You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@serf.apache.org by rh...@apache.org on 2016/06/30 15:45:07 UTC
svn commit: r1750819 - in /serf/branches/1.3.x: ./ buckets/ test/server/
Author: rhuijben
Date: Thu Jun 30 15:45:07 2016
New Revision: 1750819
URL: http://svn.apache.org/viewvc?rev=1750819&view=rev
Log:
Merge to 1.3.x the equivalent of r1748673 by applying the
Patch by: James McCoy <jamessan{_AT_}debian.org>
Adapt to OpenSSL 1.1.x API changes.
OpenSSL 1.1.x makes various types opaque, requiring the use of
accessors, and rewrote the state machine describing the handshake
process. Of particular interest to serf are the BIO, BIO_METHOD, and
X509_STORE types.
* buckets/ssl_buckets.c
(): New USE_OPENSSL_1_1_API define
(): New X509_STORE_get0_param() define for use with pre-1.1.x OpenSSL
(bio_set_data, bio_get_data): New functions to abstract access to
the BIO data.
(bio_bucket_read, bio_bucket_write, bio_file_read, bio_file_write,
bio_file_gets): Use bio_get_data.
(bio_bucket_create): Use BIO accessor functions when available.
(bio_meth_bucket_new, bio_meth_file_new): New functions to abstract
creation of BIO_METHOD. With OpenSSL 1.1.x or newer, the BIO_meth_*
functions are used to allocate a new BIO_METOD and set the
callbacks, otherwise the pointers to the statically defined structs
are used.
(init_ssl_libraries): Exclude threading code when OpenSSL 1.1.x is in
use since OpenSSL now handles this appropriately without users of
the library setting up locking functions.
(ssl_need_client_cert, ssl_init_context): Use new bio_meth_*_new
functions to provide the BIO_METHOD* to BIO_new(). Also use the
bio_set_data function to set the data for the callback.
* test/server/test_sslserver.c
(): New USE_OPENSSL_1_1_API define
(bio_set_data, bio_get_data): New functions to abstract access to
the BIO data.
(bio_apr_socket_read, bio_apr_socket_write): Use bio_get_data.
(bio_apr_socket_create): Use BIO accessor functions when available.
(bio_meth_apr_socket_new): New function to abstract creation of
BIO_METHOD. With OpenSSL 1.1.x or newer, the BIO_meth_* functions
are used to allocate a new BIO_METOD and set the callbacks,
otherwise the pointer to the statically defined struct is used.
(validate_client_certificate): Use new bio_meth_apr_socket_new
function to provide the BIO_METHOD* to BIO_new(). Also use the
bio_set_data function to set the data for the callback.
Modified:
serf/branches/1.3.x/ (props changed)
serf/branches/1.3.x/buckets/ssl_buckets.c
serf/branches/1.3.x/test/server/serfcacert.pem (props changed)
serf/branches/1.3.x/test/server/serfclientcert.p12 (props changed)
serf/branches/1.3.x/test/server/serfrootcacert.pem (props changed)
serf/branches/1.3.x/test/server/serfserver_expired_cert.pem (props changed)
serf/branches/1.3.x/test/server/serfserver_future_cert.pem (props changed)
serf/branches/1.3.x/test/server/serfservercert.pem (props changed)
serf/branches/1.3.x/test/server/serfserverkey.pem (props changed)
serf/branches/1.3.x/test/server/test_sslserver.c
Propchange: serf/branches/1.3.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 30 15:45:07 2016
@@ -1,4 +1,4 @@
/serf/branches/1.3.x:1699925,1699931
/serf/branches/multiple_ssl_impls:1699382
/serf/branches/windows-sspi:1698866-1698877
