tags 828446 + patch
Hi,
Attached is a patch for it. It's against a current svn trunk.
It doesn't have any new regressions, but there are existing test
suite errors.
I'll also submit this upstream.
Kurt
Index: src/ne_auth.c
===================================================================
--- src/ne_auth.c (revision 1971)
+++ src/ne_auth.c (working copy)
@@ -333,7 +333,7 @@
}
else
#elif defined(HAVE_OPENSSL)
- if (RAND_status() == 1 && RAND_pseudo_bytes(data, sizeof data) >= 0) {
+ if (RAND_status() == 1 && RAND_bytes(data, sizeof data) >= 0) {
ne_md5_process_bytes(data, sizeof data, hash);
}
else
Index: src/ne_openssl.c
===================================================================
--- src/ne_openssl.c (revision 1971)
+++ src/ne_openssl.c (working copy)
@@ -67,6 +67,14 @@
typedef const unsigned char ne_d2i_uchar;
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_up_ref(x) x->references++
+#define EVP_PKEY_up_ref(x) x->references++
+#define EVP_MD_CTX_new() ne_calloc(sizeof(EVP_MD_CTX))
+#define EVP_MD_CTX_free(ctx) ne_free(ctx)
+#define EVP_MD_CTX_reset EVP_MD_CTX_cleanup
+#endif
+
struct ne_ssl_dname_s {
X509_NAME *dn;
};
@@ -152,15 +160,16 @@
for (n = X509_NAME_entry_count(name->dn); n > 0; n--) {
X509_NAME_ENTRY *ent = X509_NAME_get_entry(name->dn, n-1);
+ ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object(ent);
/* Skip commonName or emailAddress except if there is no other
* attribute in dname. */
- if ((OBJ_cmp(ent->object, cname) && OBJ_cmp(ent->object, email)) ||
+ if ((OBJ_cmp(obj, cname) && OBJ_cmp(obj, email)) ||
(!flag && n == 1)) {
if (flag++)
ne_buffer_append(dump, ", ", 2);
- if (append_dirstring(dump, ent->value))
+ if (append_dirstring(dump, X509_NAME_ENTRY_get_data(ent)))
ne_buffer_czappend(dump, "???");
}
}
@@ -501,8 +510,8 @@
populate_cert(&newcc->cert, cc->cert.subject);
- cc->cert.subject->references++;
- cc->pkey->references++;
+ X509_up_ref(cc->cert.subject);
+ EVP_PKEY_up_ref(cc->pkey);
return newcc;
}
@@ -540,8 +549,8 @@
if (sess->client_cert) {
ne_ssl_client_cert *const cc = sess->client_cert;
NE_DEBUG(NE_DBG_SSL, "Supplying client certificate.\n");
- cc->pkey->references++;
- cc->cert.subject->references++;
+ EVP_PKEY_up_ref(cc->pkey);
+ X509_up_ref(cc->cert.subject);
*cert = cc->cert.subject;
*pkey = cc->pkey;
return 1;
@@ -577,13 +586,8 @@
SSL_CTX_set_options(ctx->ctx, SSL_OP_NO_TICKET);
#endif
} else {
-#ifdef OPENSSL_NO_SSL2
ne_free(ctx);
return NULL;
-#else
- ctx->ctx = SSL_CTX_new(SSLv2_server_method());
- SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_CLIENT);
-#endif
}
return ctx;
}
@@ -671,8 +675,14 @@
* sufficient. */
static int SSL_SESSION_cmp(SSL_SESSION *a, SSL_SESSION *b)
{
- return a->session_id_length == b->session_id_length
- && memcmp(a->session_id, b->session_id, a->session_id_length) == 0;
