serf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From br...@apache.org
Subject svn commit: r1778787 - in /serf/branches/ocsp-verification: ./ SConstruct buckets/ssl_buckets.c
Date Sat, 14 Jan 2017 16:30:09 GMT
Author: brane
Date: Sat Jan 14 16:30:08 2017
New Revision: 1778787

URL: http://svn.apache.org/viewvc?rev=1778787&view=rev
Log:
On the ocsp-verification branch: sync with trunk up to r1778786.

Modified:
    serf/branches/ocsp-verification/   (props changed)
    serf/branches/ocsp-verification/SConstruct
    serf/branches/ocsp-verification/buckets/ssl_buckets.c

Propchange: serf/branches/ocsp-verification/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Jan 14 16:30:08 2017
@@ -3,4 +3,4 @@
 /serf/branches/get-remaining:1701859-1708111
 /serf/branches/multiple_ssl_impls:1699382
 /serf/branches/windows-sspi:1698866-1698877
-/serf/trunk:1771884-1774751
+/serf/trunk:1771884-1778786

Modified: serf/branches/ocsp-verification/SConstruct
URL: http://svn.apache.org/viewvc/serf/branches/ocsp-verification/SConstruct?rev=1778787&r1=1778786&r2=1778787&view=diff
==============================================================================
--- serf/branches/ocsp-verification/SConstruct (original)
+++ serf/branches/ocsp-verification/SConstruct Sat Jan 14 16:30:08 2017
@@ -415,6 +415,20 @@ else:
     env.Append(CPPPATH=['$OPENSSL/include'])
     env.Append(LIBPATH=['$OPENSSL/lib'])
 
+# Check for OpenSSL functions which are only available in some of
+# the versions we support. Also handles forks like LibreSSL.
+conf = Configure(env)
+if not conf.CheckFunc('BIO_set_init'):
+  env.Append(CPPDEFINES=['SERF_NO_SSL_BIO_WRAPPERS'])
+if not conf.CheckFunc('X509_STORE_get0_param'):
+  env.Append(CPPDEFINES=['SERF_NO_SSL_X509_STORE_WRAPPERS'])
+if conf.CheckFunc('CRYPTO_set_locking_callback'):
+  env.Append(CPPDEFINES=['SERF_HAVE_SSL_LOCKING_CALLBACKS'])
+if conf.CheckFunc('OPENSSL_malloc_init'):
+  env.Append(CPPDEFINES=['SERF_HAVE_OPENSSL_MALLOC_INIT'])
+if conf.CheckFunc('SSL_set_alpn_protos'):
+  env.Append(CPPDEFINES=['SERF_HAVE_OPENSSL_ALPN'])
+env = conf.Finish()
 
 # If build with gssapi, get its information and define SERF_HAVE_GSSAPI
 if gssapi and CALLOUT_OKAY:

Modified: serf/branches/ocsp-verification/buckets/ssl_buckets.c
URL: http://svn.apache.org/viewvc/serf/branches/ocsp-verification/buckets/ssl_buckets.c?rev=1778787&r1=1778786&r2=1778787&view=diff
==============================================================================
--- serf/branches/ocsp-verification/buckets/ssl_buckets.c (original)
+++ serf/branches/ocsp-verification/buckets/ssl_buckets.c Sat Jan 14 16:30:08 2017
@@ -49,9 +49,8 @@
 #define APR_ARRAY_PUSH(ary,type) (*((type *)apr_array_push(ary)))
 #endif
 
-#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
-#define USE_LEGACY_OPENSSL
-#define X509_STORE_get0_param(store) store->param
+#ifdef SERF_NO_SSL_X509_STORE_WRAPPERS
+#define X509_STORE_get0_param(store) ((store)->param)
 #endif
 
 
@@ -300,10 +299,12 @@ detect_renegotiate(const SSL *s, int whe
 #endif
 
     /* The server asked to renegotiate the SSL session. */
-#ifndef USE_LEGACY_OPENSSL
+#ifdef TLS_ST_SW_HELLO_REQ
     if (SSL_get_state(s) == TLS_ST_SW_HELLO_REQ) {
-#else
+#elif defined(SSL_ST_RENEGOTIATE)
     if (SSL_state(s) == SSL_ST_RENEGOTIATE) {
+#else
+#error "neither TLS_ST_SW_HELLO_REQ nor SSL_ST_RENEGOTIATE is available"
 #endif
         serf_ssl_context_t *ssl_ctx = SSL_get_app_data(s);
 
@@ -322,7 +323,7 @@ static void log_ssl_error(serf_ssl_conte
 
 static void bio_set_data(BIO *bio, void *data)
 {
-#ifndef USE_LEGACY_OPENSSL
+#ifndef SERF_NO_SSL_BIO_WRAPPERS
     BIO_set_data(bio, data);
 #else
     bio->ptr = data;
@@ -331,7 +332,7 @@ static void bio_set_data(BIO *bio, void
 
 static void *bio_get_data(BIO *bio)
 {
-#ifndef USE_LEGACY_OPENSSL
+#ifndef SERF_NO_SSL_BIO_WRAPPERS
     return BIO_get_data(bio);
 #else
     return bio->ptr;
@@ -463,7 +464,7 @@ static int bio_file_gets(BIO *bio, char
 
 static int bio_bucket_create(BIO *bio)
 {
-#ifndef USE_LEGACY_OPENSSL
+#ifndef SERF_NO_SSL_BIO_WRAPPERS
     BIO_set_shutdown(bio, 1);
     BIO_set_init(bio, 1);
     BIO_set_data(bio, NULL);
@@ -506,7 +507,7 @@ static long bio_bucket_ctrl(BIO *bio, in
     return ret;
 }
 
