A few months ago, OpenBSD's LibreSSL added a new function
called SSL_CTX_use_certificate_chain().
This unexpectedly broke the build of Apache's mod_ssl which defines
a function of the same name. In OpenBSD this was worked around by
patching mod_ssl, renaming the clashing function.
Since then LibreSSL has renamed to SSL_CTX_use_certificate_chain_mem().
This resolved the immediate problem and mod_ssl patches could be dropped.
However, the actual issue here is that mod_ssl is squatting the SSL_ namespace.
Historically this may have made sense (it seems mod_ssl and OpenSSL have
shared history/authors). Bill Rowe suggested to try moving mod_ssl's
functions into the ap_ namespace to avoid such clashes in the future.
I have verified that no undefined references or undeclared symbols
are reported by gcc during the build with this diff.
I have tested startup of a httpd with mod_ssl loaded.
Additional testing is appreciated.
I'm not sure how README.dsov.ps should be regenerated.
It contains a refence to SSL_get_app_data2().
For now I've only updated the .dsov.fig file.
Index: modules/ssl/README.dsov.fig
===================================================================
--- modules/ssl/README.dsov.fig (revision 1673798)
+++ modules/ssl/README.dsov.fig (working copy)
@@ -339,7 +339,7 @@
4 0 0 200 0 20 8 0.0000 4 90 465 11745 4770 ->method\001
4 0 0 200 0 20 8 0.0000 4 120 1665 9945 6480 X509_STORE_CTX_get_app_data()\001
4 0 0 200 0 20 8 0.0000 4 120 1215 10980 6705 SSL_CTX_get_cert_store()\001
-4 0 0 200 0 20 8 0.0000 4 120 1020 8280 5130 SSL_get_app_data2()\001
+4 0 0 200 0 20 8 0.0000 4 120 1020 8280 5130 ap_SSL_get_app_data2()\001
4 0 0 100 0 18 20 0.0000 4 270 1290 10710 7605 OpenSSL\001
4 0 0 100 0 18 12 0.0000 4 180 720 10710 7785 [Crypto]\001
4 0 0 100 0 18 20 0.0000 4 270 1290 10935 3645 OpenSSL\001
Index: modules/ssl/mod_ssl.c
===================================================================
--- modules/ssl/mod_ssl.c (revision 1673798)
+++ modules/ssl/mod_ssl.c (working copy)
@@ -570,7 +570,7 @@
}
SSL_set_app_data(ssl, c);
- SSL_set_app_data2(ssl, NULL); /* will be request_rec */
+ ap_SSL_set_app_data2(ssl, NULL); /* will be request_rec */
sslconn->ssl = ssl;
Index: modules/ssl/ssl_engine_init.c
===================================================================
--- modules/ssl/ssl_engine_init.c (revision 1673798)
+++ modules/ssl/ssl_engine_init.c (working copy)
@@ -148,12 +148,12 @@
apr_status_t rv;
apr_array_header_t *pphrases;
- if (SSLeay() < SSL_LIBRARY_VERSION) {
+ if (SSLeay() < AP_SSL_LIBRARY_VERSION) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882)
"Init: this version of mod_ssl was compiled against "
"a newer library (%s, version currently loaded is %s)"
" - may result in undefined or erroneous behavior",
- SSL_LIBRARY_TEXT, SSLeay_version(SSLEAY_VERSION));
+ AP_SSL_LIBRARY_TEXT, SSLeay_version(SSLEAY_VERSION));
}
/* We initialize mc->pid per-process in the child init,
@@ -242,7 +242,7 @@
#endif
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01883)
- "Init: Initialized %s library", SSL_LIBRARY_NAME);
+ "Init: Initialized %s library", AP_SSL_LIBRARY_NAME);
/*
* Seed the Pseudo Random Number Generator (PRNG)
@@ -348,7 +348,7 @@
*/
ssl_add_version_components(p, base_server);
- SSL_init_app_data2_idx(); /* for SSL_get_app_data2() at request time */
+ ap_SSL_init_app_data2_idx(); /* for ap_SSL_get_app_data2() at request time
*/
init_dh_params();
@@ -871,9 +871,9 @@
}
}
- n = SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
