Author: billbarker Date: Wed Nov 4 02:25:05 2015 New Revision: 1712457 URL: http://svn.apache.org/viewvc?rev=1712457&view=rev Log: Forward port r1712199 align with OpenSSL master. Just deleted the SSLeay check since any OS I know will raise an UnsatifiedLinkError if you try to load this with such an old version when 1.0.2x is required. Otherwise no change if compiling against 1.0.2x
Modified: tomcat/native/trunk/native/src/ssl.c tomcat/native/trunk/native/src/sslnetwork.c tomcat/native/trunk/native/src/sslutils.c Modified: tomcat/native/trunk/native/src/ssl.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/ssl.c?rev=1712457&r1=1712456&r2=1712457&view=diff ============================================================================== --- tomcat/native/trunk/native/src/ssl.c (original) +++ tomcat/native/trunk/native/src/ssl.c Wed Nov 4 02:25:05 2015 @@ -657,12 +657,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize TCN_FREE_CSTRING(engine); return (jint)APR_SUCCESS; } - if (SSLeay() < 0x0090700L) { - TCN_FREE_CSTRING(engine); - tcn_ThrowAPRException(e, APR_EINVAL); - ssl_initialized = 0; - return (jint)APR_EINVAL; - } + /* We must register the library in full, to ensure our configuration * code can successfully test the SSL environment. */ Modified: tomcat/native/trunk/native/src/sslnetwork.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslnetwork.c?rev=1712457&r1=1712456&r2=1712457&view=diff ============================================================================== --- tomcat/native/trunk/native/src/sslnetwork.c (original) +++ tomcat/native/trunk/native/src/sslnetwork.c Wed Nov 4 02:25:05 2015 @@ -650,6 +650,7 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene #endif return APR_EGENERAL; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_set_state(con->ssl, SSL_ST_ACCEPT); apr_socket_timeout_get(con->sock, &timeout); @@ -669,14 +670,11 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene break; } con->reneg_state = RENEG_REJECT; -#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (SSL_get_state(con->ssl) != SSL_ST_OK) { -#else - if (SSL_get_state(con->ssl) != TLS_ST_OK) { -#endif return APR_EGENERAL; } - +#endif return APR_SUCCESS; } Modified: tomcat/native/trunk/native/src/sslutils.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslutils.c?rev=1712457&r1=1712456&r2=1712457&view=diff ============================================================================== --- tomcat/native/trunk/native/src/sslutils.c (original) +++ tomcat/native/trunk/native/src/sslutils.c Wed Nov 4 02:25:05 2015 @@ -246,7 +246,11 @@ int SSL_CTX_use_certificate_chain(SSL_CT unsigned long err; int n; +#if OPENSSL_VERSION_NUMBER < 0x10100000L if ((bio = BIO_new(BIO_s_file_internal())) == NULL) +#else + if ((bio = BIO_new(BIO_s_file())) == NULL) +#endif return -1; if (BIO_read_filename(bio, file) <= 0) { BIO_free(bio); @@ -548,9 +552,11 @@ void SSL_callback_handshake(const SSL *s if ((where & SSL_CB_ACCEPT_LOOP) && con->reneg_state == RENEG_REJECT) { int state = SSL_get_state(ssl); - if (state == SSL3_ST_SR_CLNT_HELLO_A #if OPENSSL_VERSION_NUMBER < 0x10100000L + if (state == SSL3_ST_SR_CLNT_HELLO_A || state == SSL23_ST_SR_CLNT_HELLO_A +#else + if (state == TLS_ST_SR_CLNT_HELLO #endif ) { con->reneg_state = RENEG_ABORT; --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org