+ const char *session1_buf, *session2_buf;
+ unsigned int session1_len, session2_len;
+
+ session1_buf = SSL_SESSION_get_id(a, &session1_len);
+ session2_buf = SSL_SESSION_get_id(b, &session2_len);
+
+ return session1_len == session2_len
+ && memcmp(session1_buf, session2_buf, session1_len) == 0;
}
#endif
@@ -1188,6 +1198,7 @@
int ne__ssl_init(void)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_malloc_init();
SSL_load_error_strings();
SSL_library_init();
@@ -1230,6 +1241,7 @@
"for %" NE_FMT_SIZE_T " locks.\n", num_locks);
}
#endif
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
return 0;
}
@@ -1266,16 +1278,15 @@
}
struct ne_md5_ctx {
- EVP_MD_CTX ctx;
+ EVP_MD_CTX *ctx;
};
/* Returns zero on succes, non-zero on failure. */
static int init_md5_ctx(struct ne_md5_ctx *ctx)
{
- EVP_MD_CTX_init(&ctx->ctx);
+ ctx->ctx = EVP_MD_CTX_new();
- if (EVP_DigestInit_ex(&ctx->ctx, EVP_md5(), NULL) != 1) {
- EVP_MD_CTX_cleanup(&ctx->ctx);
+ if (EVP_DigestInit_ex(ctx->ctx, EVP_md5(), NULL) != 1) {
return 1;
}
@@ -1301,18 +1312,18 @@
void ne_md5_process_block(const void *buffer, size_t len,
struct ne_md5_ctx *ctx)
{
- EVP_DigestUpdate(&ctx->ctx, buffer, len);
+ EVP_DigestUpdate(ctx->ctx, buffer, len);
}
void ne_md5_process_bytes(const void *buffer, size_t len,
struct ne_md5_ctx *ctx)
{
- EVP_DigestUpdate(&ctx->ctx, buffer, len);
+ EVP_DigestUpdate(ctx->ctx, buffer, len);
}
void *ne_md5_finish_ctx(struct ne_md5_ctx *ctx, void *resbuf)
{
- EVP_DigestFinal(&ctx->ctx, resbuf, NULL);
+ EVP_DigestFinal(ctx->ctx, resbuf, NULL);
return resbuf;
}
@@ -1321,7 +1332,7 @@
{
struct ne_md5_ctx *r = ne_md5_create_ctx();
- EVP_MD_CTX_copy_ex(&r->ctx, &ctx->ctx);
+ EVP_MD_CTX_copy_ex(r->ctx, ctx->ctx);
return r;
}
@@ -1328,7 +1339,7 @@
void ne_md5_reset_ctx(struct ne_md5_ctx *ctx)
{
- EVP_MD_CTX_cleanup(&ctx->ctx);
+ EVP_MD_CTX_reset(ctx->ctx);
init_md5_ctx(ctx);
}
@@ -1335,6 +1346,6 @@
void ne_md5_destroy_ctx(struct ne_md5_ctx *ctx)
{
- EVP_MD_CTX_cleanup(&ctx->ctx);
+ EVP_MD_CTX_free(ctx->ctx);
ne_free(ctx);
}
Index: src/ne_socket.c
===================================================================
--- src/ne_socket.c (revision 1971)
+++ src/ne_socket.c (working copy)
@@ -1858,6 +1858,8 @@
}
#else
SSL_SESSION *sess;
+ const unsigned char *session_buf;
+ unsigned int session_len;
if (!sock->ssl) {
return -1;
@@ -1865,17 +1867,18 @@
sess = SSL_get0_session(sock->ssl);
+ session_buf = SSL_SESSION_get_id(sess, &session_len);
if (!buf) {
- *buflen = sess->session_id_length;
+ *buflen = session_len;
return 0;
}
- if (*buflen < sess->session_id_length) {
+ if (*buflen < session_len) {
return -1;
}
- *buflen = sess->session_id_length;
- memcpy(buf, sess->session_id, *buflen);
+ *buflen = session_len;
+ memcpy(buf, session_buf, session_len);
return 0;
#endif
#else
