You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2009/11/11 21:27:11 UTC
svn commit: r835046 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Author: rpluem
Date: Wed Nov 11 20:27:10 2009
New Revision: 835046
URL: http://svn.apache.org/viewvc?rev=835046&view=rev
Log:
* Use correct #ifndef's to compile again on openssl 0.9.8 and fix compiler
warnings.
Noted by: sf
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?rev=835046&r1=835045&r2=835046&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_init.c Wed Nov 11 20:27:10 2009
@@ -936,10 +936,16 @@
apr_pool_t *ptemp,
modssl_ctx_t *mctx)
{
- const char *rsa_id, *dsa_id, *ecc_id;
+ const char *rsa_id, *dsa_id;
+#ifndef OPENSSL_NO_EC
+ const char *ecc_id;
+#endif
const char *vhost_id = mctx->sc->vhost_id;
int i;
- int have_rsa, have_dsa, have_ecc;
+ int have_rsa, have_dsa;
+#ifndef OPENSSL_NO_EC
+ int have_ecc;
+#endif
rsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_RSA);
dsa_id = ssl_asn1_table_keyfmt(ptemp, vhost_id, SSL_AIDX_DSA);
@@ -974,17 +980,17 @@
have_rsa = ssl_server_import_key(s, mctx, rsa_id, SSL_AIDX_RSA);
have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
-#if SSL_LIBRARY_VERSION >= 0x00908000
+#ifndef OPENSSL_NO_EC
have_ecc = ssl_server_import_key(s, mctx, ecc_id, SSL_AIDX_ECC);
#endif
if (!(have_rsa || have_dsa
-#if SSL_LIBRARY_VERSION >= 0x00908000
+#ifndef OPENSSL_NO_EC
|| have_ecc
#endif
)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
-#if SSL_LIBRARY_VERSION >= 0x00908000
+#ifndef OPENSSL_NO_EC
"Oops, no RSA, DSA or ECC server private key found?!");
#else
"Oops, no RSA or DSA server private key found?!");
Re: svn commit: r835046 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
Ruediger Pluem wrote:
>
>>> Silly question; this breaks all 0.9.7 builds, right? Is that deliberate?
>> It shouldn't. Does it (no 0.9.7 at hand right now)?
> No it doesn't:
>
> --- httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h Tue Nov 10 07:55:13 2009
>
> +/* ECC support came along in OpenSSL 1.0.0 */
> +#if (OPENSSL_VERSION_NUMBER < 0x10000000)
> +#define OPENSSL_NO_EC
> +#endif
> +
Can we PLEASE use the same hack for OCSP to avoid taking five different solutions
to the very same problem set? That would be kindness :)
:)
Re: svn commit: r835046 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 11/11/2009 09:45 PM, Ruediger Pluem wrote:
>
> On 11/11/2009 09:38 PM, William A. Rowe Jr. wrote:
>> rpluem@apache.org wrote:
>>> Author: rpluem
>>> Date: Wed Nov 11 20:27:10 2009
>>> New Revision: 835046
>>>
>>> URL: http://svn.apache.org/viewvc?rev=835046&view=rev
>>> Log:
>>> * Use correct #ifndef's to compile again on openssl 0.9.8 and fix compiler
>>> warnings.
>>> ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
>>> -#if SSL_LIBRARY_VERSION >= 0x00908000
>>> +#ifndef OPENSSL_NO_EC
>> Silly question; this breaks all 0.9.7 builds, right? Is that deliberate?
>
> It shouldn't. Does it (no 0.9.7 at hand right now)?
No it doesn't:
Modified: httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h?rev=834378&r1=834377&r2=834378&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_toolkit_compat.h Tue Nov 10 07:55:13 2009
@@ -48,6 +48,11 @@
#include <openssl/ocsp.h>
#endif
+/* ECC support came along in OpenSSL 1.0.0 */
+#if (OPENSSL_VERSION_NUMBER < 0x10000000)
+#define OPENSSL_NO_EC
+#endif
+
/** Avoid tripping over an engine build installed globally and detected
* when the user points at an explicit non-engine flavor of OpenSSL
*/
Regards
RĂ¼diger
Re: svn commit: r835046 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 11/11/2009 09:38 PM, William A. Rowe Jr. wrote:
> rpluem@apache.org wrote:
>> Author: rpluem
>> Date: Wed Nov 11 20:27:10 2009
>> New Revision: 835046
>>
>> URL: http://svn.apache.org/viewvc?rev=835046&view=rev
>> Log:
>> * Use correct #ifndef's to compile again on openssl 0.9.8 and fix compiler
>> warnings.
>
>> ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
>> -#if SSL_LIBRARY_VERSION >= 0x00908000
>> +#ifndef OPENSSL_NO_EC
>
> Silly question; this breaks all 0.9.7 builds, right? Is that deliberate?
It shouldn't. Does it (no 0.9.7 at hand right now)?
Regards
RĂ¼diger
Re: svn commit: r835046 - /httpd/httpd/trunk/modules/ssl/ssl_engine_init.c
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
rpluem@apache.org wrote:
> Author: rpluem
> Date: Wed Nov 11 20:27:10 2009
> New Revision: 835046
>
> URL: http://svn.apache.org/viewvc?rev=835046&view=rev
> Log:
> * Use correct #ifndef's to compile again on openssl 0.9.8 and fix compiler
> warnings.
> ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
> -#if SSL_LIBRARY_VERSION >= 0x00908000
> +#ifndef OPENSSL_NO_EC
Silly question; this breaks all 0.9.7 builds, right? Is that deliberate?