- (char *)chain,
- skip_first, NULL);
+ n = ap_SSL_CTX_use_certificate_chain(mctx->ssl_ctx,
+ (char *)chain,
+ skip_first, NULL);
if (n < 0) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01903)
"Failed to configure CA certificate chain!");
@@ -946,7 +946,7 @@
* Some information about the certificate(s)
*/
- if (SSL_X509_getBC(cert, &is_ca, &pathlen)) {
+ if (ap_SSL_X509_getBC(cert, &is_ca, &pathlen)) {
if (is_ca) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(01906)
"%s server certificate is a CA certificate "
@@ -961,8 +961,8 @@
}
}
- if (SSL_X509_match_name(ptemp, cert, (const char *)s->server_hostname,
- TRUE, s) == FALSE) {
+ if (ap_SSL_X509_match_name(ptemp, cert, (const char *)s->server_hostname,
+ TRUE, s) == FALSE) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(01909)
"%s server certificate does NOT include an ID "
"which matches the server name", key_id);
@@ -1249,11 +1249,11 @@
sk = sk_X509_INFO_new_null();
if (pkp->cert_file) {
- SSL_X509_INFO_load_file(ptemp, sk, pkp->cert_file);
+ ap_SSL_X509_INFO_load_file(ptemp, sk, pkp->cert_file);
}
if (pkp->cert_path) {
- SSL_X509_INFO_load_path(ptemp, sk, pkp->cert_path);
+ ap_SSL_X509_INFO_load_path(ptemp, sk, pkp->cert_path);
}
if ((ncerts = sk_X509_INFO_num(sk)) <= 0) {
@@ -1640,7 +1640,7 @@
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02209)
"CA certificate: %s",
- SSL_X509_NAME_to_string(ptemp, name, 0));
+ ap_SSL_X509_NAME_to_string(ptemp, name, 0));
/*
* note that SSL_load_client_CA_file() checks for duplicates,
Index: modules/ssl/ssl_engine_io.c
===================================================================
--- modules/ssl/ssl_engine_io.c (revision 1673798)
+++ modules/ssl/ssl_engine_io.c (working copy)
@@ -1051,7 +1051,7 @@
}
SSL_set_shutdown(ssl, shutdown_type);
- SSL_smart_shutdown(ssl);
+ ap_SSL_smart_shutdown(ssl);
/* and finally log the fact that we've closed the connection */
if (APLOG_CS_IS_LEVEL(c, mySrvFromConn(c), loglevel)) {
@@ -1181,8 +1181,8 @@
hostname_note) {
apr_table_unset(c->notes, "proxy-request-hostname");
if (!cert
- || SSL_X509_match_name(c->pool, cert, hostname_note,
- TRUE, server) == FALSE) {
+ || ap_SSL_X509_match_name(c->pool, cert, hostname_note,
+ TRUE, server) == FALSE) {
proxy_ssl_check_peer_ok = FALSE;
ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02411)
"SSL Proxy: Peer certificate does not match "
@@ -2186,7 +2186,7 @@
}
ap_log_cserror(APLOG_MARK, APLOG_TRACE4, 0, c, s,
"%s: %s %ld/%d bytes %s BIO#%pp [mem: %pp] %s",
- SSL_LIBRARY_NAME,
+ AP_SSL_LIBRARY_NAME,
(cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" :
"from"),
bio, argp, dump);
@@ -2196,7 +2196,7 @@
else {
ap_log_cserror(APLOG_MARK, APLOG_TRACE4, 0, c, s,
"%s: I/O error, %d bytes expected to %s on BIO#%pp [mem:
%pp]",
- SSL_LIBRARY_NAME, argi,
+ AP_SSL_LIBRARY_NAME, argi,
(cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
bio, argp);
}
Index: modules/ssl/ssl_engine_kernel.c
===================================================================
--- modules/ssl/ssl_engine_kernel.c (revision 1673798)
+++ modules/ssl/ssl_engine_kernel.c (working copy)
@@ -229,7 +229,7 @@
}
}
#endif
- SSL_set_app_data2(ssl, r);
+ ap_SSL_set_app_data2(ssl, r);
/*
* Log information about incoming HTTPS requests
@@ -1385,7 +1385,7 @@
SSL *ssl = X509_STORE_CTX_get_ex_data(ctx,
SSL_get_ex_data_X509_STORE_CTX_idx());
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
- request_rec *r = (request_rec *)SSL_get_app_data2(ssl);
