You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by rj...@apache.org on 2016/03/04 20:31:17 UTC
svn commit: r1733641 - in /tomcat/native/trunk: native/include/ssl_private.h
native/src/ssl.c native/src/sslcontext.c native/src/sslinfo.c
native/src/sslnetwork.c native/src/sslutils.c
xdocs/miscellaneous/changelog.xml
Author: rjung
Date: Fri Mar 4 19:31:17 2016
New Revision: 1733641
URL: http://svn.apache.org/viewvc?rev=1733641&view=rev
Log:
OpenSSL 1.1.0 compatibility updates.
There's one harder to fix incompatibility left in
native/src/sslcontext.c.
Modified:
tomcat/native/trunk/native/include/ssl_private.h
tomcat/native/trunk/native/src/ssl.c
tomcat/native/trunk/native/src/sslcontext.c
tomcat/native/trunk/native/src/sslinfo.c
tomcat/native/trunk/native/src/sslnetwork.c
tomcat/native/trunk/native/src/sslutils.c
tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
Modified: tomcat/native/trunk/native/include/ssl_private.h
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/include/ssl_private.h?rev=1733641&r1=1733640&r2=1733641&view=diff
==============================================================================
--- tomcat/native/trunk/native/include/ssl_private.h (original)
+++ tomcat/native/trunk/native/include/ssl_private.h Fri Mar 4 19:31:17 2016
@@ -203,6 +203,18 @@
#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */
+/* OpenSSL 1.0.2 compatibility */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define TLS_method SSLv23_method
+#define TLS_client_method SSLv23_client_method
+#define TLS_server_method SSLv23_server_method
+#define OPENSSL_VERSION SSLEAY_VERSION
+#define OpenSSL_version SSLeay_version
+#define OPENSSL_malloc_init CRYPTO_malloc_init
+#define X509_REVOKED_get0_serialNumber(x) x->serialNumber
+#define OpenSSL_version_num SSLeay
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
#define MAX_ALPN_NPN_PROTO_SIZE 65535
#define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL 1
Modified: tomcat/native/trunk/native/src/ssl.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/ssl.c?rev=1733641&r1=1733640&r2=1733641&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/ssl.c (original)
+++ tomcat/native/trunk/native/src/ssl.c Fri Mar 4 19:31:17 2016
@@ -267,21 +267,13 @@ DH *SSL_get_dh_params(unsigned keylen)
TCN_IMPLEMENT_CALL(jint, SSL, version)(TCN_STDARGS)
{
UNREFERENCED_STDARGS;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- return OPENSSL_VERSION_NUMBER;
-#else
return OpenSSL_version_num();
-#endif
}
TCN_IMPLEMENT_CALL(jstring, SSL, versionString)(TCN_STDARGS)
{
UNREFERENCED(o);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- return AJP_TO_JSTRING(SSLeay_version(SSLEAY_VERSION));
-#else
return AJP_TO_JSTRING(OpenSSL_version(OPENSSL_VERSION));
-#endif
}
/*
@@ -318,11 +310,7 @@ static apr_status_t ssl_init_cleanup(voi
ENGINE_cleanup();
#endif
CRYPTO_cleanup_all_ex_data();
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED)
- ERR_remove_state(0);
-#else
ERR_remove_thread_state(NULL);
-#endif
/* Don't call ERR_free_strings here; ERR_load_*_strings only
* actually load the error strings once per process due to static
@@ -394,13 +382,16 @@ static unsigned long ssl_thread_id(void)
#endif
}
+static void ssl_set_thread_id(CRYPTO_THREADID *id)
+{
+ CRYPTO_THREADID_set_numeric(id, ssl_thread_id());
+}
+
static apr_status_t ssl_thread_cleanup(void *data)
{
UNREFERENCED(data);
CRYPTO_set_locking_callback(NULL);
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED)
- CRYPTO_set_id_callback(NULL);