-#ifdef USE_LEGACY_OPENSSL
+#ifdef SERF_NO_SSL_BIO_WRAPPERS
 static BIO_METHOD bio_bucket_method = {
     BIO_TYPE_MEM,
     "Serf SSL encryption and decryption buckets",
@@ -542,7 +543,7 @@ static BIO_METHOD *bio_meth_bucket_new(v
 {
     BIO_METHOD *biom = NULL;
 
-#ifndef USE_LEGACY_OPENSSL
+#ifndef SERF_NO_SSL_BIO_WRAPPERS
     biom = BIO_meth_new(BIO_TYPE_MEM,
                         "Serf SSL encryption and decryption buckets");
     if (biom) {
@@ -563,7 +564,7 @@ static BIO_METHOD *bio_meth_file_new(voi
 {
     BIO_METHOD *biom = NULL;
 
-#ifndef USE_LEGACY_OPENSSL
+#ifndef SERF_NO_SSL_BIO_WRAPPERS
     biom = BIO_meth_new(BIO_TYPE_FILE, "Wrapper around APR file structures");
     if (biom) {
         BIO_meth_set_write(biom, bio_file_write);
@@ -582,7 +583,7 @@ static BIO_METHOD *bio_meth_file_new(voi
 
 static void bio_meth_free(BIO_METHOD *biom)
 {
-#ifndef USE_LEGACY_OPENSSL
+#ifndef SERF_NO_SSL_BIO_WRAPPERS
     BIO_meth_free(biom);
 #endif
 }
@@ -1153,11 +1154,13 @@ static apr_status_t ssl_decrypt(void *ba
         /* Once we got through the initial handshake, we should have received
            the ALPN information if there is such information. */
         ctx->handshake_finished = SSL_is_init_finished(ctx->ssl)
-#ifndef USE_LEGACY_OPENSSL
+#ifdef TLS_ST_OK
                                   || (SSL_get_state(ctx->ssl) == TLS_ST_OK);
-#else
+#elif defined(SSL_CB_HANDSHAKE_DONE)
                                   || (SSL_state(ctx->ssl)
                                       & SSL_CB_HANDSHAKE_DONE);
+#else
+#error "neither TLS_ST_OK nor SSL_CB_HANDSHAKE_DONE is available"
 #endif
 
         /* Call the protocol callback as soon as possible as this triggers
@@ -1355,7 +1358,7 @@ static apr_status_t ssl_encrypt(void *ba
     return status;
 }
 
-#if APR_HAS_THREADS && defined(USE_LEGACY_OPENSSL)
+#if APR_HAS_THREADS && defined(SERF_HAVE_SSL_LOCKING_CALLBACKS)
 static apr_pool_t *ssl_pool;
 static apr_thread_mutex_t **ssl_locks;
 
@@ -1442,7 +1445,7 @@ static void init_ssl_libraries(void)
     val = apr_atomic_cas32(&have_init_ssl, INIT_BUSY, INIT_UNINITIALIZED);
 
     if (!val) {
-#if APR_HAS_THREADS && defined(USE_LEGACY_OPENSSL)
+#if APR_HAS_THREADS && defined(SERF_HAVE_SSL_LOCKING_CALLBACKS)
         int i, numlocks;
 #endif
 
@@ -1459,7 +1462,7 @@ static void init_ssl_libraries(void)
         }
 #endif
 
-#ifndef USE_LEGACY_OPENSSL
+#ifdef SERF_HAVE_OPENSSL_MALLOC_INIT
         OPENSSL_malloc_init();
 #else
         CRYPTO_malloc_init();
@@ -1469,7 +1472,7 @@ static void init_ssl_libraries(void)
         SSL_library_init();
         OpenSSL_add_all_algorithms();
 
-#if APR_HAS_THREADS && defined(USE_LEGACY_OPENSSL)
+#if APR_HAS_THREADS && defined(SERF_HAVE_SSL_LOCKING_CALLBACKS)
         numlocks = CRYPTO_num_locks();
         apr_pool_create(&ssl_pool, NULL);
         ssl_locks = apr_palloc(ssl_pool, sizeof(apr_thread_mutex_t*)*numlocks);
@@ -1904,7 +1907,7 @@ apr_status_t serf_ssl_negotiate_protocol
     memcpy(at, protocols, len);
     at += len;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L /* >= 1.0.2 */
+#ifdef SERF_HAVE_OPENSSL_ALPN
     if (SSL_set_alpn_protos(context->ssl, raw_header, raw_len)) {
         ERR_clear_error();
     }
@@ -1929,7 +1932,7 @@ apr_status_t serf_ssl_negotiate_protocol
 static const char *ssl_get_selected_protocol(serf_ssl_context_t *context)
 {
     if (! context->selected_protocol) {
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L /* >= 1.0.2 */
+#ifdef SERF_HAVE_OPENSSL_ALPN
         const unsigned char *data = NULL;
         unsigned len = 0;
 



Mime
View raw message