+ request_rec *r = (request_rec *)ap_SSL_get_app_data2(ssl);
server_rec *s = r ? r->server : mySrvFromConn(conn);
SSLSrvConfigRec *sc = mySrvConfig(s);
@@ -1654,7 +1654,7 @@
const char *result,
long timeout)
{
- char buf[SSL_SESSION_ID_STRING_LEN];
+ char buf[AP_SSL_SESSION_ID_STRING_LEN];
char timeout_str[56] = {'\0'};
if (!APLOGdebug(s)) {
@@ -1670,7 +1670,7 @@
"Inter-Process Session Cache: "
"request=%s status=%s id=%s %s(session %s)",
request, status,
- SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
+ ap_SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
timeout_str, result);
}
@@ -1811,32 +1811,32 @@
*/
if (where & SSL_CB_HANDSHAKE_START) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
- "%s: Handshake: start", SSL_LIBRARY_NAME);
+ "%s: Handshake: start", AP_SSL_LIBRARY_NAME);
}
else if (where & SSL_CB_HANDSHAKE_DONE) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
- "%s: Handshake: done", SSL_LIBRARY_NAME);
+ "%s: Handshake: done", AP_SSL_LIBRARY_NAME);
}
else if (where & SSL_CB_LOOP) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Loop: %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ AP_SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_READ) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Read: %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ AP_SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_WRITE) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Write: %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ AP_SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_ALERT) {
char *str = (where & SSL_CB_READ) ? "read" : "write";
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Alert: %s:%s:%s",
- SSL_LIBRARY_NAME, str,
+ AP_SSL_LIBRARY_NAME, str,
SSL_alert_type_string_long(rc),
SSL_alert_desc_string_long(rc));
}
@@ -1844,12 +1844,12 @@
if (rc == 0) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Exit: failed in %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ AP_SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (rc < 0) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Exit: error in %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ AP_SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
}
Index: modules/ssl/ssl_engine_log.c
===================================================================
--- modules/ssl/ssl_engine_log.c (revision 1673798)
+++ modules/ssl/ssl_engine_log.c (working copy)
@@ -141,8 +141,8 @@
int maxdnlen = (HUGE_STRING_LEN - msglen - 300) / 2;
BIO_puts(bio, " [subject: ");
- name = SSL_X509_NAME_to_string(p, X509_get_subject_name(cert),
- maxdnlen);
+ name = ap_SSL_X509_NAME_to_string(p, X509_get_subject_name(cert),
+ maxdnlen);
if (!strIsEmpty(name)) {
BIO_puts(bio, name);
} else {
@@ -150,8 +150,8 @@
}
BIO_puts(bio, " / issuer: ");
- name = SSL_X509_NAME_to_string(p, X509_get_issuer_name(cert),
- maxdnlen);
+ name = ap_SSL_X509_NAME_to_string(p, X509_get_issuer_name(cert),
+ maxdnlen);
if (!strIsEmpty(name)) {
BIO_puts(bio, name);
} else {
Index: modules/ssl/ssl_engine_pphrase.c
===================================================================
--- modules/ssl/ssl_engine_pphrase.c (revision 1673798)
+++ modules/ssl/ssl_engine_pphrase.c (working copy)
@@ -216,7 +216,7 @@
* is not empty. */
ERR_clear_error();
- bReadable = ((pPrivateKey = SSL_read_PrivateKey(ppcb_arg.pkey_file,
+ bReadable = ((pPrivateKey = ap_SSL_read_PrivateKey(ppcb_arg.pkey_file,
NULL, ssl_pphrase_Handle_CB, &ppcb_arg)) != NULL ?
