This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
commit cb85cac2ca45ca7635aef273aae32e776b8d748b Author: Mark Thomas <[email protected]> AuthorDate: Wed Dec 17 17:52:26 2025 +0000 Remove deprecated references to Engine configuration --- native/include/ssl_private.h | 7 ----- native/src/ssl.c | 63 -------------------------------------------- native/src/sslcontext.c | 8 +----- 3 files changed, 1 insertion(+), 77 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index 57be74bff..84647f560 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -49,13 +49,6 @@ #ifndef LIBRESSL_VERSION_NUMBER #include <openssl/provider.h> #endif -/* Avoid tripping over an engine build installed globally and detected - * when the user points at an explicit non-engine flavor of OpenSSL - */ -#ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> -extern ENGINE *tcn_ssl_engine; -#endif #ifndef RAND_MAX #include <limits.h> diff --git a/native/src/ssl.c b/native/src/ssl.c index aabd6c8a6..19610d245 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -26,7 +26,6 @@ static int ssl_initialized = 0; static char *ssl_global_rand_file = NULL; extern apr_pool_t *tcn_global_pool; -ENGINE *tcn_ssl_engine = NULL; tcn_pass_cb_t tcn_password_callback; static BIO *key_log_file = NULL; @@ -78,14 +77,6 @@ static apr_status_t ssl_init_cleanup(void *data) free_bio_methods(); -#ifndef OPENSSL_NO_ENGINE - if (tcn_ssl_engine != NULL) { - /* Release the SSL Engine structural reference */ - ENGINE_free(tcn_ssl_engine); - tcn_ssl_engine = NULL; - } -#endif - /* Openssl v1.1+ handles all termination automatically. */ if (key_log_file) { @@ -105,22 +96,6 @@ static apr_status_t ssl_init_cleanup(void *data) return APR_SUCCESS; } -#ifndef OPENSSL_NO_ENGINE -/* Try to load an engine in a shareable library */ -static ENGINE *ssl_try_load_engine(const char *engine) -{ - ENGINE *e = ENGINE_by_id("dynamic"); - if (e) { - if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0) - || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) { - ENGINE_free(e); - e = NULL; - } - } - return e; -} -#endif - /* * To ensure thread-safetyness in LibreSSL */ @@ -205,9 +180,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) { jclass clazz; jclass sClazz; -#if !defined(OPENSSL_NO_ENGINE) - apr_status_t err = APR_SUCCESS; -#endif TCN_ALLOC_CSTRING(engine); @@ -222,41 +194,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) TCN_FREE_CSTRING(engine); return (jint)APR_SUCCESS; } - /* Openssl v1.1+ handles all initialisation automatically, apart - * from hints as to how we want to use the library. - * - * We tell openssl we want to include engine support. - */ - OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); - -#ifndef OPENSSL_NO_ENGINE - if (J2S(engine)) { - ENGINE *ee = NULL; - if(strcmp(J2S(engine), "auto") == 0) { - ENGINE_register_all_complete(); - } - else { - if ((ee = ENGINE_by_id(J2S(engine))) == NULL - && (ee = ssl_try_load_engine(J2S(engine))) == NULL) - err = APR_ENOTIMPL; - else { -#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK - if (strcmp(J2S(engine), "chil") == 0) - ENGINE_ctrl(ee, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); -#endif - if (!ENGINE_set_default(ee, ENGINE_METHOD_ALL)) - err = APR_ENOTIMPL; - } - } - if (err != APR_SUCCESS) { - TCN_FREE_CSTRING(engine); - ssl_init_cleanup(NULL); - tcn_ThrowAPRException(e, err); - return (jint)err; - } - tcn_ssl_engine = ee; - } -#endif memset(&tcn_password_callback, 0, sizeof(tcn_pass_cb_t)); /* Initialize PRNG diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c index 1c5d201db..a81f467da 100644 --- a/native/src/sslcontext.c +++ b/native/src/sslcontext.c @@ -961,13 +961,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext, setCertificate)(TCN_STDARGS, jlong ctx, } } else { - if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL -#ifndef OPENSSL_NO_ENGINE - && (tcn_ssl_engine == NULL || - (c->keys[idx] = ENGINE_load_private_key(tcn_ssl_engine, key_file, - NULL, NULL)) == NULL) -#endif - ) { + if ((c->keys[idx] = load_pem_key(c, key_file)) == NULL) { ERR_error_string_n(SSL_ERR_get(), err, TCN_OPENSSL_ERROR_STRING_LENGTH); tcn_Throw(e, "Unable to load certificate key %s (%s)", key_file, err); --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
