca_certificate_file'] = os.path.abspath(
                 options['ssl_ca_certificate_file'])
 
+    if options['ssl_certificate_chain_file']:
+        options['ssl_certificate_chain_file'] = os.path.abspath(
+                options['ssl_certificate_chain_file'])
+
     if options['entry_point']:
         args = [options['entry_point']]
 
@@ -2939,6 +2957,8 @@ def _cmd_setup_server(command, args, options):
         options['httpd_arguments_list'].append('-DMOD_WSGI_WITH_HTTPS')
     if options['ssl_ca_certificate_file']:
         options['httpd_arguments_list'].append('-DMOD_WSGI_VERIFY_CLIENT')
+    if options['ssl_certificate_chain_file']:
+        options['httpd_arguments_list'].append('-DMOD_WSGI_CERTIFICATE_CHAIN')
 
     if options['ssl_environment']:
         options['httpd_arguments_list'].append('-DMOD_WSGI_SSL_ENVIRONMENT')

src/server/wsgi_version.h

@@ -25,8 +25,8 @@
 
 #define MOD_WSGI_MAJORVERSION_NUMBER 4
 #define MOD_WSGI_MINORVERSION_NUMBER 4
-#define MOD_WSGI_MICROVERSION_NUMBER 22
-#define MOD_WSGI_VERSION_STRING "4.4.22"
+#define MOD_WSGI_MICROVERSION_NUMBER 23
+#define MOD_WSGI_VERSION_STRING "4.4.23"
 
 /* ------------------------------------------------------------------------- */