Author: brane
Date: Sat Jan 14 16:30:08 2017
New Revision: 1778787
URL: http://svn.apache.org/viewvc?rev=1778787&view=rev
Log:
On the ocsp-verification branch: sync with trunk up to r1778786.
Modified:
serf/branches/ocsp-verification/ (props changed)
serf/branches/ocsp-verification/SConstruct
serf/branches/ocsp-verification/buckets/ssl_buckets.c
Propchange: serf/branches/ocsp-verification/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Jan 14 16:30:08 2017
@@ -3,4 +3,4 @@
/serf/branches/get-remaining:1701859-1708111
/serf/branches/multiple_ssl_impls:1699382
/serf/branches/windows-sspi:1698866-1698877
-/serf/trunk:1771884-1774751
+/serf/trunk:1771884-1778786
Modified: serf/branches/ocsp-verification/SConstruct
URL:
http://svn.apache.org/viewvc/serf/branches/ocsp-verification/SConstruct?rev=1778787&r1=1778786&r2=1778787&view=diff
==============================================================================
--- serf/branches/ocsp-verification/SConstruct (original)
+++ serf/branches/ocsp-verification/SConstruct Sat Jan 14 16:30:08 2017
@@ -415,6 +415,20 @@ else:
env.Append(CPPPATH=['$OPENSSL/include'])
env.Append(LIBPATH=['$OPENSSL/lib'])
+# Check for OpenSSL functions which are only available in some of
+# the versions we support. Also handles forks like LibreSSL.
+conf = Configure(env)
+if not conf.CheckFunc('BIO_set_init'):
+ env.Append(CPPDEFINES=['SERF_NO_SSL_BIO_WRAPPERS'])
+if not conf.CheckFunc('X509_STORE_get0_param'):
+ env.Append(CPPDEFINES=['SERF_NO_SSL_X509_STORE_WRAPPERS'])
+if conf.CheckFunc('CRYPTO_set_locking_callback'):
+ env.Append(CPPDEFINES=['SERF_HAVE_SSL_LOCKING_CALLBACKS'])
+if conf.CheckFunc('OPENSSL_malloc_init'):
+ env.Append(CPPDEFINES=['SERF_HAVE_OPENSSL_MALLOC_INIT'])
+if conf.CheckFunc('SSL_set_alpn_protos'):
+ env.Append(CPPDEFINES=['SERF_HAVE_OPENSSL_ALPN'])
+env = conf.Finish()
# If build with gssapi, get its information and define SERF_HAVE_GSSAPI
if gssapi and CALLOUT_OKAY:
Modified: serf/branches/ocsp-verification/buckets/ssl_buckets.c
URL:
http://svn.apache.org/viewvc/serf/branches/ocsp-verification/buckets/ssl_buckets.c?rev=1778787&r1=1778786&r2=1778787&view=diff
==============================================================================
--- serf/branches/ocsp-verification/buckets/ssl_buckets.c (original)
+++ serf/branches/ocsp-verification/buckets/ssl_buckets.c Sat Jan 14 16:30:08
2017
@@ -49,9 +49,8 @@
#define APR_ARRAY_PUSH(ary,type) (*((type *)apr_array_push(ary)))
#endif
-#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
-#define USE_LEGACY_OPENSSL
-#define X509_STORE_get0_param(store) store->param
+#ifdef SERF_NO_SSL_X509_STORE_WRAPPERS
+#define X509_STORE_get0_param(store) ((store)->param)
#endif
@@ -300,10 +299,12 @@ detect_renegotiate(const SSL *s, int whe
#endif
/* The server asked to renegotiate the SSL session. */
-#ifndef USE_LEGACY_OPENSSL
+#ifdef TLS_ST_SW_HELLO_REQ
if (SSL_get_state(s) == TLS_ST_SW_HELLO_REQ) {
-#else
+#elif defined(SSL_ST_RENEGOTIATE)
if (SSL_state(s) == SSL_ST_RENEGOTIATE) {
+#else
+#error "neither TLS_ST_SW_HELLO_REQ nor SSL_ST_RENEGOTIATE is available"
#endif
serf_ssl_context_t *ssl_ctx = SSL_get_app_data(s);
@@ -322,7 +323,7 @@ static void log_ssl_error(serf_ssl_conte
static void bio_set_data(BIO *bio, void *data)
{
-#ifndef USE_LEGACY_OPENSSL
+#ifndef SERF_NO_SSL_BIO_WRAPPERS
BIO_set_data(bio, data);
#else
bio->ptr = data;
@@ -331,7 +332,7 @@ static void bio_set_data(BIO *bio, void
static void *bio_get_data(BIO *bio)
{
-#ifndef USE_LEGACY_OPENSSL
+#ifndef SERF_NO_SSL_BIO_WRAPPERS