TRUE : FALSE);
Index: modules/ssl/ssl_engine_vars.c
===================================================================
--- modules/ssl/ssl_engine_vars.c (revision 1673798)
+++ modules/ssl/ssl_engine_vars.c (working copy)
@@ -131,7 +131,7 @@
}
static const char var_interface[] = "mod_ssl/" AP_SERVER_BASEREVISION;
-static char var_library_interface[] = SSL_LIBRARY_TEXT;
+static char var_library_interface[] = AP_SSL_LIBRARY_TEXT;
static char *var_library = NULL;
static apr_array_header_t *expr_peer_ext_list_fn(ap_expr_eval_ctx_t *ctx,
@@ -185,7 +185,7 @@
APR_REGISTER_OPTIONAL_FN(ssl_ext_list);
/* Perform once-per-process library version determination: */
- var_library = apr_pstrdup(p, SSL_LIBRARY_DYNTEXT);
+ var_library = apr_pstrdup(p, AP_SSL_LIBRARY_DYNTEXT);
if ((cp = strchr(var_library, ' ')) != NULL) {
*cp = '/';
@@ -406,7 +406,7 @@
result = (char *)SSL_get_version(ssl);
}
else if (ssl != NULL && strcEQ(var, "SESSION_ID")) {
- char buf[SSL_SESSION_ID_STRING_LEN];
+ char buf[AP_SSL_SESSION_ID_STRING_LEN];
SSL_SESSION *pSession = SSL_get_session(ssl);
if (pSession) {
unsigned char *id;
@@ -419,8 +419,8 @@
idlen = pSession->session_id_length;
#endif
- result = apr_pstrdup(p, SSL_SESSION_id2sz(id, idlen,
- buf, sizeof(buf)));
+ result = apr_pstrdup(p, ap_SSL_SESSION_id2sz(id, idlen,
+ buf, sizeof(buf)));
}
}
else if(ssl != NULL && strcEQ(var, "SESSION_RESUMED")) {
@@ -651,7 +651,7 @@
n =OBJ_obj2nid((ASN1_OBJECT
*)X509_NAME_ENTRY_get_object(xsne));
if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid && idx-- == 0) {
- result = SSL_X509_NAME_ENTRY_to_string(p, xsne);
+ result = ap_SSL_X509_NAME_ENTRY_to_string(p, xsne);
break;
}
}
@@ -682,7 +682,7 @@
if ((numlen < 1) || (numlen > 4) || (numlen != strlen(var)))
return NULL;
- if (SSL_X509_getSAN(p, xs, type, atoi(var), &entries))
+ if (ap_SSL_X509_getSAN(p, xs, type, atoi(var), &entries))
/* return the first entry from this 1-element array */
return APR_ARRAY_IDX(entries, 0, char *);
else
@@ -807,7 +807,7 @@
char *decimal = BN_bn2dec(bn);
result = apr_pstrcat(p, "{ serialNumber ", decimal,
", issuer rdnSequence:\"",
- SSL_X509_NAME_to_string(p, issuer, 0), "\" }", NULL);
+ ap_SSL_X509_NAME_to_string(p, issuer, 0), "\" }", NULL);
OPENSSL_free(decimal);
BN_free(bn);
}
@@ -972,7 +972,7 @@
apr_hash_set(count, &nid, sizeof nid, dup);
key = apr_pstrcat(p, pfx, tag, NULL);
}
- value = SSL_X509_NAME_ENTRY_to_string(p, xsne);
+ value = ap_SSL_X509_NAME_ENTRY_to_string(p, xsne);
apr_table_setn(t, key, value);
}
}
@@ -1032,10 +1032,10 @@
/* subjectAltName entries of the server certificate */
xs = SSL_get_certificate(ssl);
if (xs) {
- if (SSL_X509_getSAN(p, xs, GEN_EMAIL, -1, &entries)) {
+ if (ap_SSL_X509_getSAN(p, xs, GEN_EMAIL, -1, &entries)) {
extract_san_array(t, "SSL_SERVER_SAN_Email", entries, p);
}
- if (SSL_X509_getSAN(p, xs, GEN_DNS, -1, &entries)) {
+ if (ap_SSL_X509_getSAN(p, xs, GEN_DNS, -1, &entries)) {
extract_san_array(t, "SSL_SERVER_SAN_DNS", entries, p);
}
/* no need to free xs (refcount does not increase) */
@@ -1044,10 +1044,10 @@
/* subjectAltName entries of the client certificate */
xs = SSL_get_peer_certificate(ssl);
if (xs) {
- if (SSL_X509_getSAN(p, xs, GEN_EMAIL, -1, &entries)) {
+ if (ap_SSL_X509_getSAN(p, xs, GEN_EMAIL, -1, &entries)) {
extract_san_array(t, "SSL_CLIENT_SAN_Email", entries, p);
}