-#endif
+ CRYPTO_THREADID_set_callback(NULL);
CRYPTO_set_dynlock_create_callback(NULL);
CRYPTO_set_dynlock_lock_callback(NULL);
CRYPTO_set_dynlock_destroy_callback(NULL);
@@ -501,9 +492,7 @@ static void ssl_thread_setup(apr_pool_t
APR_THREAD_MUTEX_DEFAULT, p);
}
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED)
- CRYPTO_set_id_callback(ssl_thread_id);
-#endif
+ CRYPTO_THREADID_set_callback(ssl_set_thread_id);
CRYPTO_set_locking_callback(ssl_thread_lock);
/* Set up dynamic locking scaffolding for OpenSSL to use at its
@@ -544,9 +533,11 @@ static int ssl_rand_load_file(const char
file = RAND_file_name(buffer, sizeof(buffer));
if (file) {
if (strncmp(file, "egd:", 4) == 0) {
+#ifndef OPENSSL_NO_EGD
if ((n = RAND_egd(file + 4)) > 0)
return n;
else
+#endif
return -1;
}
if ((n = RAND_load_file(file, -1)) > 0)
@@ -563,13 +554,17 @@ static int ssl_rand_load_file(const char
static int ssl_rand_save_file(const char *file)
{
char buffer[APR_PATH_MAX];
+#ifndef OPENSSL_NO_EGD
int n;
+#endif
if (file == NULL)
file = RAND_file_name(buffer, sizeof(buffer));
+#ifndef OPENSSL_NO_EGD
else if ((n = RAND_egd(file)) > 0) {
return 0;
}
+#endif
if (file == NULL || !RAND_write_file(file))
return 0;
else
@@ -669,11 +664,7 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize
/* We must register the library in full, to ensure our configuration
* code can successfully test the SSL environment.
*/
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- CRYPTO_malloc_init();
-#else
OPENSSL_malloc_init();
-#endif
ERR_load_crypto_strings();
SSL_load_error_strings();
SSL_library_init();
Modified: tomcat/native/trunk/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1733641&r1=1733640&r2=1733641&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslcontext.c (original)
+++ tomcat/native/trunk/native/src/sslcontext.c Fri Mar 4 19:31:17 2016
@@ -189,21 +189,12 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
/* requested but not supported */
#endif
} else {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- if (mode == SSL_MODE_CLIENT)
- ctx = SSL_CTX_new(SSLv23_client_method());
- else if (mode == SSL_MODE_SERVER)
- ctx = SSL_CTX_new(SSLv23_server_method());
- else
- ctx = SSL_CTX_new(SSLv23_method());
-#else
if (mode == SSL_MODE_CLIENT)
ctx = SSL_CTX_new(TLS_client_method());
else if (mode == SSL_MODE_SERVER)
ctx = SSL_CTX_new(TLS_server_method());
else
ctx = SSL_CTX_new(TLS_method());
-#endif
}
if (!ctx) {
@@ -1542,7 +1533,7 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set
* Adapted from Android:
* https://android.googlesource.com/platform/external/openssl/+/master/patches/0003-jsse.patch
*/
-const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher){
+static const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher){
switch (cipher->algorithm_mkey)
{
case SSL_kRSA:
Modified: tomcat/native/trunk/native/src/sslinfo.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslinfo.c?rev=1733641&r1=1733640&r2=1733641&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslinfo.c (original)
+++ tomcat/native/trunk/native/src/sslinfo.c Fri Mar 4 19:31:17 2016
@@ -393,22 +393,14 @@ TCN_IMPLEMENT_CALL(jstring, SSLSocket, g
}
break;
case SSL_INFO_CLIENT_A_SIG:
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- nid = OBJ_obj2nid((ASN1_OBJECT *)xs->cert_info->signature->algorithm);
-#else
nid = X509_get_signature_nid(xs);
-#endif
if (nid == NID_undef)
value = tcn_new_string(e, "UNKNOWN");
else
value = tcn_new_string(e, OBJ_nid2ln(nid));
break;
case SSL_INFO_CLIENT_A_KEY:
