You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by rj...@apache.org on 2015/05/24 18:36:27 UTC

svn commit: r1681485 - in /tomcat/native/branches/1.1.x/native/src: sslnetwork.c sslutils.c

Author: rjung
Date: Sun May 24 16:36:26 2015
New Revision: 1681485

URL: http://svn.apache.org/r1681485
Log:
Followon to r1658646 and r1658728: the modern
APIs we need to use because OpenSSL master hides
internals are not available for older OpenSSL.
Restore compatibility with 0.9.8 by accessing
internal structures for the old versions.

Modified:
    tomcat/native/branches/1.1.x/native/src/sslnetwork.c
    tomcat/native/branches/1.1.x/native/src/sslutils.c

Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=1681485&r1=1681484&r2=1681485&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Sun May 24 16:36:26 2015
@@ -642,7 +642,11 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene
     if (SSL_get_state(con->ssl) != SSL_ST_OK) {
         return APR_EGENERAL;
     }
+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
     SSL_set_state(con->ssl, SSL_ST_ACCEPT);
+#else
+    con->ssl->state = SSL_ST_ACCEPT;
+#endif
 
     apr_socket_timeout_get(con->sock, &timeout);
     ecode = SSL_ERROR_WANT_READ;

Modified: tomcat/native/branches/1.1.x/native/src/sslutils.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslutils.c?rev=1681485&r1=1681484&r2=1681485&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslutils.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslutils.c Sun May 24 16:36:26 2015
@@ -241,7 +241,14 @@ int SSL_CTX_use_certificate_chain(SSL_CT
     }
 
     /* free a perhaps already configured extra chain */
+#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
     SSL_CTX_clear_extra_chain_certs(ctx);
+#else
+    if (ctx->extra_certs != NULL) {
+        sk_X509_pop_free(ctx->extra_certs, X509_free);
+        ctx->extra_certs = NULL;
+    }
+#endif
 
     /* create new extra chain by loading the certs */
     n = 0;



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org