You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2020/03/26 11:03:55 UTC

svn commit: r1875702 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_kernel.c ssl_private.h ssl_util_stapling.c

Author: jorton
Date: Thu Mar 26 11:03:54 2020
New Revision: 1875702

URL: http://svn.apache.org/viewvc?rev=1875702&view=rev
Log:
* modules/ssl/ssl_private.h: Define X509_up_ref and EVP_PKEY_up_ref
  for OpenSSL < 1.1.

* modules/ssl/ssl_engine_kernel.c (modssl_set_cert_info):
* modules/ssl/ssl_util_stapling.c (stapling_get_issuer): 
  Use the above macros for all OpenSSL versions.

Github: closes #104

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
    httpd/httpd/trunk/modules/ssl/ssl_private.h
    httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1875702&r1=1875701&r2=1875702&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Thu Mar 26 11:03:54 2020
@@ -1950,19 +1950,11 @@ static void modssl_proxy_info_log(conn_r
  * so we need to increment here to prevent them from
  * being freed.
  */
-#if MODSSL_USE_OPENSSL_PRE_1_1_API
-#define modssl_set_cert_info(info, cert, pkey) \
-    *cert = info->x509; \
-    CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \
-    *pkey = info->x_pkey->dec_pkey; \
-    CRYPTO_add(&(*pkey)->references, +1, CRYPTO_LOCK_X509_PKEY)
-#else
 #define modssl_set_cert_info(info, cert, pkey) \
     *cert = info->x509; \
     X509_up_ref(*cert); \
     *pkey = info->x_pkey->dec_pkey; \
     EVP_PKEY_up_ref(*pkey);
-#endif
 
 int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 {

Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=1875702&r1=1875701&r2=1875702&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Thu Mar 26 11:03:54 2020
@@ -237,6 +237,8 @@
 #define BIO_get_shutdown(x)        (x->shutdown)
 #define BIO_set_shutdown(x,v)      (x->shutdown=v)
 #define DH_bits(x)                 (BN_num_bits(x->p))
+#define X509_up_ref(x)             (CRYPTO_add(&(x)->references, +1, CRYPTO_LOCK_X509))
+#define EVP_PKEY_up_ref(pk)        (CRYPTO_add(&(pk)->references, +1, CRYPTO_LOCK_X509_PKEY))
 #else
 void init_bio_methods(void);
 void free_bio_methods(void);

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c?rev=1875702&r1=1875701&r2=1875702&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c Thu Mar 26 11:03:54 2020
@@ -107,11 +107,7 @@ static X509 *stapling_get_issuer(modssl_
     for (i = 0; i < sk_X509_num(extra_certs); i++) {
         issuer = sk_X509_value(extra_certs, i);
         if (X509_check_issued(issuer, x) == X509_V_OK) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-            CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509);
-#else
             X509_up_ref(issuer);
-#endif
             return issuer;
         }
     }