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- nid = OBJ_obj2nid((ASN1_OBJECT *)xs->cert_info->key->algor->algorithm);
-#else
nid = OBJ_obj2nid((ASN1_OBJECT *)(X509_get_X509_PUBKEY(xs)->algor->algorithm));
-#endif
if (nid == NID_undef)
value = tcn_new_string(e, "UNKNOWN");
else
@@ -450,22 +442,14 @@ TCN_IMPLEMENT_CALL(jstring, SSLSocket, g
}
break;
case SSL_INFO_SERVER_A_SIG:
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- nid = OBJ_obj2nid((ASN1_OBJECT *)xs->cert_info->signature->algorithm);
-#else
nid = X509_get_signature_nid(xs);
-#endif
if (nid == NID_undef)
value = tcn_new_string(e, "UNKNOWN");
else
value = tcn_new_string(e, OBJ_nid2ln(nid));
break;
case SSL_INFO_SERVER_A_KEY:
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- nid = OBJ_obj2nid((ASN1_OBJECT *)xs->cert_info->key->algor->algorithm);
-#else
nid = OBJ_obj2nid((ASN1_OBJECT *)(X509_get_X509_PUBKEY(xs)->algor->algorithm));
-#endif
if (nid == NID_undef)
value = tcn_new_string(e, "UNKNOWN");
else
Modified: tomcat/native/trunk/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslnetwork.c?rev=1733641&r1=1733640&r2=1733641&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslnetwork.c (original)
+++ tomcat/native/trunk/native/src/sslnetwork.c Fri Mar 4 19:31:17 2016
@@ -640,11 +640,7 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene
retVal = SSL_do_handshake(con->ssl);
if (retVal <= 0)
return APR_EGENERAL;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- if (SSL_get_state(con->ssl) != SSL_ST_OK) {
-#else
- if (SSL_get_state(con->ssl) != TLS_ST_OK) {
-#endif
+ if (!SSL_is_init_finished(con->ssl)) {
return APR_EGENERAL;
}
return APR_SUCCESS;
Modified: tomcat/native/trunk/native/src/sslutils.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslutils.c?rev=1733641&r1=1733640&r2=1733641&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslutils.c (original)
+++ tomcat/native/trunk/native/src/sslutils.c Fri Mar 4 19:31:17 2016
@@ -213,11 +213,7 @@ EC_GROUP *SSL_ec_GetParamFromFile(const
DH *SSL_callback_tmp_DH(SSL *ssl, int export, int keylen)
{
EVP_PKEY *pkey = SSL_get_privatekey(ssl);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- int type = pkey != NULL ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
-#else
int type = pkey != NULL ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
-#endif
/*
* OpenSSL will call us with either keylen == 512 or keylen == 1024
@@ -250,11 +246,7 @@ int SSL_CTX_use_certificate_chain(SSL_CT
unsigned long err;
int n;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
-#else
if ((bio = BIO_new(BIO_s_file())) == NULL)
-#endif
return -1;
if (BIO_read_filename(bio, file) <= 0) {
BIO_free(bio);
@@ -427,11 +419,7 @@ static int ssl_verify_CRL(int ok, X509_S
X509_REVOKED *revoked =
sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- ASN1_INTEGER *sn = revoked->serialNumber;
-#else
ASN1_INTEGER *sn = X509_REVOKED_get0_serialNumber(revoked);
-#endif
if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) {
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1733641&r1=1733640&r2=1733641&view=diff
==============================================================================
--- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Fri Mar 4 19:31:17 2016
@@ -36,6 +36,9 @@
</section>
<section name="Changes in 1.2.6">
<changelog>
+ <scode>
+ OpenSSL 1.1.0 compatibility updates. (rjung)
+ </scode>
<fix>
Fix some compiler warnings in native ssl code. (rjung)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org