- if (SSL_X509_getSAN(p, xs, GEN_DNS, -1, &entries)) {
+ if (ap_SSL_X509_getSAN(p, xs, GEN_DNS, -1, &entries)) {
extract_san_array(t, "SSL_CLIENT_SAN_DNS", entries, p);
}
X509_free(xs);
Index: modules/ssl/ssl_scache.c
===================================================================
--- modules/ssl/ssl_scache.c (revision 1673798)
+++ modules/ssl/ssl_scache.c (working copy)
@@ -115,7 +115,7 @@
apr_pool_t *p)
{
SSLModConfigRec *mc = myModConfig(s);
- unsigned char encoded[SSL_SESSION_MAX_DER], *ptr;
+ unsigned char encoded[AP_SSL_SESSION_MAX_DER], *ptr;
unsigned int len;
apr_status_t rv;
@@ -148,8 +148,8 @@
apr_pool_t *p)
{
SSLModConfigRec *mc = myModConfig(s);
- unsigned char dest[SSL_SESSION_MAX_DER];
- unsigned int destlen = SSL_SESSION_MAX_DER;
+ unsigned char dest[AP_SSL_SESSION_MAX_DER];
+ unsigned int destlen = AP_SSL_SESSION_MAX_DER;
const unsigned char *ptr;
apr_status_t rv;
Index: modules/ssl/ssl_util_ssl.c
===================================================================
--- modules/ssl/ssl_util_ssl.c (revision 1673798)
+++ modules/ssl/ssl_util_ssl.c (working copy)
@@ -40,7 +40,7 @@
*/
static int SSL_app_data2_idx = -1;
-void SSL_init_app_data2_idx(void)
+void ap_SSL_init_app_data2_idx(void)
{
int i;
@@ -57,12 +57,12 @@
}
}
-void *SSL_get_app_data2(SSL *ssl)
+void *ap_SSL_get_app_data2(SSL *ssl)
{
return (void *)SSL_get_ex_data(ssl, SSL_app_data2_idx);
}
-void SSL_set_app_data2(SSL *ssl, void *arg)
+void ap_SSL_set_app_data2(SSL *ssl, void *arg)
{
SSL_set_ex_data(ssl, SSL_app_data2_idx, (char *)arg);
return;
@@ -74,7 +74,7 @@
** _________________________________________________________________
*/
-EVP_PKEY *SSL_read_PrivateKey(const char* filename, EVP_PKEY **key,
pem_password_cb *cb, void *s)
+EVP_PKEY *ap_SSL_read_PrivateKey(const char* filename, EVP_PKEY **key,
pem_password_cb *cb, void *s)
{
EVP_PKEY *rc;
BIO *bioS;
@@ -121,7 +121,7 @@
** _________________________________________________________________
*/
-int SSL_smart_shutdown(SSL *ssl)
+int ap_SSL_smart_shutdown(SSL *ssl)
{
int i;
int rc;
@@ -161,7 +161,7 @@
*/
/* retrieve basic constraints ingredients */
-BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
+BOOL ap_SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
{
BASIC_CONSTRAINTS *bc;
BIGNUM *bn = NULL;
@@ -191,7 +191,7 @@
}
/* convert an ASN.1 string to a UTF-8 string (escaping control characters) */
-char *SSL_ASN1_STRING_to_utf8(apr_pool_t *p, ASN1_STRING *asn1str)
+char *ap_SSL_ASN1_STRING_to_utf8(apr_pool_t *p, ASN1_STRING *asn1str)
{
char *result = NULL;
BIO *bio;
@@ -213,9 +213,9 @@
}
/* convert a NAME_ENTRY to UTF8 string */
-char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne)
+char *ap_SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsne)
{
- char *result = SSL_ASN1_STRING_to_utf8(p, X509_NAME_ENTRY_get_data(xsne));
+ char *result = ap_SSL_ASN1_STRING_to_utf8(p,
X509_NAME_ENTRY_get_data(xsne));
ap_xlate_proto_from_ascii(result, len);
return result;
}
@@ -224,7 +224,7 @@
* convert an X509_NAME to an RFC 2253 formatted string, optionally truncated
* to maxlen characters (specify a maxlen of 0 for no length limit)
*/
-char *SSL_X509_NAME_to_string(apr_pool_t *p, X509_NAME *dn, int maxlen)
+char *ap_SSL_X509_NAME_to_string(apr_pool_t *p, X509_NAME *dn, int maxlen)
{
char *result = NULL;
BIO *bio;
@@ -259,8 +259,8 @@
* GEN_EMAIL (rfc822Name)
