You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2017/07/11 02:31:37 UTC
[trafficserver] branch 7.1.x updated: OpenSSL 1.1
ASN1_STRING_data() and RAND_pseudo_bytes()
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/7.1.x by this push:
new bd3f1ad OpenSSL 1.1 ASN1_STRING_data() and RAND_pseudo_bytes()
bd3f1ad is described below
commit bd3f1ad91a3c64ba282ed170509ffaa360809705
Author: Jack Bates <ja...@nottheoilrig.com>
AuthorDate: Sat Jan 28 10:49:18 2017 -0700
OpenSSL 1.1 ASN1_STRING_data() and RAND_pseudo_bytes()
ASN1_STRING_data() and RAND_pseudo_bytes()
were deprecated in OpenSSL 1.1.
Fixes #1384
(cherry picked from commit 47388b0dc20086fecd765d28686c4e499d884861)
---
configure.ac | 3 +++
iocore/net/SSLUtils.cc | 4 ++--
plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc | 2 +-
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index f6adcba..85abfd2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1148,6 +1148,9 @@ AC_CHECK_FUNCS([ \
X509_get0_signature \
])
+AC_CHECK_FUNC([ASN1_STRING_get0_data], [],
+ [AC_DEFINE([ASN1_STRING_get0_data], [ASN1_STRING_data], [Added in OpenSSL 1.1])])
+
AC_CHECK_FUNC([BIO_set_data], [],
[AC_DEFINE([BIO_set_data(a, _ptr)], [((a)->ptr = (_ptr))], [Added in OpenSSL 1.1])])
AC_CHECK_FUNC([BIO_get_data], [],
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 863d80d..1fbbac6 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1348,7 +1348,7 @@ asn1_strdup(ASN1_STRING *s)
ink_assert(ASN1_STRING_type(s) == V_ASN1_IA5STRING || ASN1_STRING_type(s) == V_ASN1_UTF8STRING ||
ASN1_STRING_type(s) == V_ASN1_PRINTABLESTRING || ASN1_STRING_type(s) == V_ASN1_T61STRING);
- return ats_strndup((const char *)ASN1_STRING_data(s), ASN1_STRING_length(s));
+ return ats_strndup((const char *)ASN1_STRING_get0_data(s), ASN1_STRING_length(s));
}
// Given a certificate and it's corresponding SSL_CTX context, insert hash
@@ -2077,7 +2077,7 @@ ssl_callback_session_ticket(SSL *ssl, unsigned char *keyname, unsigned char *iv,
if (enc == 1) {
const ssl_ticket_key_t &most_recent_key = keyblock->keys[0];
memcpy(keyname, most_recent_key.key_name, sizeof(most_recent_key.key_name));
- RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH);
+ RAND_bytes(iv, EVP_MAX_IV_LENGTH);
EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), nullptr, most_recent_key.aes_key, iv);
HMAC_Init_ex(hctx, most_recent_key.hmac_secret, sizeof(most_recent_key.hmac_secret), evp_md_func, nullptr);
diff --git a/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc b/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc
index 4e339c7..f238769 100644
--- a/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc
+++ b/plugins/experimental/ssl_cert_loader/ssl-cert-loader.cc
@@ -198,7 +198,7 @@ Load_Certificate(SslEntry const *entry, std::deque<std::string> &names)
if (alt_name->type == GEN_DNS) {
// Current name is a DNS name, let's check it
- char *name_ptr = (char *)ASN1_STRING_data(alt_name->d.dNSName);
+ char *name_ptr = (char *)ASN1_STRING_get0_data(alt_name->d.dNSName);
std::string tmp_name(name_ptr);
names.push_back(tmp_name);
}
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].