-/serf/trunk:1699516-1699518,1699520-1699522,1699528,1699530-1699535,1699537,1699539-1699543,1699548-1699549,1699553,1699555-1699556,1699559-1699560,1699563-1699565,1699567-1699570,1699572-1699573,1699578-1699580,1699582-1699597,1699599-1699602,1699607,1699610,1699615-1699618,1699622-1699623,1699626-1699627,1699633,1699637,1699642,1699645,1699647,1699649-1699650,1699652,1699654-1699655,1699659-1699665,1699671,1699674,1699680-1699683,1699687-1699688,1699690,1699692-1699694,1699698-1699700,1699702,1699707-1699708,1699712-1699716,1699720,1699724,1699728,1699730,1699733,1699762,1699770,1699773,1699777,1699780-1699781,1699791,1699798,1699800-1699801,1699817,1699819,1699838,1699843,1699846,1699850,1699852,1699858-1699859,1699861,1699873,1699881,1699884,1699902-1699903,1699906,1699924,1699926-1699927,1699930,1699932,1699936-1699937,1699941,1699944,1699948-1699950,1699954,1699957,1699964,1699973,1699975,1699985-1699987,1699993-1699994,1700062,1700128,1700149,1700234,1700236,1700246,1700270,1
700650,1700830,1702096,1702221,1702264,1708849
+/serf/trunk:1699516-1699518,1699520-1699522,1699528,1699530-1699535,1699537,1699539-1699543,1699548-1699549,1699553,1699555-1699556,1699559-1699560,1699563-1699565,1699567-1699570,1699572-1699573,1699578-1699580,1699582-1699597,1699599-1699602,1699607,1699610,1699615-1699618,1699622-1699623,1699626-1699627,1699633,1699637,1699642,1699645,1699647,1699649-1699650,1699652,1699654-1699655,1699659-1699665,1699671,1699674,1699680-1699683,1699687-1699688,1699690,1699692-1699694,1699698-1699700,1699702,1699707-1699708,1699712-1699716,1699720,1699724,1699728,1699730,1699733,1699762,1699770,1699773,1699777,1699780-1699781,1699791,1699798,1699800-1699801,1699817,1699819,1699838,1699843,1699846,1699850,1699852,1699858-1699859,1699861,1699873,1699881,1699884,1699902-1699903,1699906,1699924,1699926-1699927,1699930,1699932,1699936-1699937,1699941,1699944,1699948-1699950,1699954,1699957,1699964,1699973,1699975,1699985-1699987,1699993-1699994,1700062,1700128,1700149,1700234,1700236,1700246,1700270,1
700650,1700830,1702096,1702221,1702264,1708849,1748673
Modified: serf/branches/1.3.x/buckets/ssl_buckets.c
URL: http://svn.apache.org/viewvc/serf/branches/1.3.x/buckets/ssl_buckets.c?rev=1750819&r1=1750818&r2=1750819&view=diff
==============================================================================
--- serf/branches/1.3.x/buckets/ssl_buckets.c (original)
+++ serf/branches/1.3.x/buckets/ssl_buckets.c Thu Jun 30 15:45:07 2016
@@ -52,6 +52,10 @@
#define APR_ARRAY_PUSH(ary,type) (*((type *)apr_array_push(ary)))
#endif
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define USE_OPENSSL_1_1_API
+#endif
+
/*
* Here's an overview of the SSL bucket's relationship to OpenSSL and serf.
@@ -140,6 +144,7 @@ struct serf_ssl_context_t {
SSL_CTX *ctx;
SSL *ssl;
BIO *bio;
+ BIO_METHOD *biom;
serf_ssl_stream_t encrypt;
serf_ssl_stream_t decrypt;
@@ -232,10 +237,28 @@ apps_ssl_info_callback(const SSL *s, int
}
#endif
+static void bio_set_data(BIO *bio, void *data)
+{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_set_data(bio, data);
+#else
+ bio->ptr = data;
+#endif
+}
+
+static void *bio_get_data(BIO *bio)
+{
+#ifdef USE_OPENSSL_1_1_API
+ return BIO_get_data(bio);
+#else
+ return bio->ptr;
+#endif
+}
+
/* Returns the amount read. */
