You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by jp...@apache.org on 2012/03/14 04:54:21 UTC
git commit: TS-462: Conditional build support for missing openssl/ts.h
Updated Branches:
refs/heads/master 738ccb605 -> 75c6dd83c
TS-462: Conditional build support for missing openssl/ts.h
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/75c6dd83
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/75c6dd83
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/75c6dd83
Branch: refs/heads/master
Commit: 75c6dd83c22cfdb04090db123a61c3e32d00b787
Parents: 738ccb6
Author: James Peach <jp...@apache.org>
Authored: Tue Mar 13 20:54:10 2012 -0700
Committer: James Peach <jp...@apache.org>
Committed: Tue Mar 13 20:54:10 2012 -0700
----------------------------------------------------------------------
build/crypto.m4 | 2 +-
iocore/net/SSLCertLookup.cc | 9 +++++++--
2 files changed, 8 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/75c6dd83/build/crypto.m4
----------------------------------------------------------------------
diff --git a/build/crypto.m4 b/build/crypto.m4
index 3cee32f..7602d5b 100644
--- a/build/crypto.m4
+++ b/build/crypto.m4
@@ -130,7 +130,7 @@ AC_DEFUN([TS_CHECK_CRYPTO_SNI], [
enable_tls_sni=yes
TS_ADDTO(LIBS, [$LIBSSL])
- AC_CHECK_HEADERS(openssl/tls1.h openssl/ssl.h)
+ AC_CHECK_HEADERS(openssl/tls1.h openssl/ssl.h openssl/ts.h)
# We are looking for SSL_CTX_set_tlsext_servername_callback, but it's a
# macro, so AC_CHECK_FUNCS is not going to do the business.
AC_MSG_CHECKING([for SSL_CTX_set_tlsext_servername_callback])
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/75c6dd83/iocore/net/SSLCertLookup.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLCertLookup.cc b/iocore/net/SSLCertLookup.cc
index 42f6681..5d4a3ff 100644
--- a/iocore/net/SSLCertLookup.cc
+++ b/iocore/net/SSLCertLookup.cc
@@ -31,7 +31,10 @@
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
+
+#if HAVE_OPENSSL_TS_H
#include <openssl/ts.h>
+#endif
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) // openssl returns a const SSL_METHOD
typedef const SSL_METHOD * ink_ssl_method_t;
@@ -326,7 +329,6 @@ asn1_strdup(ASN1_STRING * s)
static void
insert_ssl_certificate(InkHashTable * htable, SSL_CTX * ctx, const char * certfile)
{
- GENERAL_NAMES * names = NULL;
X509_NAME * subject = NULL;
ats_file_bio bio(certfile, "r");
@@ -352,8 +354,9 @@ insert_ssl_certificate(InkHashTable * htable, SSL_CTX * ctx, const char * certfi
}
}
+#if HAVE_OPENSSL_TS_H
// Traverse the subjectAltNames (if any) and insert additional keys for the SSL context.
- names = (GENERAL_NAMES *)X509_get_ext_d2i(certificate.x509, NID_subject_alt_name, NULL, NULL);
+ GENERAL_NAMES * names = (GENERAL_NAMES *)X509_get_ext_d2i(certificate.x509, NID_subject_alt_name, NULL, NULL);
if (names) {
unsigned count = sk_GENERAL_NAME_num(names);
for (unsigned i = 0; i < count; ++i) {
@@ -373,4 +376,6 @@ insert_ssl_certificate(InkHashTable * htable, SSL_CTX * ctx, const char * certfi
GENERAL_NAMES_free(names);
}
+#endif // HAVE_OPENSSL_TS_H
+
}