You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2016/03/20 19:26:22 UTC
svn commit: r1735891 - /httpd/httpd/trunk/support/ab.c
Author: rjung
Date: Sun Mar 20 18:26:22 2016
New Revision: 1735891
URL: http://svn.apache.org/viewvc?rev=1735891&view=rev
Log:
Support for OpenSSL 1.1.0:
- ab: use new API SSL_CTX_set_max_proto_version()
and SSL_CTX_set_min_proto_version() in
combination with TLS_client_method() instead
of the old deprecated methods.
Modified:
httpd/httpd/trunk/support/ab.c
Modified: httpd/httpd/trunk/support/ab.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/ab.c?rev=1735891&r1=1735890&r2=1735891&view=diff
==============================================================================
--- httpd/httpd/trunk/support/ab.c (original)
+++ httpd/httpd/trunk/support/ab.c Sun Mar 20 18:26:22 2016
@@ -2161,6 +2161,14 @@ int main(int argc, const char * const ar
apr_getopt_t *opt;
const char *opt_arg;
char c;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ int max_prot = TLS1_2_VERSION;
+#ifndef OPENSSL_NO_SSL3
+ int min_prot = SSL3_VERSION;
+#else
+ int min_prot = TLS1_VERSION;
+#endif
+#endif /* #if OPENSSL_VERSION_NUMBER >= 0x10100000L */
#ifdef USE_SSL
AB_SSL_METHOD_CONST SSL_METHOD *meth = SSLv23_client_method();
#endif
@@ -2378,14 +2386,13 @@ int main(int argc, const char * const ar
method_str[CUSTOM_METHOD] = strdup(opt_arg);
break;
case 'f':
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (strncasecmp(opt_arg, "ALL", 3) == 0) {
meth = SSLv23_client_method();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
#ifndef OPENSSL_NO_SSL2
} else if (strncasecmp(opt_arg, "SSL2", 4) == 0) {
meth = SSLv2_client_method();
#endif
-#endif
#ifndef OPENSSL_NO_SSL3
} else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {
meth = SSLv3_client_method();
@@ -2399,6 +2406,31 @@ int main(int argc, const char * const ar
} else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {
meth = TLSv1_client_method();
}
+#else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
+ meth = TLS_client_method();
+ if (strncasecmp(opt_arg, "ALL", 3) == 0) {
+ max_prot = TLS1_2_VERSION;
+#ifndef OPENSSL_NO_SSL3
+ min_prot = SSL3_VERSION;
+#else
+ min_prot = TLS1_VERSION;
+#endif
+#ifndef OPENSSL_NO_SSL3
+ } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {
+ max_prot = SSL3_VERSION;
+ min_prot = SSL3_VERSION;
+#endif
+ } else if (strncasecmp(opt_arg, "TLS1.1", 6) == 0) {
+ max_prot = TLS1_1_VERSION;
+ min_prot = TLS1_1_VERSION;
+ } else if (strncasecmp(opt_arg, "TLS1.2", 6) == 0) {
+ max_prot = TLS1_2_VERSION;
+ min_prot = TLS1_2_VERSION;
+ } else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {
+ max_prot = TLS1_VERSION;
+ min_prot = TLS1_VERSION;
+ }
+#endif /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
break;
#endif
}
@@ -2460,6 +2492,10 @@ int main(int argc, const char * const ar
exit(1);
}
SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ SSL_CTX_set_max_proto_version(ssl_ctx, max_prot);
+ SSL_CTX_set_min_proto_version(ssl_ctx, min_prot);
+#endif
#ifdef SSL_MODE_RELEASE_BUFFERS
/* Keep memory usage as low as possible */
SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);