* GEN_DNS (dNSName)
*/
-BOOL SSL_X509_getSAN(apr_pool_t *p, X509 *x509, int type, int idx,
- apr_array_header_t **entries)
+BOOL ap_SSL_X509_getSAN(apr_pool_t *p, X509 *x509, int type, int idx,
+ apr_array_header_t **entries)
{
STACK_OF(GENERAL_NAME) *names;
@@ -282,7 +282,7 @@
switch (type) {
case GEN_EMAIL:
case GEN_DNS:
- utf8str = SSL_ASN1_STRING_to_utf8(p, name->d.ia5);
+ utf8str = ap_SSL_ASN1_STRING_to_utf8(p, name->d.ia5);
if (utf8str) {
APR_ARRAY_PUSH(*entries, const char *) = utf8str;
}
@@ -313,7 +313,7 @@
}
/* return an array of (RFC 6125 coined) DNS-IDs and CN-IDs in a certificate */
-BOOL SSL_X509_getIDs(apr_pool_t *p, X509 *x509, apr_array_header_t **ids)
+BOOL ap_SSL_X509_getIDs(apr_pool_t *p, X509 *x509, apr_array_header_t **ids)
{
X509_NAME *subj;
int i = -1;
@@ -320,7 +320,7 @@
/* First, the DNS-IDs (dNSName entries in the subjectAltName extension) */
if (!x509 ||
- (SSL_X509_getSAN(p, x509, GEN_DNS, -1, ids) == FALSE && !*ids)) {
+ (ap_SSL_X509_getSAN(p, x509, GEN_DNS, -1, ids) == FALSE && !*ids)) {
*ids = NULL;
return FALSE;
}
@@ -329,7 +329,7 @@
subj = X509_get_subject_name(x509);
while ((i = X509_NAME_get_index_by_NID(subj, NID_commonName, i)) != -1) {
APR_ARRAY_PUSH(*ids, const char *) =
- SSL_X509_NAME_ENTRY_to_string(p, X509_NAME_get_entry(subj, i));
+ ap_SSL_X509_NAME_ENTRY_to_string(p, X509_NAME_get_entry(subj, i));
}
return apr_is_empty_array(*ids) ? FALSE : TRUE;
@@ -340,8 +340,8 @@
* DNS-IDs and CN-IDs (RFC 6125), optionally with basic wildcard matching.
* If server_rec is non-NULL, some (debug/trace) logging is enabled.
*/
-BOOL SSL_X509_match_name(apr_pool_t *p, X509 *x509, const char *name,
- BOOL allow_wildcard, server_rec *s)
+BOOL ap_SSL_X509_match_name(apr_pool_t *p, X509 *x509, const char *name,
+ BOOL allow_wildcard, server_rec *s)
{
BOOL matched = FALSE;
apr_array_header_t *ids;
@@ -356,7 +356,7 @@
* is found).
*/
- if (SSL_X509_getIDs(p, x509, &ids)) {
+ if (ap_SSL_X509_getIDs(p, x509, &ids)) {
const char *cp;
int i;
char **id = (char **)ids->elts;
@@ -387,8 +387,8 @@
if (s) {
ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s,
- "[%s] SSL_X509_match_name: expecting name '%s', "
- "%smatched by ID '%s'",
+ "[%s] ap_SSL_X509_match_name: expecting name "
+ "'%s', %smatched by ID '%s'",
(mySrvConfig(s))->vhost_id, name,
matched == TRUE ? "" : "NOT ", id[i]);
}
@@ -417,9 +417,9 @@
** _________________________________________________________________
*/
-BOOL SSL_X509_INFO_load_file(apr_pool_t *ptemp,
- STACK_OF(X509_INFO) *sk,
- const char *filename)
+BOOL ap_SSL_X509_INFO_load_file(apr_pool_t *ptemp,
+ STACK_OF(X509_INFO) *sk,
+ const char *filename)
{
BIO *in;
@@ -441,9 +441,9 @@
return TRUE;
}
-BOOL SSL_X509_INFO_load_path(apr_pool_t *ptemp,
- STACK_OF(X509_INFO) *sk,
- const char *pathname)
+BOOL ap_SSL_X509_INFO_load_path(apr_pool_t *ptemp,
+ STACK_OF(X509_INFO) *sk,
+ const char *pathname)
{
/* XXX: this dir read code is exactly the same as that in
* ssl_engine_init.c, only the call to handle the fullname is different,
@@ -468,7 +468,7 @@
pathname, "/", dirent.name,
NULL);
- if (SSL_X509_INFO_load_file(ptemp, sk, fullname)) {
+ if (ap_SSL_X509_INFO_load_file(ptemp, sk, fullname)) {
ok = TRUE;
}
}
@@ -521,7 +521,7 @@
* format, possibly followed by a sequence of CA certificates that
* should be sent to the peer in the SSL Certificate message.
