You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rj...@apache.org on 2016/02/20 17:46:38 UTC
svn commit: r1731423 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Author: rjung
Date: Sat Feb 20 16:46:38 2016
New Revision: 1731423
URL: http://svn.apache.org/viewvc?rev=1731423&view=rev
Log:
Support for OpenSSL 1.1.0
- Simplify code by using new 1.1.0 variant
also for older OpenSSL. Also tested with
1.0.2f and 0.9.8zh. No ssl test suite
failures.
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1731423&r1=1731422&r2=1731423&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Sat Feb 20 16:46:38 2016
@@ -939,9 +939,7 @@ int ssl_hook_Access(request_rec *r)
}
}
else {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
char peekbuf[1];
-#endif
const char *reneg_support;
request_rec *id = r->main ? r->main : r;
@@ -1001,25 +999,12 @@ int ssl_hook_Access(request_rec *r)
* However, this causes failures in perl-framework currently,
* perhaps pre-test if we have already negotiated?
*/
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-
-#ifdef OPENSSL_NO_SSL_INTERN
- SSL_set_state(ssl, SSL_ST_ACCEPT);
-#else
- ssl->state = SSL_ST_ACCEPT;
-#endif
- SSL_do_handshake(ssl);
-
-#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
-
/* Need to trigger renegotiation handshake by reading.
* Peeking 0 bytes actually works.
* See: http://marc.info/?t=145493359200002&r=1&w=2
*/
SSL_peek(ssl, peekbuf, 0);
-#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
-
sslconn->reneg_state = RENEG_REJECT;
if (!SSL_is_init_finished(ssl)) {
@@ -2092,23 +2077,12 @@ void ssl_callback_Info(const SSL *ssl, i
/* If the reneg state is to reject renegotiations, check the SSL
* state machine and move to ABORT if a Client Hello is being
* read. */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- if ((where & SSL_CB_ACCEPT_LOOP) && scr->reneg_state == RENEG_REJECT) {
- int state = SSL_get_state((SSL *)ssl);
-
- if (state == SSL3_ST_SR_CLNT_HELLO_A
- || state == SSL23_ST_SR_CLNT_HELLO_A) {
-#else
if (!scr->is_proxy &&
(where & SSL_CB_HANDSHAKE_START) &&
scr->reneg_state == RENEG_REJECT) {
-#endif
scr->reneg_state = RENEG_ABORT;
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
"rejecting client initiated renegotiation");
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- }
-#endif
}
/* If the first handshake is complete, change state to reject any
* subsequent client-initiated renegotiation. */
@@ -2312,11 +2286,7 @@ int ssl_callback_SessionTicket(SSL *ssl,
}
memcpy(keyname, ticket_key->key_name, 16);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH);
-#else
RAND_bytes(iv, EVP_MAX_IV_LENGTH);
-#endif
EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
ticket_key->aes_key, iv);
HMAC_Init_ex(hctx, ticket_key->hmac_secret, 16, tlsext_tick_md(), NULL);