static int bio_bucket_read(BIO *bio, char *in, int inlen)
{
- serf_ssl_context_t *ctx = bio->ptr;
+ serf_ssl_context_t *ctx = bio_get_data(bio);
const char *data;
apr_status_t status;
apr_size_t len;
@@ -279,7 +302,7 @@ static int bio_bucket_read(BIO *bio, cha
/* Returns the amount written. */
static int bio_bucket_write(BIO *bio, const char *in, int inl)
{
- serf_ssl_context_t *ctx = bio->ptr;
+ serf_ssl_context_t *ctx = bio_get_data(bio);
serf_bucket_t *tmp;
serf__log(SSL_VERBOSE, __FILE__, "bio_bucket_write called for %d bytes\n",
@@ -307,7 +330,7 @@ static int bio_bucket_write(BIO *bio, co
/* Returns the amount read. */
static int bio_file_read(BIO *bio, char *in, int inlen)
{
- apr_file_t *file = bio->ptr;
+ apr_file_t *file = bio_get_data(bio);
apr_status_t status;
apr_size_t len;
@@ -329,7 +352,7 @@ static int bio_file_read(BIO *bio, char
/* Returns the amount written. */
static int bio_file_write(BIO *bio, const char *in, int inl)
{
- apr_file_t *file = bio->ptr;
+ apr_file_t *file = bio_get_data(bio);
apr_size_t nbytes;
BIO_clear_retry_flags(bio);
@@ -342,7 +365,7 @@ static int bio_file_write(BIO *bio, cons
static int bio_file_gets(BIO *bio, char *in, int inlen)
{
- apr_file_t *file = bio->ptr;
+ apr_file_t *file = bio_get_data(bio);
apr_status_t status;
status = apr_file_gets(in, inlen, file);
@@ -358,10 +381,16 @@ static int bio_file_gets(BIO *bio, char
static int bio_bucket_create(BIO *bio)
{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_set_shutdown(bio, 1);
+ BIO_set_init(bio, 1);
+ BIO_set_data(bio, NULL);
+#else
bio->shutdown = 1;
bio->init = 1;
bio->num = -1;
bio->ptr = NULL;
+#endif
return 1;
}
@@ -395,6 +424,7 @@ static long bio_bucket_ctrl(BIO *bio, in
return ret;
}
+#ifndef USE_OPENSSL_1_1_API
static BIO_METHOD bio_bucket_method = {
BIO_TYPE_MEM,
"Serf SSL encryption and decryption buckets",
@@ -424,6 +454,55 @@ static BIO_METHOD bio_file_method = {
NULL /* sslc does not have the callback_ctrl field */
#endif
};
+#endif
+
+static BIO_METHOD *bio_meth_bucket_new(void)
+{
+ BIO_METHOD *biom = NULL;
+
+#ifdef USE_OPENSSL_1_1_API
+ biom = BIO_meth_new(BIO_TYPE_MEM,
+ "Serf SSL encryption and decryption buckets");
+ if (biom) {
+ BIO_meth_set_write(biom, bio_bucket_write);
+ BIO_meth_set_read(biom, bio_bucket_read);
+ BIO_meth_set_ctrl(biom, bio_bucket_ctrl);
+ BIO_meth_set_create(biom, bio_bucket_create);
+ BIO_meth_set_destroy(biom, bio_bucket_destroy);
+ }
+#else
+ biom = &bio_bucket_method;
+#endif
+
+ return biom;
+}
+
+static BIO_METHOD *bio_meth_file_new(void)
+{
+ BIO_METHOD *biom = NULL;
+
+#ifdef USE_OPENSSL_1_1_API
+ biom = BIO_meth_new(BIO_TYPE_FILE,
+ "Wrapper around APR file structures");
+ BIO_meth_set_write(biom, bio_file_write);
+ BIO_meth_set_read(biom, bio_file_read);
+ BIO_meth_set_gets(biom, bio_file_gets);
+ BIO_meth_set_ctrl(biom, bio_bucket_ctrl);
+ BIO_meth_set_create(biom, bio_bucket_create);
+ BIO_meth_set_destroy(biom, bio_bucket_destroy);
+#else
+ biom = &bio_file_method;
+#endif
+
+ return biom;
+}
+
+static void bio_meth_free(BIO_METHOD *biom)
+{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_meth_free(biom);
+#endif
+}
typedef enum san_copy_t {
EscapeNulAndCopy = 0,
@@ -973,7 +1052,7 @@ static apr_status_t ssl_encrypt(void *ba
return status;
}
-#if APR_HAS_THREADS