return BIO_get_data(bio);
#else
return bio->ptr;
@@ -463,7 +464,7 @@ static int bio_file_gets(BIO *bio, char
static int bio_bucket_create(BIO *bio)
{
-#ifndef USE_LEGACY_OPENSSL
+#ifndef SERF_NO_SSL_BIO_WRAPPERS
BIO_set_shutdown(bio, 1);
BIO_set_init(bio, 1);
BIO_set_data(bio, NULL);
@@ -506,7 +507,7 @@ static long bio_bucket_ctrl(BIO *bio, in
return ret;
}
-#ifdef USE_LEGACY_OPENSSL
+#ifdef SERF_NO_SSL_BIO_WRAPPERS
static BIO_METHOD bio_bucket_method = {
BIO_TYPE_MEM,
"Serf SSL encryption and decryption buckets",
@@ -542,7 +543,7 @@ static BIO_METHOD *bio_meth_bucket_new(v
{
BIO_METHOD *biom = NULL;
-#ifndef USE_LEGACY_OPENSSL
+#ifndef SERF_NO_SSL_BIO_WRAPPERS
biom = BIO_meth_new(BIO_TYPE_MEM,
"Serf SSL encryption and decryption buckets");
if (biom) {
@@ -563,7 +564,7 @@ static BIO_METHOD *bio_meth_file_new(voi
{
BIO_METHOD *biom = NULL;
-#ifndef USE_LEGACY_OPENSSL
+#ifndef SERF_NO_SSL_BIO_WRAPPERS
biom = BIO_meth_new(BIO_TYPE_FILE, "Wrapper around APR file structures");
if (biom) {
BIO_meth_set_write(biom, bio_file_write);
@@ -582,7 +583,7 @@ static BIO_METHOD *bio_meth_file_new(voi
static void bio_meth_free(BIO_METHOD *biom)
{
-#ifndef USE_LEGACY_OPENSSL
+#ifndef SERF_NO_SSL_BIO_WRAPPERS
BIO_meth_free(biom);
#endif
}
@@ -1153,11 +1154,13 @@ static apr_status_t ssl_decrypt(void *ba
/* Once we got through the initial handshake, we should have received
the ALPN information if there is such information. */
ctx->handshake_finished = SSL_is_init_finished(ctx->ssl)
-#ifndef USE_LEGACY_OPENSSL
+#ifdef TLS_ST_OK
|| (SSL_get_state(ctx->ssl) == TLS_ST_OK);
-#else
+#elif defined(SSL_CB_HANDSHAKE_DONE)
|| (SSL_state(ctx->ssl)
& SSL_CB_HANDSHAKE_DONE);
+#else
+#error "neither TLS_ST_OK nor SSL_CB_HANDSHAKE_DONE is available"
#endif
/* Call the protocol callback as soon as possible as this triggers
@@ -1355,7 +1358,7 @@ static apr_status_t ssl_encrypt(void *ba
return status;
}
-#if APR_HAS_THREADS && defined(USE_LEGACY_OPENSSL)
+#if APR_HAS_THREADS && defined(SERF_HAVE_SSL_LOCKING_CALLBACKS)
static apr_pool_t *ssl_pool;
static apr_thread_mutex_t **ssl_locks;
@@ -1442,7 +1445,7 @@ static void init_ssl_libraries(void)
val = apr_atomic_cas32(&have_init_ssl, INIT_BUSY, INIT_UNINITIALIZED);
if (!val) {
-#if APR_HAS_THREADS && defined(USE_LEGACY_OPENSSL)
+#if APR_HAS_THREADS && defined(SERF_HAVE_SSL_LOCKING_CALLBACKS)
int i, numlocks;
#endif
@@ -1459,7 +1462,7 @@ static void init_ssl_libraries(void)
}
#endif
-#ifndef USE_LEGACY_OPENSSL
+#ifdef SERF_HAVE_OPENSSL_MALLOC_INIT
OPENSSL_malloc_init();
#else
CRYPTO_malloc_init();
@@ -1469,7 +1472,7 @@ static void init_ssl_libraries(void)
SSL_library_init();
OpenSSL_add_all_algorithms();
-#if APR_HAS_THREADS && defined(USE_LEGACY_OPENSSL)
+#if APR_HAS_THREADS && defined(SERF_HAVE_SSL_LOCKING_CALLBACKS)
numlocks = CRYPTO_num_locks();
apr_pool_create(&ssl_pool, NULL);
ssl_locks = apr_palloc(ssl_pool, sizeof(apr_thread_mutex_t*)*numlocks);
@@ -1904,7 +1907,7 @@ apr_status_t serf_ssl_negotiate_protocol
memcpy(at, protocols, len);
at += len;
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L /* >= 1.0.2 */
+#ifdef SERF_HAVE_OPENSSL_ALPN
if (SSL_set_alpn_protos(context->ssl, raw_header, raw_len)) {
ERR_clear_error();
}
@@ -1929,7 +1932,7 @@ apr_status_t serf_ssl_negotiate_protocol
static const char *ssl_get_selected_protocol(serf_ssl_context_t *context)
{
if (! context->selected_protocol) {
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L /* >= 1.0.2 */
+#ifdef SERF_HAVE_OPENSSL_ALPN
const unsigned char *data = NULL;
unsigned len = 0;