*/
-int SSL_CTX_use_certificate_chain(
+int ap_SSL_CTX_use_certificate_chain(
SSL_CTX *ctx, char *file, int skipfirst, pem_password_cb *cb)
{
BIO *bio;
@@ -581,8 +581,8 @@
** _________________________________________________________________
*/
-char *SSL_SESSION_id2sz(unsigned char *id, int idlen,
- char *str, int strsize)
+char *ap_SSL_SESSION_id2sz(unsigned char *id, int idlen,
+ char *str, int strsize)
{
if (idlen > SSL_MAX_SSL_SESSION_ID_LENGTH)
idlen = SSL_MAX_SSL_SESSION_ID_LENGTH;
Index: modules/ssl/ssl_util_ssl.h
===================================================================
--- modules/ssl/ssl_util_ssl.h (revision 1673798)
+++ modules/ssl/ssl_util_ssl.h (working copy)
@@ -38,10 +38,10 @@
* SSL library version number
*/
-#define SSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
-#define SSL_LIBRARY_NAME "OpenSSL"
-#define SSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT
-#define SSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)
+#define AP_SSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
+#define AP_SSL_LIBRARY_NAME "OpenSSL"
+#define AP_SSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT
+#define AP_SSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)
/**
* Maximum length of a DER encoded session.
@@ -48,31 +48,31 @@
* FIXME: There is no define in OpenSSL, but OpenSSL uses 1024*10,
* so this value should be ok. Although we have no warm feeling.
*/
-#define SSL_SESSION_MAX_DER 1024*10
+#define AP_SSL_SESSION_MAX_DER 1024*10
-/** max length for SSL_SESSION_id2sz */
-#define SSL_SESSION_ID_STRING_LEN \
+/** max length for AP_SSL_SESSION_id2sz */
+#define AP_SSL_SESSION_ID_STRING_LEN \
((SSL_MAX_SSL_SESSION_ID_LENGTH + 1) * 2)
/**
* Additional Functions
*/
-void SSL_init_app_data2_idx(void);
-void *SSL_get_app_data2(SSL *);
-void SSL_set_app_data2(SSL *, void *);
-EVP_PKEY *SSL_read_PrivateKey(const char *, EVP_PKEY **, pem_password_cb *,
void *);
-int SSL_smart_shutdown(SSL *ssl);
-BOOL SSL_X509_getBC(X509 *, int *, int *);
-char *SSL_ASN1_STRING_to_utf8(apr_pool_t *, ASN1_STRING *);
-char *SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY
*xsne);
-char *SSL_X509_NAME_to_string(apr_pool_t *, X509_NAME *, int);
-BOOL SSL_X509_getSAN(apr_pool_t *, X509 *, int, int, apr_array_header_t
**);
-BOOL SSL_X509_getIDs(apr_pool_t *, X509 *, apr_array_header_t **);
-BOOL SSL_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL,
server_rec *);
-BOOL SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const
char *);
-BOOL SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const
char *);
-int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int,
pem_password_cb *);
-char *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
+void ap_SSL_init_app_data2_idx(void);
+void *ap_SSL_get_app_data2(SSL *);
+void ap_SSL_set_app_data2(SSL *, void *);
+EVP_PKEY *ap_SSL_read_PrivateKey(const char *, EVP_PKEY **, pem_password_cb
*, void *);
+int ap_SSL_smart_shutdown(SSL *ssl);
+BOOL ap_SSL_X509_getBC(X509 *, int *, int *);
+char *ap_SSL_ASN1_STRING_to_utf8(apr_pool_t *, ASN1_STRING *);
+char *ap_SSL_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY
*xsne);
+char *ap_SSL_X509_NAME_to_string(apr_pool_t *, X509_NAME *, int);
+BOOL ap_SSL_X509_getSAN(apr_pool_t *, X509 *, int, int,
apr_array_header_t **);
+BOOL ap_SSL_X509_getIDs(apr_pool_t *, X509 *, apr_array_header_t **);
+BOOL ap_SSL_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL,
server_rec *);
+BOOL ap_SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *,
const char *);
+BOOL ap_SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *,
const char *);
+int ap_SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int,
pem_password_cb *);
+char *ap_SSL_SESSION_id2sz(unsigned char *, int, char *, int);
#endif /* __SSL_UTIL_SSL_H__ */
/** @} */