+#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API)
static apr_pool_t *ssl_pool;
static apr_thread_mutex_t **ssl_locks;
@@ -1060,7 +1139,7 @@ static void init_ssl_libraries(void)
val = apr_atomic_cas32(&have_init_ssl, INIT_BUSY, INIT_UNINITIALIZED);
if (!val) {
-#if APR_HAS_THREADS
+#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API)
int i, numlocks;
#endif
@@ -1077,13 +1156,17 @@ static void init_ssl_libraries(void)
}
#endif
+#ifdef USE_OPENSSL_1_1_API
+ OPENSSL_malloc_init();
+#else
CRYPTO_malloc_init();
+#endif
ERR_load_crypto_strings();
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
-#if APR_HAS_THREADS
+#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API)
numlocks = CRYPTO_num_locks();
apr_pool_create(&ssl_pool, NULL);
ssl_locks = apr_palloc(ssl_pool, sizeof(apr_thread_mutex_t*)*numlocks);
@@ -1136,6 +1219,7 @@ static int ssl_need_client_cert(SSL *ssl
const char *cert_path;
apr_file_t *cert_file;
BIO *bio;
+ BIO_METHOD *biom;
PKCS12 *p12;
int i;
int retrying_success = 0;
@@ -1161,8 +1245,9 @@ static int ssl_need_client_cert(SSL *ssl
continue;
}
- bio = BIO_new(&bio_file_method);
- bio->ptr = cert_file;
+ biom = bio_meth_file_new();
+ bio = BIO_new(biom);
+ bio_set_data(bio, cert_file);
ctx->cert_path = cert_path;
p12 = d2i_PKCS12_bio(bio, NULL);
@@ -1172,6 +1257,7 @@ static int ssl_need_client_cert(SSL *ssl
if (i == 1) {
PKCS12_free(p12);
+ bio_meth_free(biom);
ctx->cached_cert = *cert;
ctx->cached_cert_pw = *pkey;
if (!retrying_success && ctx->cert_cache_pool) {
@@ -1207,6 +1293,7 @@ static int ssl_need_client_cert(SSL *ssl
i = PKCS12_parse(p12, password, pkey, cert, NULL);
if (i == 1) {
PKCS12_free(p12);
+ bio_meth_free(biom);
ctx->cached_cert = *cert;
ctx->cached_cert_pw = *pkey;
if (!retrying_success && ctx->cert_cache_pool) {
@@ -1234,6 +1321,7 @@ static int ssl_need_client_cert(SSL *ssl
}
}
PKCS12_free(p12);
+ bio_meth_free(biom);
return 0;
}
else {
@@ -1241,6 +1329,7 @@ static int ssl_need_client_cert(SSL *ssl
ERR_GET_FUNC(err),
ERR_GET_REASON(err));
PKCS12_free(p12);
+ bio_meth_free(biom);
}
}
}
@@ -1335,8 +1424,9 @@ static serf_ssl_context_t *ssl_init_cont
disable_compression(ssl_ctx);
ssl_ctx->ssl = SSL_new(ssl_ctx->ctx);
- ssl_ctx->bio = BIO_new(&bio_bucket_method);
- ssl_ctx->bio->ptr = ssl_ctx;
+ ssl_ctx->biom = bio_meth_bucket_new();
+ ssl_ctx->bio = BIO_new(ssl_ctx->biom);
+ bio_set_data(ssl_ctx->bio, ssl_ctx);
SSL_set_bio(ssl_ctx->ssl, ssl_ctx->bio, ssl_ctx->bio);
@@ -1379,6 +1469,7 @@ static apr_status_t ssl_free_context(
/* SSL_free implicitly frees the underlying BIO. */
SSL_free(ssl_ctx->ssl);
+ bio_meth_free(ssl_ctx->biom);
SSL_CTX_free(ssl_ctx->ctx);
serf_bucket_mem_free(ssl_ctx->allocator, ssl_ctx);
Propchange: serf/branches/1.3.x/test/server/serfcacert.pem
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 30 15:45:07 2016
@@ -1,4 +1,4 @@
/serf/branches/copy-bucket/test/certs/serfcacert.pem:1699343-1699443
/serf/branches/multiple_ssl_impls/test/certs/serfcacert.pem:1699382
/serf/branches/windows-sspi/test/certs/serfcacert.pem:1698866-1698877
-/serf/trunk/test/server/serfcacert.pem:1699873
+/serf/trunk/test/server/serfcacert.pem:1699873,1748673
Propchange: serf/branches/1.3.x/test/server/serfclientcert.p12
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 30 15:45:07 2016
@@ -1,4 +1,4 @@
