You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2018/05/30 00:12:56 UTC
[trafficserver] branch master updated: Make ATS buildable with
BoringSSL again
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new e80389f Make ATS buildable with BoringSSL again
e80389f is described below
commit e80389f9e0120ced282d459f81e843c8f2fda71d
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Fri May 25 15:26:24 2018 +0900
Make ATS buildable with BoringSSL again
---
iocore/net/P_OCSPStapling.h | 5 +++++
iocore/net/SSLUtils.cc | 7 +++++++
lib/ts/HashMD5.cc | 6 ++++++
proxy/InkAPI.cc | 2 ++
4 files changed, 20 insertions(+)
diff --git a/iocore/net/P_OCSPStapling.h b/iocore/net/P_OCSPStapling.h
index 1078d8d..007cc91 100644
--- a/iocore/net/P_OCSPStapling.h
+++ b/iocore/net/P_OCSPStapling.h
@@ -23,8 +23,13 @@
#include <openssl/ssl.h>
+#ifdef OCSP_sendreq_new
#define HAVE_OPENSSL_OCSP_STAPLING 1
+#endif
+
+#ifdef HAVE_OPENSSL_OCSP_STAPLING
void ssl_stapling_ex_init();
bool ssl_stapling_init_cert(SSL_CTX *ctx, X509 *cert, const char *certname);
void ocsp_update();
int ssl_callback_ocsp_stapling(SSL *);
+#endif
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 7b240eb..54b56a0 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -888,7 +888,9 @@ void
SSLPostConfigInitialize()
{
if (SSLConfigParams::engine_conf_file) {
+#ifndef OPENSSL_IS_BORINGSSL
ENGINE_load_dynamic();
+#endif
OPENSSL_load_builtin_modules();
if (CONF_modules_load_file(SSLConfigParams::engine_conf_file, nullptr, 0) <= 0) {
@@ -1505,9 +1507,14 @@ ssl_callback_info(const SSL *ssl, int where, int ret)
#ifdef SSL3_ST_SR_CLNT_HELLO_A
if (state == SSL3_ST_SR_CLNT_HELLO_A) {
#else
+#ifdef SSL_ST_RENEGOTIATE
+ // This is for BoringSSL
+ if (state == SSL_ST_RENEGOTIATE) {
+#else
if (state == TLS_ST_SR_CLNT_HELLO) {
#endif
#endif
+#endif
netvc->setSSLClientRenegotiationAbort(true);
Debug("ssl", "ssl_callback_info trying to renegotiate from the client");
}
diff --git a/lib/ts/HashMD5.cc b/lib/ts/HashMD5.cc
index c8b0340..e1fd6ec 100644
--- a/lib/ts/HashMD5.cc
+++ b/lib/ts/HashMD5.cc
@@ -68,7 +68,13 @@ ATSHashMD5::size() const
void
ATSHashMD5::clear()
{
+#ifndef OPENSSL_IS_BORINGSSL
int ret = EVP_MD_CTX_reset(ctx);
+#else
+ // OpenSSL's EVP_MD_CTX_reset always returns 1
+ int ret = 1;
+ EVP_MD_CTX_reset(ctx);
+#endif
ink_assert(ret == 1);
ret = EVP_DigestInit_ex(ctx, EVP_md5(), nullptr);
ink_assert(ret == 1);
diff --git a/proxy/InkAPI.cc b/proxy/InkAPI.cc
index b1bf3fe..c971f88 100644
--- a/proxy/InkAPI.cc
+++ b/proxy/InkAPI.cc
@@ -9279,6 +9279,7 @@ TSSslServerContextCreate(TSSslX509 cert, const char *certname)
SSLConfigParams *config = SSLConfig::acquire();
if (config != nullptr) {
ret = reinterpret_cast<TSSslContext>(SSLCreateServerContext(config));
+#ifdef HAVE_OPENSSL_OCSP_STAPLING
if (ret && SSLConfigParams::ssl_ocsp_enabled && cert && certname) {
if (SSL_CTX_set_tlsext_status_cb(reinterpret_cast<SSL_CTX *>(ret), ssl_callback_ocsp_stapling)) {
if (!ssl_stapling_init_cert(reinterpret_cast<SSL_CTX *>(ret), reinterpret_cast<X509 *>(cert), certname)) {
@@ -9286,6 +9287,7 @@ TSSslServerContextCreate(TSSslX509 cert, const char *certname)
}
}
}
+#endif
SSLConfig::release(config);
}
return ret;
--
To stop receiving notification emails like this one, please contact
maskit@apache.org.