You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@serf.apache.org by br...@apache.org on 2016/12/17 12:27:08 UTC
svn commit: r1774748 - in /serf/trunk: buckets/ssl_buckets.c
test/MockHTTPinC/MockHTTP_server.c test/test_ssl.c
Author: brane
Date: Sat Dec 17 12:27:08 2016
New Revision: 1774748
URL: http://svn.apache.org/viewvc?rev=1774748&view=rev
Log:
Make Serf compile and tests pass when the symbols OPENSSL_NO_TLSEXT
and/or OPENSSL_NO_OCSP are defined.
These symbols are used in several places to enclose conditional blocks
of code, but some checks were missing.
* buckets/ssl_buckets.c
(ocsp_callback): Make conditional on OPENSSL_NO_OCSP, too.
(serf_ssl_check_cert_status_request): Likelwise.
* test/MockHTTPinC/MockHTTP_server.c
(ocspCreateResponse, ocspStatusCallback): Make conditional on
OPENSSL_NO_TLSEXT and OPENSSL_NO_OCSP.
(alpn_select_callback): Make conditional on OPENSSL_NO_TLSEXT.
(initSSLCtx): Don't use alpn_select_callback depending on OPENSSL_NO_TLSEXT.
Likewise for ocspStatusCallback, which also depends on OPENSSL_NO_OCSP.
* test/test_ssl.c
(test_ss l_ocsp_response_error_and_override): Do not check for stapled
OCSP response depending on OPENSSL_NO_TLSEXT and OPENSSL_NO_OCSP.
(http11_select_protocol, http11_alpn_setup): Make conditional on
OPENSSL_NO_TLSEXT and OPENSSL_NO_OCSP.
(test_ssl_alpn_negotiate): Make test no-op depending on OPENSSL_NO_TLSEXT.
Modified:
serf/trunk/buckets/ssl_buckets.c
serf/trunk/test/MockHTTPinC/MockHTTP_server.c
serf/trunk/test/test_ssl.c
Modified: serf/trunk/buckets/ssl_buckets.c
URL: http://svn.apache.org/viewvc/serf/trunk/buckets/ssl_buckets.c?rev=1774748&r1=1774747&r2=1774748&view=diff
==============================================================================
--- serf/trunk/buckets/ssl_buckets.c (original)
+++ serf/trunk/buckets/ssl_buckets.c Sat Dec 17 12:27:08 2016
@@ -587,7 +587,7 @@ static void bio_meth_free(BIO_METHOD *bi
#endif
}
-#ifndef OPENSSL_NO_TLSEXT
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
/* Callback called when the server response has some OCSP info.
Returns 1 if the application accepts the OCSP response as successful,
0 in case of error.
@@ -670,7 +670,7 @@ static int ocsp_callback(SSL *ssl, void
return cert_valid;
}
-#endif
+#endif /* OPENSSL_NO_TLSEXT && OPENSSL_NO_OCSP */
typedef enum san_copy_t {
EscapeNulAndCopy = 0,
@@ -2039,7 +2039,7 @@ apr_status_t
serf_ssl_check_cert_status_request(serf_ssl_context_t *ssl_ctx, int enabled)
{
-#ifndef OPENSSL_NO_TLSEXT
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
SSL_CTX_set_tlsext_status_cb(ssl_ctx->ctx, ocsp_callback);
SSL_CTX_set_tlsext_status_arg(ssl_ctx->ctx, ssl_ctx);
SSL_set_tlsext_status_type(ssl_ctx->ssl, TLSEXT_STATUSTYPE_ocsp);
Modified: serf/trunk/test/MockHTTPinC/MockHTTP_server.c
URL: http://svn.apache.org/viewvc/serf/trunk/test/MockHTTPinC/MockHTTP_server.c?rev=1774748&r1=1774747&r2=1774748&view=diff
==============================================================================
--- serf/trunk/test/MockHTTPinC/MockHTTP_server.c (original)
+++ serf/trunk/test/MockHTTPinC/MockHTTP_server.c Sat Dec 17 12:27:08 2016
@@ -2448,6 +2448,7 @@ static void bio_meth_free(BIO_METHOD *bi
#endif
}
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
static int ocspCreateResponse(OCSP_RESPONSE **resp, mhOCSPRespnseStatus_t status)
{
int ret = 1;
@@ -2526,6 +2527,7 @@ static int ocspStatusCallback(SSL *ssl,
/* Couldn't find match */
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
+#endif /* OPENSSL_NO_TLSEXT && OPENSSL_NO_OCSP */
/* Convert an ssl error into an apr status code for a specific context */
static apr_status_t status_from_ssl(sslCtx_t *ssl_ctx, int ret_code)
@@ -2625,6 +2627,7 @@ static apr_status_t initSSL(_mhClientCtx
return APR_SUCCESS;
}
+#ifndef OPENSSL_NO_TLSEXT
static int alpn_select_callback(SSL *ssl,
const unsigned char **out,
unsigned char *outlen,
@@ -2653,6 +2656,7 @@ static int alpn_select_callback(SSL *ssl
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
+#endif /* OPENSSL_NO_TLSEXT */
/**
* Inits the OpenSSL context.