/serf/branches/copy-bucket/test/certs/serfclientcert.p12:1699343-1699443
/serf/branches/multiple_ssl_impls/test/certs/serfclientcert.p12:1699382
/serf/branches/windows-sspi/test/certs/serfclientcert.p12:1698866-1698877
-/serf/trunk/test/server/serfclientcert.p12:1699873
+/serf/trunk/test/server/serfclientcert.p12:1699873,1748673
Propchange: serf/branches/1.3.x/test/server/serfrootcacert.pem
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 30 15:45:07 2016
@@ -1,4 +1,4 @@
/serf/branches/copy-bucket/test/certs/serfrootcacert.pem:1699343-1699443
/serf/branches/multiple_ssl_impls/test/certs/serfrootcacert.pem:1699382
/serf/branches/windows-sspi/test/certs/serfrootcacert.pem:1698866-1698877
-/serf/trunk/test/server/serfrootcacert.pem:1699873
+/serf/trunk/test/server/serfrootcacert.pem:1699873,1748673
Propchange: serf/branches/1.3.x/test/server/serfserver_expired_cert.pem
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 30 15:45:07 2016
@@ -1,4 +1,4 @@
/serf/branches/copy-bucket/test/certs/serfserver_expired_cert.pem:1699343-1699443
/serf/branches/multiple_ssl_impls/test/certs/serfserver_expired_cert.pem:1699382
/serf/branches/windows-sspi/test/certs/serfserver_expired_cert.pem:1698866-1698877
-/serf/trunk/test/server/serfserver_expired_cert.pem:1699873
+/serf/trunk/test/server/serfserver_expired_cert.pem:1699873,1748673
Propchange: serf/branches/1.3.x/test/server/serfserver_future_cert.pem
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 30 15:45:07 2016
@@ -1,4 +1,4 @@
/serf/branches/copy-bucket/test/certs/serfserver_future_cert.pem:1699343-1699443
/serf/branches/multiple_ssl_impls/test/certs/serfserver_future_cert.pem:1699382
/serf/branches/windows-sspi/test/certs/serfserver_future_cert.pem:1698866-1698877
-/serf/trunk/test/server/serfserver_future_cert.pem:1699873
+/serf/trunk/test/server/serfserver_future_cert.pem:1699873,1748673
Propchange: serf/branches/1.3.x/test/server/serfservercert.pem
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 30 15:45:07 2016
@@ -1,4 +1,4 @@
/serf/branches/copy-bucket/test/certs/serfservercert.pem:1699343-1699443
/serf/branches/multiple_ssl_impls/test/certs/serfservercert.pem:1699382
/serf/branches/windows-sspi/test/certs/serfservercert.pem:1698866-1698877
-/serf/trunk/test/server/serfservercert.pem:1699873
+/serf/trunk/test/server/serfservercert.pem:1699873,1748673
Propchange: serf/branches/1.3.x/test/server/serfserverkey.pem
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Jun 30 15:45:07 2016
@@ -1,4 +1,4 @@
/serf/branches/copy-bucket/test/certs/private/serfserverkey.pem:1699343-1699443
/serf/branches/multiple_ssl_impls/test/certs/private/serfserverkey.pem:1699382
/serf/branches/windows-sspi/test/certs/private/serfserverkey.pem:1698866-1698877
-/serf/trunk/test/server/serfserverkey.pem:1699873
+/serf/trunk/test/server/serfserverkey.pem:1699873,1748673
Modified: serf/branches/1.3.x/test/server/test_sslserver.c
URL: http://svn.apache.org/viewvc/serf/branches/1.3.x/test/server/test_sslserver.c?rev=1750819&r1=1750818&r2=1750819&view=diff
==============================================================================
--- serf/branches/1.3.x/test/server/test_sslserver.c (original)
+++ serf/branches/1.3.x/test/server/test_sslserver.c Thu Jun 30 15:45:07 2016
