You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sc...@apache.org on 2009/02/27 06:16:19 UTC
svn commit: r748396 - in /httpd/httpd/trunk: modules/ssl/ssl_engine_init.c
modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_vars.c
modules/ssl/ssl_util_ssl.c support/ab.c
Author: sctemme
Date: Fri Feb 27 05:16:18 2009
New Revision: 748396
URL: http://svn.apache.org/viewvc?rev=748396&view=rev
Log:
The development trunk of OpenSSL has tightened up the type safety of the STACK construct
and the functions that manipulate it. Make httpd trunk compile against OpenSSL HEAD
as well as OpenSSL 0.9.8j. Also, get rid of some warnings.
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
httpd/httpd/trunk/support/ab.c
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=748396&r1=748395&r2=748396&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Fri Feb 27 05:16:18 2009
@@ -576,7 +576,7 @@
ssl_die();
}
- SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list);
+ SSL_CTX_set_client_CA_list(ctx, (STACK_OF(X509_NAME) *)ca_list);
}
/*
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=748396&r1=748395&r2=748396&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Fri Feb 27 05:16:18 2009
@@ -250,7 +250,7 @@
X509_STORE *cert_store = NULL;
X509_STORE_CTX cert_store_ctx;
STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
- SSL_CIPHER *cipher = NULL;
+ const SSL_CIPHER *cipher = NULL;
int depth, verify_old, verify, n;
if (ssl) {
@@ -657,7 +657,7 @@
* sk_X509_shift-ed the peer cert out of the chain.
* we put it back here for the purpose of quick_renegotiation.
*/
- cert_stack = sk_new_null();
+ cert_stack = sk_X509_new_null();
sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
}
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c?rev=748396&r1=748395&r2=748396&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c Fri Feb 27 05:16:18 2009
@@ -632,7 +632,7 @@
ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
if (ssl && strEQ(var, "")) {
- SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
+ const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
result = (cipher != NULL ? (char *)SSL_CIPHER_get_name(cipher) : NULL);
}
else if (strcEQ(var, "_EXPORT"))
@@ -653,7 +653,7 @@
static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize)
{
- SSL_CIPHER *cipher;
+ const SSL_CIPHER *cipher;
*usekeysize = 0;
*algkeysize = 0;
Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c?rev=748396&r1=748395&r2=748396&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Fri Feb 27 05:16:18 2009
@@ -294,7 +294,7 @@
#ifdef HAVE_SSL_X509V3_EXT_d2i
X509_EXTENSION *ext;
int ext_nid;
- STACK *sk;
+ EXTENDED_KEY_USAGE *sk;
BOOL is_sgc;
int idx;
int i;
@@ -303,9 +303,9 @@
idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1);
if (idx >= 0) {
ext = X509_get_ext(cert, idx);
- if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) {
- for (i = 0; i < sk_num(sk); i++) {
- ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_value(sk, i));
+ if ((sk = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i(ext)) != NULL) {
+ for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
+ ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_ASN1_OBJECT_value(sk, i));
if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
is_sgc = TRUE;
break;
@@ -467,7 +467,7 @@
X509 *x509;
unsigned long err;
int n;
- STACK *extra_certs;
+ STACK_OF(X509) *extra_certs;
if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
return -1;
Modified: httpd/httpd/trunk/support/ab.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/ab.c?rev=748396&r1=748395&r2=748396&view=diff
==============================================================================
--- httpd/httpd/trunk/support/ab.c (original)
+++ httpd/httpd/trunk/support/ab.c Fri Feb 27 05:16:18 2009
@@ -480,7 +480,7 @@
static int ssl_print_connection_info(BIO *bio, SSL *ssl)
{
- SSL_CIPHER *c;
+ const SSL_CIPHER *c;
int alg_bits,bits;
c = SSL_get_current_cipher(ssl);
@@ -566,7 +566,7 @@
if (verbosity >= 2)
ssl_print_info(c);
if (ssl_info == NULL) {
- SSL_CIPHER *ci;
+ const SSL_CIPHER *ci;
X509 *cert;
int sk_bits, pk_bits, swork;
@@ -1979,7 +1979,7 @@
const char *optarg;
char c;
#ifdef USE_SSL
- SSL_METHOD *meth = SSLv23_client_method();
+ const SSL_METHOD *meth = SSLv23_client_method();
#endif
/* table defaults */
Re: svn commit: r748396 - in /httpd/httpd/trunk: modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_util_ssl.c support/ab.c
Posted by Sander Temme <sc...@apache.org>.
