You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ruediger Pluem <rp...@apache.org> on 2016/04/25 15:44:40 UTC
Re: svn commit: r1738415 - /httpd/httpd/trunk/support/ab.c
On 04/10/2016 12:19 PM, jfclere@apache.org wrote:
> Author: jfclere
> Date: Sun Apr 10 10:19:51 2016
> New Revision: 1738415
>
> URL: http://svn.apache.org/viewvc?rev=1738415&view=rev
> Log:
> print Server Temp Key information.
>
> Modified:
> httpd/httpd/trunk/support/ab.c
>
> Modified: httpd/httpd/trunk/support/ab.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/ab.c?rev=1738415&r1=1738414&r2=1738415&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/support/ab.c (original)
> +++ httpd/httpd/trunk/support/ab.c Sun Apr 10 10:19:51 2016
> @@ -709,6 +710,39 @@ static void ssl_proceed_handshake(struct
> SSL_CIPHER_get_name(ci),
> pk_bits, sk_bits);
> }
> + if (ssl_tmp_key == NULL) {
> + EVP_PKEY *key;
> + if (SSL_get_server_tmp_key(c->ssl, &key)) {
> + ssl_tmp_key = xmalloc(128);
> + switch (EVP_PKEY_id(key)) {
> + case EVP_PKEY_RSA:
> + apr_snprintf(ssl_tmp_key, 128, "RSA %d bits",
> + EVP_PKEY_bits(key));
> + break;
> + case EVP_PKEY_DH:
> + apr_snprintf(ssl_tmp_key, 128, "DH %d bits",
> + EVP_PKEY_bits(key));
> + break;
> +#ifndef OPENSSL_NO_EC
> + case EVP_PKEY_EC: {
> + const char *cname;
> + EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
> + int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
> + EC_KEY_free(ec);
> + cname = EC_curve_nid2nist(nid);
This breaks compilation with openssl < 1.0.2 which does not have
EC_curve_nid2nist.
> + if (!cname)
> + cname = OBJ_nid2sn(nid);
> +
> + apr_snprintf(ssl_tmp_key, 128, "ECDH %s %d bits",
> + cname,
> + EVP_PKEY_bits(key));
> + break;
> + }
> +#endif
> + }
> + EVP_PKEY_free(key);
> + }
> + }
> write_request(c);
> do_next = 0;
> break;
Regards
Rüdiger
Re: svn commit: r1738415 - /httpd/httpd/trunk/support/ab.c
Posted by Yann Ylavic <yl...@gmail.com>.
On Fri, Apr 29, 2016 at 9:59 AM, Ruediger Pluem <rp...@apache.org> wrote:
>
> Sounds good.
Applied in r1741566.
Re: svn commit: r1738415 - /httpd/httpd/trunk/support/ab.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 04/29/2016 09:50 AM, Yann Ylavic wrote:
> On Fri, Apr 29, 2016 at 9:38 AM, Ruediger Pluem <rp...@apache.org> wrote:
>> Anyone? Otherwise I would just revert on Monday.
>
> Maybe:
>
> Index: support/ab.c
> ===================================================================
> --- support/ab.c (revision 1741496)
> +++ support/ab.c (working copy)
> @@ -725,11 +725,13 @@ static void ssl_proceed_handshake(struct connectio
> break;
> #ifndef OPENSSL_NO_EC
> case EVP_PKEY_EC: {
> - const char *cname;
> + const char *cname = NULL;
> EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
> int nid =
> EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
> EC_KEY_free(ec);
> +#if OPENSSL_VERSION_NUMBER >= 0x10002000L
> cname = EC_curve_nid2nist(nid);
> +#endif
> if (!cname)
> cname = OBJ_nid2sn(nid);
>
> ?
>
> Regards,
> Yann.
>
Sounds good.
Regards
Rüdiger
Re: svn commit: r1738415 - /httpd/httpd/trunk/support/ab.c
Posted by Yann Ylavic <yl...@gmail.com>.
On Fri, Apr 29, 2016 at 9:38 AM, Ruediger Pluem <rp...@apache.org> wrote:
> Anyone? Otherwise I would just revert on Monday.
Maybe:
Index: support/ab.c
===================================================================
--- support/ab.c (revision 1741496)
+++ support/ab.c (working copy)
@@ -725,11 +725,13 @@ static void ssl_proceed_handshake(struct connectio
break;
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC: {
- const char *cname;
+ const char *cname = NULL;
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
int nid =
EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
EC_KEY_free(ec);
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
cname = EC_curve_nid2nist(nid);
+#endif
if (!cname)
cname = OBJ_nid2sn(nid);
?
Regards,
Yann.
Re: svn commit: r1738415 - /httpd/httpd/trunk/support/ab.c
Posted by Ruediger Pluem <rp...@apache.org>.
Anyone? Otherwise I would just revert on Monday.
Regards
Rüdiger
On 04/25/2016 03:44 PM, Ruediger Pluem wrote:
>
>
> On 04/10/2016 12:19 PM, jfclere@apache.org wrote:
>> Author: jfclere
>> Date: Sun Apr 10 10:19:51 2016
>> New Revision: 1738415
>>
>> URL: http://svn.apache.org/viewvc?rev=1738415&view=rev
>> Log:
>> print Server Temp Key information.
>>
>> Modified:
>> httpd/httpd/trunk/support/ab.c
>>
>> Modified: httpd/httpd/trunk/support/ab.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/ab.c?rev=1738415&r1=1738414&r2=1738415&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/support/ab.c (original)
>> +++ httpd/httpd/trunk/support/ab.c Sun Apr 10 10:19:51 2016
>
>> @@ -709,6 +710,39 @@ static void ssl_proceed_handshake(struct
>> SSL_CIPHER_get_name(ci),
>> pk_bits, sk_bits);
>> }
>> + if (ssl_tmp_key == NULL) {
>> + EVP_PKEY *key;
>> + if (SSL_get_server_tmp_key(c->ssl, &key)) {
>> + ssl_tmp_key = xmalloc(128);
>> + switch (EVP_PKEY_id(key)) {
>> + case EVP_PKEY_RSA:
>> + apr_snprintf(ssl_tmp_key, 128, "RSA %d bits",
>> + EVP_PKEY_bits(key));
>> + break;
>> + case EVP_PKEY_DH:
>> + apr_snprintf(ssl_tmp_key, 128, "DH %d bits",
>> + EVP_PKEY_bits(key));
>> + break;
>> +#ifndef OPENSSL_NO_EC
>> + case EVP_PKEY_EC: {
>> + const char *cname;
>> + EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
>> + int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
>> + EC_KEY_free(ec);
>> + cname = EC_curve_nid2nist(nid);
>
> This breaks compilation with openssl < 1.0.2 which does not have
> EC_curve_nid2nist.
>
>
>> + if (!cname)
>> + cname = OBJ_nid2sn(nid);
>> +
>> + apr_snprintf(ssl_tmp_key, 128, "ECDH %s %d bits",
>> + cname,
>> + EVP_PKEY_bits(key));
>> + break;
>> + }
>> +#endif
>> + }
>> + EVP_PKEY_free(key);
>> + }
>> + }
>> write_request(c);
>> do_next = 0;
>> break;
>
> Regards
>
> Rüdiger
>
>