You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by sc...@apache.org on 2009/11/03 19:19:33 UTC

svn commit: r832496 - in /httpd/httpd/trunk/modules/ssl: ssl_toolkit_compat.h ssl_util_stapling.c

Author: sctemme
Date: Tue Nov  3 18:19:33 2009
New Revision: 832496

URL: http://svn.apache.org/viewvc?rev=832496&view=rev
Log:
We now check for OCSP support in configure, so we can lose an OpenSSL version
number check.  Use a type safe STACK.

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h
    httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h?rev=832496&r1=832495&r2=832496&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h Tue Nov  3 18:19:33 2009
@@ -39,8 +39,7 @@
 #include <openssl/rand.h>
 #include <openssl/x509v3.h>
 
-#if OPENSSL_VERSION_NUMBER >= 0x00907000
-#define HAVE_OCSP
+#ifdef HAVE_OCSP
 #include <openssl/x509_vfy.h>
 #include <openssl/ocsp.h>
 #endif

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c?rev=832496&r1=832495&r2=832496&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c Tue Nov  3 18:19:33 2009
@@ -107,7 +107,7 @@
 {
     certinfo *cinf;
     X509 *issuer = NULL;
-    STACK *aia = NULL;
+    STACK_OF(STRING) *aia = NULL;
 
     if (x == NULL)
         return 0;
@@ -143,7 +143,7 @@
 
     aia = X509_get1_ocsp(x);
     if (aia)
-        cinf->uri = sk_pop(aia);
+        cinf->uri = sk_STRING_pop(aia);
     if (!cinf->uri && !mctx->stapling_force_url) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                      "ssl_stapling_init_cert: no responder URL");

Re: svn commit: r832496 - in /httpd/httpd/trunk/modules/ssl: ssl_toolkit_compat.h ssl_util_stapling.c

Posted by Ruediger Pluem <rp...@apache.org>.


On 11/03/2009 07:19 PM, sctemme@apache.org wrote:
> Author: sctemme
> Date: Tue Nov  3 18:19:33 2009
> New Revision: 832496
> 
> URL: http://svn.apache.org/viewvc?rev=832496&view=rev
> Log:
> We now check for OCSP support in configure, so we can lose an OpenSSL version
> number check.  Use a type safe STACK.
> 
> Modified:
>     httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h
>     httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c
> 
> Modified: httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h?rev=832496&r1=832495&r2=832496&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h Tue Nov  3 18:19:33 2009
> @@ -39,8 +39,7 @@
>  #include <openssl/rand.h>
>  #include <openssl/x509v3.h>
>  
> -#if OPENSSL_VERSION_NUMBER >= 0x00907000
> -#define HAVE_OCSP
> +#ifdef HAVE_OCSP
>  #include <openssl/x509_vfy.h>
>  #include <openssl/ocsp.h>
>  #endif

I guess this brings back some problems on Windows and Netware:

See threads starting at

http://mail-archives.apache.org/mod_mbox/httpd-dev/200910.mbox/%3c4AE6579F.1040203@apache.org%3e

and

http://mail-archives.apache.org/mod_mbox/httpd-dev/200911.mbox/%3c4AEF4250.3080005@apache.org%3e

But I guess Guenther can explain this better.

Regards

Rüdiger

Re: svn commit: r832496 - in /httpd/httpd/trunk/modules/ssl: ssl_toolkit_compat.h ssl_util_stapling.c

Posted by Guenter Knauf <fu...@apache.org>.

Hi,
Guenter Knauf schrieb:
> then please lets do:
> 
> #ifndef HAVE_OCSP
> #if OPENSSL_VERSION_NUMBER >= 0x00907000
> #define HAVE_OCSP
> #include <openssl/x509_vfy.h>
> #include <openssl/ocsp.h>
> #endif
> #endif
whoups, meant:

#ifndef HAVE_OCSP
#if OPENSSL_VERSION_NUMBER >= 0x00907000
#define HAVE_OCSP
#endif
#endif
#ifdef HAVE_OCSP
#include <openssl/x509_vfy.h>
#include <openssl/ocsp.h>
#endif

Gün.

Re: svn commit: r832496 - in /httpd/httpd/trunk/modules/ssl: ssl_toolkit_compat.h ssl_util_stapling.c

Posted by Guenter Knauf <fu...@apache.org>.

Hi Sander,
sctemme@apache.org schrieb:
> Author: sctemme
> Date: Tue Nov  3 18:19:33 2009
> New Revision: 832496
> 
> URL: http://svn.apache.org/viewvc?rev=832496&view=rev
> Log:
> We now check for OCSP support in configure, so we can lose an OpenSSL version
> number check.  Use a type safe STACK.
I was just discussing this with Ruediger, and I introduced the version
number check because this also works with non-configure platforms like
NetWare and Win32; it would be better to remove the configure check,
though we were unsure if something else might use HAVE_OCSP (though I
doubt); if we like to stay with the configure check for whatever reason
then please lets do:

#ifndef HAVE_OCSP
#if OPENSSL_VERSION_NUMBER >= 0x00907000
#define HAVE_OCSP
#include <openssl/x509_vfy.h>
#include <openssl/ocsp.h>
#endif
#endif

thanks, Gün.