On Mar 3, 2009, at 11:55 AM, Ruediger Pluem wrote:
>> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c?rev=748396&r1=748395&r2=748396&view=diff
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =
>> =====================================================================
>> --- httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c (original)
>> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c Fri Feb 27
>> 05:16:18 2009
>
>> @@ -653,7 +653,7 @@
>>
>> static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int
>> *usekeysize, int *algkeysize)
>> {
>> - SSL_CIPHER *cipher;
>> + const SSL_CIPHER *cipher;
>>
>> *usekeysize = 0;
>> *algkeysize = 0;
>>
>
> This causes
>
> ssl_engine_vars.c: In function `ssl_var_lookup_ssl_cipher_bits':
> ssl_engine_vars.c:662: warning: passing arg 1 of
> `SSL_CIPHER_get_bits' discards qualifiers from pointer target type
Huh. Didn't see that one. I tested with system OpenSSL on my Mac
(which professes to be 0.9.7l of 28 Sep 2006), 0.9.8j and a HEAD
snapshot from a couple of weeks ago.
> on RedHat AS 4 with RedHat provided OpenSSL 0.9.7a. No issue with
> SuSE distro provided OpenSSL 0.9.8d.
Yes. Similar to the ab.c case, this was constified in the function
definition. However, this time it happened somewhere between 0.9.7a
(+ RH patches) and 0.9.7l (as supplied by Apple), and has always been
the case in 0.9.8 and HEAD.
Annoying.
S.
--
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: svn commit: r748396 - in /httpd/httpd/trunk: modules/ssl/ssl_engine_init.c
modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_util_ssl.c
support/ab.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 02/27/2009 06:16 AM, sctemme@apache.org wrote:
> Author: sctemme
> Date: Fri Feb 27 05:16:18 2009
> New Revision: 748396
>
> URL: http://svn.apache.org/viewvc?rev=748396&view=rev
> Log:
> The development trunk of OpenSSL has tightened up the type safety of the STACK construct
> and the functions that manipulate it. Make httpd trunk compile against OpenSSL HEAD
> as well as OpenSSL 0.9.8j. Also, get rid of some warnings.
>
> Modified:
> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
> httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
> httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
> httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
> httpd/httpd/trunk/support/ab.c
>
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c?rev=748396&r1=748395&r2=748396&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c Fri Feb 27 05:16:18 2009
> @@ -653,7 +653,7 @@
>
> static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize)
> {
> - SSL_CIPHER *cipher;
> + const SSL_CIPHER *cipher;
>
> *usekeysize = 0;
> *algkeysize = 0;
>
This causes
ssl_engine_vars.c: In function `ssl_var_lookup_ssl_cipher_bits':
ssl_engine_vars.c:662: warning: passing arg 1 of `SSL_CIPHER_get_bits' discards qualifiers from pointer target type
on RedHat AS 4 with RedHat provided OpenSSL 0.9.7a. No issue with SuSE distro provided OpenSSL 0.9.8d.
Regards
RĂ¼diger
Re: svn commit: r748396 - in /httpd/httpd/trunk: modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_util_ssl.c support/ab.c
Posted by Sander Temme <sc...@apache.org>.
On Feb 28, 2009, at 2:15 AM, Kaspar Brand wrote:
> Ruediger Pluem wrote:
>>
>> On 02/27/2009 06:16 AM, sctemme@apache.org wrote:
>>> Author: sctemme
>>> Date: Fri Feb 27 05:16:18 2009
>>> New Revision: 748396
>>>
>>> URL: http://svn.apache.org/viewvc?rev=748396&view=rev
>>> Log:
>>> The development trunk of OpenSSL has tightened up the type safety
>>> of the STACK construct
>>> and the functions that manipulate it. Make httpd trunk compile
>>> against OpenSSL HEAD
>>> as well as OpenSSL 0.9.8j. Also, get rid of some warnings.