@@ -27,6 +27,10 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define USE_OPENSSL_1_1_API
+#endif
+
static int init_done = 0;
typedef struct ssl_context_t {
@@ -35,6 +39,7 @@ typedef struct ssl_context_t {
SSL_CTX* ctx;
SSL* ssl;
BIO *bio;
+ BIO_METHOD *biom;
} ssl_context_t;
@@ -45,12 +50,36 @@ static int pem_passwd_cb(char *buf, int
return strlen(buf);
}
+static void bio_set_data(BIO *bio, void *data)
+{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_set_data(bio, data);
+#else
+ bio->ptr = data;
+#endif
+}
+
+static void *bio_get_data(BIO *bio)
+{
+#ifdef USE_OPENSSL_1_1_API
+ return BIO_get_data(bio);
+#else
+ return bio->ptr;
+#endif
+}
+
static int bio_apr_socket_create(BIO *bio)
{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_set_shutdown(bio, 1);
+ BIO_set_init(bio, 1);
+ BIO_set_data(bio, NULL);
+#else
bio->shutdown = 1;
bio->init = 1;
bio->num = -1;
bio->ptr = NULL;
+#endif
return 1;
}
@@ -88,7 +117,7 @@ static long bio_apr_socket_ctrl(BIO *bio
static int bio_apr_socket_read(BIO *bio, char *in, int inlen)
{
apr_size_t len = inlen;
- serv_ctx_t *serv_ctx = bio->ptr;
+ serv_ctx_t *serv_ctx = bio_get_data(bio);
apr_status_t status;
BIO_clear_retry_flags(bio);
@@ -114,7 +143,7 @@ static int bio_apr_socket_read(BIO *bio,
static int bio_apr_socket_write(BIO *bio, const char *in, int inlen)
{
apr_size_t len = inlen;
- serv_ctx_t *serv_ctx = bio->ptr;
+ serv_ctx_t *serv_ctx = bio_get_data(bio);
apr_status_t status = apr_socket_send(serv_ctx->client_sock, in, &len);
@@ -129,6 +158,7 @@ static int bio_apr_socket_write(BIO *bio
}
+#ifndef USE_OPENSSL_1_1_API
static BIO_METHOD bio_apr_socket_method = {
BIO_TYPE_SOCKET,
"APR sockets",
@@ -143,6 +173,27 @@ static BIO_METHOD bio_apr_socket_method
NULL /* sslc does not have the callback_ctrl field */
#endif
};
+#endif
+
+static BIO_METHOD *bio_meth_apr_socket_new(void)
+{
+ BIO_METHOD *biom = NULL;
+
+#ifdef USE_OPENSSL_1_1_API
+ biom = BIO_meth_new(BIO_TYPE_SOCKET, "APR sockets");
+ if (biom) {
+ BIO_meth_set_write(biom, bio_apr_socket_write);
+ BIO_meth_set_read(biom, bio_apr_socket_read);
+ BIO_meth_set_ctrl(biom, bio_apr_socket_ctrl);
+ BIO_meth_set_create(biom, bio_apr_socket_create);
+ BIO_meth_set_destroy(biom, bio_apr_socket_destroy);
+ }
+#else
+ biom = &bio_apr_socket_method;
+#endif
+
+ return biom;
+}
static int validate_client_certificate(int preverify_ok, X509_STORE_CTX *ctx)
{
@@ -177,7 +228,11 @@ init_ssl_context(serv_ctx_t *serv_ctx,
/* Init OpenSSL globally */
if (!init_done)
{
+#ifdef USE_OPENSSL_1_1_API
+ OPENSSL_malloc_init();
+#else
CRYPTO_malloc_init();
+#endif
ERR_load_crypto_strings();
SSL_load_error_strings();
SSL_library_init();
@@ -234,8 +289,9 @@ init_ssl_context(serv_ctx_t *serv_ctx,
SSL_CTX_set_mode(ssl_ctx->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
- ssl_ctx->bio = BIO_new(&bio_apr_socket_method);
- ssl_ctx->bio->ptr = serv_ctx;
+ ssl_ctx->biom = bio_meth_apr_socket_new();
+ ssl_ctx->bio = BIO_new(ssl_ctx->biom);
+ bio_set_data(ssl_ctx->bio, serv_ctx);
init_ssl(serv_ctx);
}
@@ -388,8 +444,12 @@ static apr_status_t cleanup_https_server
ssl_context_t *ssl_ctx = servctx->ssl_ctx;
if (ssl_ctx) {
- if (ssl_ctx->ssl)
+ if (ssl_ctx->ssl) {
SSL_clear(ssl_ctx->ssl);
+#ifdef USE_OPENSSL_1_1_API
+ BIO_meth_free(ssl_ctx->biom);
+#endif
+ }
SSL_CTX_free(ssl_ctx->ctx);
}