You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bi...@apache.org on 2015/11/03 03:07:20 UTC
svn commit: r1712199 - in /tomcat/native/branches/1.1.x/native/src: ssl.c
sslnetwork.c sslutils.c
Author: billbarker
Date: Tue Nov 3 02:07:20 2015
New Revision: 1712199
URL: http://svn.apache.org/viewvc?rev=1712199&view=rev
Log:
Align with OpenSSL master. The big change is that now OpenSSL take full control of the SSL state machine, so we can't change it anymore. But it also looks like doing a read after renegotiate isn't necessary anymore. I'll wait to see how Gump reacts before porting to 1.2.x
Modified:
tomcat/native/branches/1.1.x/native/src/ssl.c
tomcat/native/branches/1.1.x/native/src/sslnetwork.c
tomcat/native/branches/1.1.x/native/src/sslutils.c
Modified: tomcat/native/branches/1.1.x/native/src/ssl.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?rev=1712199&r1=1712198&r2=1712199&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/ssl.c (original)
+++ tomcat/native/branches/1.1.x/native/src/ssl.c Tue Nov 3 02:07:20 2015
@@ -654,12 +654,14 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize
TCN_FREE_CSTRING(engine);
return (jint)APR_SUCCESS;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (SSLeay() < 0x0090700L) {
TCN_FREE_CSTRING(engine);
tcn_ThrowAPRException(e, APR_EINVAL);
ssl_initialized = 0;
return (jint)APR_EINVAL;
}
+#enduf
/* We must register the library in full, to ensure our configuration
* code can successfully test the SSL environment.
*/
Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=1712199&r1=1712198&r2=1712199&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Tue Nov 3 02:07:20 2015
@@ -645,6 +645,7 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene
#endif
return APR_EGENERAL;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
SSL_set_state(con->ssl, SSL_ST_ACCEPT);
#else
@@ -668,13 +669,11 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene
break;
}
con->reneg_state = RENEG_REJECT;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
if (SSL_get_state(con->ssl) != SSL_ST_OK) {
-#else
- if (SSL_get_state(con->ssl) != TLS_ST_OK) {
-#endif
return APR_EGENERAL;
}
+#endif
return APR_SUCCESS;
}
Modified: tomcat/native/branches/1.1.x/native/src/sslutils.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslutils.c?rev=1712199&r1=1712198&r2=1712199&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslutils.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslutils.c Tue Nov 3 02:07:20 2015
@@ -225,7 +225,11 @@ int SSL_CTX_use_certificate_chain(SSL_CT
unsigned long err;
int n;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
+#else
+ if ((bio = BIO_new(BIO_s_file())) == NULL)
+#endif
return -1;
if (BIO_read_filename(bio, file) <= 0) {
BIO_free(bio);
@@ -534,9 +538,11 @@ void SSL_callback_handshake(const SSL *s
if ((where & SSL_CB_ACCEPT_LOOP) && con->reneg_state == RENEG_REJECT) {
int state = SSL_get_state(ssl);
- if (state == SSL3_ST_SR_CLNT_HELLO_A
#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (state == SSL3_ST_SR_CLNT_HELLO_A
|| state == SSL23_ST_SR_CLNT_HELLO_A
+#else
+ if (state == TLS_ST_SR_CLNT_HELLO
#endif
) {
con->reneg_state = RENEG_ABORT;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org