>
> I filed a bug (+ patch) about this in August last year:
>
> https://issues.apache.org/bugzilla/show_bug.cgi?id=45521
>
> ... and find it rather irritating that the required modifications now
> appear to have been redone from scratch (not that I'm particularly
> keen
> on getting my specific code into the tree, but two persons doing the
> same within a few months is pretty needless).
Oops, yes that was largely double work. If anyting that should teach
me to search Bugzilla before I start hacking. In my defense, I was in
a spot without connectivity when I did my patch.
You did get one part I didn't, the x509 name comparison callback:
-static int ssl_init_FindCAList_X509NameCmp(X509_NAME **a, X509_NAME
**b)
+static int ssl_init_FindCAList_X509NameCmp(const X509_NAME * const *a,
+ const X509_NAME * const *b)
I just couldn't wrap my head around that there and then. I'll pull
that in, with attribution of course.
>> Hm. Now I get the following warning with openssl-0.9.8d:
>>
>> ab.c: In function 'main':
>> ab.c:2230: warning: passing argument 1 of 'SSL_CTX_new' discards
>> qualifiers from pointer target type
Meh. Investigating.
> It seems to me that the changes which constify SSL_CIPHER and
> SSL_METHOD
> are not really related to the modifications for additional STACK type
> safety, or am I missing something?
Correct, it's the "also" part.
S.
--
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: svn commit: r748396 - in /httpd/httpd/trunk: modules/ssl/ssl_engine_init.c
modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_util_ssl.c
support/ab.c
Posted by Kaspar Brand <ht...@velox.ch>.
Ruediger Pluem wrote:
>
> On 02/27/2009 06:16 AM, sctemme@apache.org wrote:
>> Author: sctemme
>> Date: Fri Feb 27 05:16:18 2009
>> New Revision: 748396
>>
>> URL: http://svn.apache.org/viewvc?rev=748396&view=rev
>> Log:
>> The development trunk of OpenSSL has tightened up the type safety of the STACK construct
>> and the functions that manipulate it. Make httpd trunk compile against OpenSSL HEAD
>> as well as OpenSSL 0.9.8j. Also, get rid of some warnings.
I filed a bug (+ patch) about this in August last year:
https://issues.apache.org/bugzilla/show_bug.cgi?id=45521
... and find it rather irritating that the required modifications now
appear to have been redone from scratch (not that I'm particularly keen
on getting my specific code into the tree, but two persons doing the
same within a few months is pretty needless).
> Hm. Now I get the following warning with openssl-0.9.8d:
>
> ab.c: In function 'main':
> ab.c:2230: warning: passing argument 1 of 'SSL_CTX_new' discards qualifiers from pointer target type
It seems to me that the changes which constify SSL_CIPHER and SSL_METHOD
are not really related to the modifications for additional STACK type
safety, or am I missing something?
Kaspar
Re: svn commit: r748396 - in /httpd/httpd/trunk: modules/ssl/ssl_engine_init.c
modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_util_ssl.c
support/ab.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 02/27/2009 06:16 AM, sctemme@apache.org wrote:
> Author: sctemme
> Date: Fri Feb 27 05:16:18 2009
> New Revision: 748396
>
> URL: http://svn.apache.org/viewvc?rev=748396&view=rev
> Log:
> The development trunk of OpenSSL has tightened up the type safety of the STACK construct
> and the functions that manipulate it. Make httpd trunk compile against OpenSSL HEAD
> as well as OpenSSL 0.9.8j. Also, get rid of some warnings.
>
> Modified:
> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
> httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
> httpd/httpd/trunk/modules/ssl/ssl_engine_vars.c
> httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
> httpd/httpd/trunk/support/ab.c
>
> Modified: httpd/httpd/trunk/support/ab.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/ab.c?rev=748396&r1=748395&r2=748396&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/support/ab.c (original)
> +++ httpd/httpd/trunk/support/ab.c Fri Feb 27 05:16:18 2009
> @@ -1979,7 +1979,7 @@
> const char *optarg;
> char c;
> #ifdef USE_SSL
> - SSL_METHOD *meth = SSLv23_client_method();
> + const SSL_METHOD *meth = SSLv23_client_method();
> #endif
Hm. Now I get the following warning with openssl-0.9.8d:
ab.c: In function 'main':
ab.c:2230: warning: passing argument 1 of 'SSL_CTX_new' discards qualifiers from pointer target type
Regards
RĂ¼diger