@@ -2703,11 +2707,13 @@ static apr_status_t initSSLCtx(_mhClient
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10002000L /* >= 1.0.2 */
+# ifndef OPENSSL_NO_TLSEXT
if (cctx->serv_ctx->alpn) {
SSL_CTX_set_alpn_select_cb(ssl_ctx->ctx,
alpn_select_callback,
cctx->serv_ctx);
}
+# endif
#endif
if (cctx->protocols == mhProtoSSLv2) {
@@ -2773,7 +2779,7 @@ static apr_status_t initSSLCtx(_mhClient
break;
}
-#ifndef OPENSSL_NO_TLSEXT
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
if (cctx->ocspEnabled) {
SSL_CTX_set_tlsext_status_cb(ssl_ctx->ctx, ocspStatusCallback);
SSL_CTX_set_tlsext_status_arg(ssl_ctx->ctx, cctx);
Modified: serf/trunk/test/test_ssl.c
URL: http://svn.apache.org/viewvc/serf/trunk/test/test_ssl.c?rev=1774748&r1=1774747&r2=1774748&view=diff
==============================================================================
--- serf/trunk/test/test_ssl.c (original)
+++ serf/trunk/test/test_ssl.c Sat Dec 17 12:27:08 2016
@@ -1996,7 +1996,9 @@ static void test_ssl_ocsp_response_error
handler_ctx, tb->pool);
CuAssertTrue(tc, tb->result_flags & TEST_RESULT_SERVERCERTCB_CALLED);
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
CuAssertTrue(tc, tb->result_flags & TEST_RESULT_OCSP_CHECK_SUCCESSFUL);
+#endif
}
/* Validate that the subject's CN containing a '\0' byte is reported as failure
@@ -2164,6 +2166,7 @@ static void test_ssl_server_cert_with_sa
CuAssertTrue(tc, tb->result_flags & TEST_RESULT_SERVERCERTCB_CALLED);
}
+#ifndef OPENSSL_NO_TLSEXT
static apr_status_t http11_select_protocol(void *baton,
const char *protocol)
{
@@ -2203,10 +2206,12 @@ static apr_status_t http11_alpn_setup(ap
return APR_SUCCESS;
}
+#endif /* OPENSSL_NO_TLSEXT */
static void test_ssl_alpn_negotiate(CuTest *tc)
{
+#ifndef OPENSSL_NO_TLSEXT
test_baton_t *tb = tc->testBaton;
handler_baton_t handler_ctx[1];
const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]);
@@ -2251,6 +2256,7 @@ static void test_ssl_alpn_negotiate(CuTe
run_client_and_mock_servers_loops_expect_ok(tc, tb, num_requests,
handler_ctx, tb->pool);
+#endif /* OPENSSL_NO_TLSEXT */
}
CuSuite *test_ssl(void)