You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <ma...@hp.com> on 2002/10/22 20:04:35 UTC

[PATCH]Question - regarding modssl_PEM_read_bio_X509

I thought modssl_PEM_read_bio_X509 should cover the following cases for
OpenSSL API :
#if (SSL_LIBRARY_VERSION < 0x00904000)
#define modssl_PEM_read_bio_X509  SOME WAY
#else
#define modssl_PEM_read_bio_X509  OTHER WAY
#endif

The following patch does something similar, and also changes one other place
in ssl_util_ssl.c where PEM_read_bio_X509 was still being used.

-Madhu



Index: ssl_toolkit_compat.h
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_toolkit_compat.h,v
retrieving revision 1.25
diff -u -r1.25 ssl_toolkit_compat.h
--- ssl_toolkit_compat.h        21 Aug 2002 19:12:46 -0000      1.25
+++ ssl_toolkit_compat.h        22 Oct 2002 18:01:44 -0000
@@ -97,7 +97,11 @@
 
 #define modssl_X509_verify_cert X509_verify_cert
 
-#define modssl_PEM_read_bio_X509 PEM_read_bio_X509
+#if (SSL_LIBRARY_VERSION < 0x00904000)
+#define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb)
+#else
+#define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb,
arg)
+#endif

Index: ssl_util_ssl.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_util_ssl.c,v
retrieving revision 1.21
diff -u -r1.21 ssl_util_ssl.c
--- ssl_util_ssl.c      15 Sep 2002 00:00:48 -0000      1.21
+++ ssl_util_ssl.c      22 Oct 2002 17:59:00 -0000
@@ -519,11 +519,7 @@
     }
     /* create new extra chain by loading the certs */
     n = 0;
-#if SSL_LIBRARY_VERSION < 0x00904000
-    while ((x509 = PEM_read_bio_X509(bio, NULL, cb)) != NULL) {
-#else
-    while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
-#endif
+    while ((x509 = modssl_PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL)
{
         if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) { 
             X509_free(x509);
             BIO_free(bio);

Re: [PATCH]Question - regarding modssl_PEM_read_bio_X509

Posted by Jeff Trawick <tr...@attglobal.net>.

"MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <ma...@hp.com> writes:

> -#define modssl_PEM_read_bio_X509 PEM_read_bio_X509
> +#if (SSL_LIBRARY_VERSION < 0x00904000)
> +#define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb)
> +#else
> +#define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb,
> arg)
> +#endif

I had to change the patch to look at OPENSSL_VERSION_NUMBER instead of
SSL_LIBRARY_VERSION...

this section of ssl_toolkit_compat.h has the former defined but not
the latter...  mod_ssl wouldn't compile for me without this change...

> 
> The following patch does something similar, and also changes one other place
> in ssl_util_ssl.c where PEM_read_bio_X509 was still being used.

fyi... your patch wouldn't apply because of some wrapped lines...
e-mail client setting on line wrap incorrect?  

patch committed!

-- 
Jeff Trawick | trawick@attglobal.net
Born in Roswell... married an alien...