You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2019/08/28 16:39:12 UTC
[tomcat-native] branch master updated: Use new OpenSSL v1.1+
initialization API
This is an automated email from the ASF dual-hosted git repository.
mturk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/master by this push:
new b8649e8 Use new OpenSSL v1.1+ initialization API
b8649e8 is described below
commit b8649e81458194d70667952d9e26df82a79c773f
Author: Mladen Turk <mt...@jboss.org>
AuthorDate: Wed Aug 28 18:38:58 2019 +0200
Use new OpenSSL v1.1+ initialization API
---
native/src/ssl.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/native/src/ssl.c b/native/src/ssl.c
index 9dbdcd4..473ca49 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -371,6 +371,11 @@ static apr_status_t ssl_init_cleanup(void *data)
#endif
free_dh_params();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /* Openssl v1.1+ handles all termination automatically. Do
+ * nothing in this case.
+ */
+#else
/*
* Try to kill the internals of the SSL library.
*/
@@ -393,6 +398,7 @@ static apr_status_t ssl_init_cleanup(void *data)
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ERR_remove_thread_state(NULL);
#endif
+#endif
#ifdef HAVE_KEYLOG_CALLBACK
if (key_log_file) {
@@ -783,7 +789,14 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine)
TCN_FREE_CSTRING(engine);
return (jint)APR_SUCCESS;
}
-
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /* Openssl v1.1+ handles all initialisation automatically, apart
+ * from hints as to how we want to use the library.
+ *
+ * We tell openssl we want to include engine support.
+ */
+ OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+#else
/* We must register the library in full, to ensure our configuration
* code can successfully test the SSL environment.
*/
@@ -797,7 +810,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine)
#endif
OPENSSL_load_builtin_modules();
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if ! (defined(WIN32) || defined(WIN64))
err = apr_threadkey_private_create(&thread_exit_key, _ssl_thread_exit,
tcn_global_pool);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org