svn commit: r835046 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

[rp...@apache.org]

Author: rpluem
Date: Wed Nov 11 20:27:10 2009
New Revision: 835046

URL: http://svn.apache.org/viewvc?rev=835046&view=rev
Log:
* Use correct #ifndef's to compile again on openssl 0.9.8 and fix compiler
  warnings.

Noted by: sf

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=835046&r1=835045&r2=835046&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Wed Nov 11 20:27:10 2009
@@ -936,10 +936,16 @@
                                   apr_pool_t *ptemp,
                                   modssl_ctx_t *mctx)
 {
-    const char *rsa_id, *dsa_id, *ecc_id;
+    const char *rsa_id, *dsa_id;
+#ifndef OPENSSL_NO_EC
+    const char *ecc_id;
+#endif
     const char *vhost_id = mctx->sc->vhost_id;
     int i;
-    int have_rsa, have_dsa, have_ecc;
+    int have_rsa, have_dsa;
+#ifndef OPENSSL_NO_EC
+    int have_ecc;
+#endif
 
     rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
     dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
@@ -974,17 +980,17 @@
 
     have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
     have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
-#if SSL_LIBRARY_VERSION >= 0x00908000
+#ifndef OPENSSL_NO_EC
     have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC);
 #endif
 
     if (!(have_rsa || have_dsa
-#if SSL_LIBRARY_VERSION >= 0x00908000
+#ifndef OPENSSL_NO_EC
         || have_ecc
 #endif
           )) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-#if SSL_LIBRARY_VERSION >= 0x00908000
+#ifndef OPENSSL_NO_EC
                 "Oops, no RSA, DSA or ECC server private key found?!");
 #else
                 "Oops, no RSA or DSA server private key found?!");

Re: svn commit: r835046 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

["William A. Rowe Jr." <wr...@rowe-clan.net>]

Ruediger Pluem wrote:
> 
>>> Silly question; this breaks all 0.9.7 builds, right?  Is that deliberate?
>> It shouldn't. Does it (no 0.9.7 at hand right now)?
> No it doesn't:
> 
> --- httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h Tue Nov 10 07:55:13 2009
> 
> +/* ECC support came along in OpenSSL 1.0.0 */
> +#if (OPENSSL_VERSION_NUMBER < 0x10000000)
> +#define OPENSSL_NO_EC
> +#endif
> +

Can we PLEASE use the same hack for OCSP to avoid taking five different solutions
to the very same problem set?  That would be kindness :)

:)

Re: svn commit: r835046 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

[Ruediger Pluem <rp...@apache.org>]

On 11/11/2009 09:45 PM, Ruediger Pluem wrote:
> 
> On 11/11/2009 09:38 PM, William A. Rowe Jr. wrote:
>> rpluem@apache.org wrote:
>>> Author: rpluem
>>> Date: Wed Nov 11 20:27:10 2009
>>> New Revision: 835046
>>>
>>> URL: http://svn.apache.org/viewvc?rev=835046&view=rev
>>> Log:
>>> * Use correct #ifndef's to compile again on openssl 0.9.8 and fix compiler
>>>   warnings.
>>>          ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
>>> -#if SSL_LIBRARY_VERSION >= 0x00908000
>>> +#ifndef OPENSSL_NO_EC
>> Silly question; this breaks all 0.9.7 builds, right?  Is that deliberate?
> 
> It shouldn't. Does it (no 0.9.7 at hand right now)?

No it doesn't:

Modified: httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h?rev=834378&r1=834377&r2=834378&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h Tue Nov 10 07:55:13 2009
@@ -48,6 +48,11 @@
 #include <openssl/ocsp.h>
 #endif

+/* ECC support came along in OpenSSL 1.0.0 */
+#if (OPENSSL_VERSION_NUMBER < 0x10000000)
+#define OPENSSL_NO_EC
+#endif
+
 /** Avoid tripping over an engine build installed globally and detected
  * when the user points at an explicit non-engine flavor of OpenSSL
  */

Regards

Rüdiger

Re: svn commit: r835046 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

[Ruediger Pluem <rp...@apache.org>]

On 11/11/2009 09:38 PM, William A. Rowe Jr. wrote:
> rpluem@apache.org wrote:
>> Author: rpluem
>> Date: Wed Nov 11 20:27:10 2009
>> New Revision: 835046
>>
>> URL: http://svn.apache.org/viewvc?rev=835046&view=rev
>> Log:
>> * Use correct #ifndef's to compile again on openssl 0.9.8 and fix compiler
>>   warnings.
> 
>>          ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
>> -#if SSL_LIBRARY_VERSION >= 0x00908000
>> +#ifndef OPENSSL_NO_EC
> 
> Silly question; this breaks all 0.9.7 builds, right?  Is that deliberate?

It shouldn't. Does it (no 0.9.7 at hand right now)?

Regards

Rüdiger

Re: svn commit: r835046 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c

["William A. Rowe Jr." <wr...@rowe-clan.net>]

rpluem@apache.org wrote:
> Author: rpluem
> Date: Wed Nov 11 20:27:10 2009
> New Revision: 835046
> 
> URL: http://svn.apache.org/viewvc?rev=835046&view=rev
> Log:
> * Use correct #ifndef's to compile again on openssl 0.9.8 and fix compiler
>   warnings.

>          ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
> -#if SSL_LIBRARY_VERSION >= 0x00908000
> +#ifndef OPENSSL_NO_EC

Silly question; this breaks all 0.9.7 builds, right?  Is that deliberate?