You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by jp...@apache.org on 2012/03/14 04:54:21 UTC

git commit: TS-462: Conditional build support for missing openssl/ts.h

Updated Branches:
  refs/heads/master 738ccb605 -> 75c6dd83c


TS-462: Conditional build support for missing openssl/ts.h


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/75c6dd83
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/75c6dd83
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/75c6dd83

Branch: refs/heads/master
Commit: 75c6dd83c22cfdb04090db123a61c3e32d00b787
Parents: 738ccb6
Author: James Peach <jp...@apache.org>
Authored: Tue Mar 13 20:54:10 2012 -0700
Committer: James Peach <jp...@apache.org>
Committed: Tue Mar 13 20:54:10 2012 -0700

----------------------------------------------------------------------
 build/crypto.m4             |    2 +-
 iocore/net/SSLCertLookup.cc |    9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/75c6dd83/build/crypto.m4
----------------------------------------------------------------------
diff --git a/build/crypto.m4 b/build/crypto.m4
index 3cee32f..7602d5b 100644
--- a/build/crypto.m4
+++ b/build/crypto.m4
@@ -130,7 +130,7 @@ AC_DEFUN([TS_CHECK_CRYPTO_SNI], [
   enable_tls_sni=yes
 
   TS_ADDTO(LIBS, [$LIBSSL])
-  AC_CHECK_HEADERS(openssl/tls1.h openssl/ssl.h)
+  AC_CHECK_HEADERS(openssl/tls1.h openssl/ssl.h openssl/ts.h)
   # We are looking for SSL_CTX_set_tlsext_servername_callback, but it's a
   # macro, so AC_CHECK_FUNCS is not going to do the business.
   AC_MSG_CHECKING([for SSL_CTX_set_tlsext_servername_callback])

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/75c6dd83/iocore/net/SSLCertLookup.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLCertLookup.cc b/iocore/net/SSLCertLookup.cc
index 42f6681..5d4a3ff 100644
--- a/iocore/net/SSLCertLookup.cc
+++ b/iocore/net/SSLCertLookup.cc
@@ -31,7 +31,10 @@
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
+
+#if HAVE_OPENSSL_TS_H
 #include <openssl/ts.h>
+#endif
 
 #if (OPENSSL_VERSION_NUMBER >= 0x10000000L) // openssl returns a const SSL_METHOD
 typedef const SSL_METHOD * ink_ssl_method_t;
@@ -326,7 +329,6 @@ asn1_strdup(ASN1_STRING * s)
 static void
 insert_ssl_certificate(InkHashTable * htable, SSL_CTX * ctx, const char * certfile)
 {
-  GENERAL_NAMES * names = NULL;
   X509_NAME * subject = NULL;
 
   ats_file_bio bio(certfile, "r");
@@ -352,8 +354,9 @@ insert_ssl_certificate(InkHashTable * htable, SSL_CTX * ctx, const char * certfi
     }
   }
 
+#if HAVE_OPENSSL_TS_H
   // Traverse the subjectAltNames (if any) and insert additional keys for the SSL context.
-  names = (GENERAL_NAMES *)X509_get_ext_d2i(certificate.x509, NID_subject_alt_name, NULL, NULL);
+  GENERAL_NAMES * names = (GENERAL_NAMES *)X509_get_ext_d2i(certificate.x509, NID_subject_alt_name, NULL, NULL);
   if (names) {
     unsigned count = sk_GENERAL_NAME_num(names);
     for (unsigned i = 0; i < count; ++i) {
@@ -373,4 +376,6 @@ insert_ssl_certificate(InkHashTable * htable, SSL_CTX * ctx, const char * certfi
 
     GENERAL_NAMES_free(names);
   }
+#endif // HAVE_OPENSSL_TS_H
+
 }