Updated Branches: refs/heads/master 5ce808d1a -> d26cb3920
TS-2552 configure fails to detect missing the #define for SSL_CTX_set_tlsext_ticket_key_cb(). Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/d26cb392 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/d26cb392 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/d26cb392 Branch: refs/heads/master Commit: d26cb39205ffc27e81a02c21c6e5a8c69a2bc09d Parents: 5ce808d Author: Leif Hedstrom <[email protected]> Authored: Tue Feb 4 09:52:39 2014 -0700 Committer: Leif Hedstrom <[email protected]> Committed: Tue Feb 4 09:52:39 2014 -0700 ---------------------------------------------------------------------- CHANGES | 3 +++ build/crypto.m4 | 35 ----------------------------------- configure.ac | 4 ---- iocore/net/SSLUtils.cc | 18 ++++++++++-------- lib/ts/ink_config.h.in | 1 - 5 files changed, 13 insertions(+), 48 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/d26cb392/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index 42af7d2..70860ed 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 4.2.0 + *) [TS-2552] configure fails to detect missing the #define for + SSL_CTX_set_tlsext_ticket_key_cb(). + *) [TS-2549] printf() compiler warnings on OSX (clang) with the CPP APIs. *) [TS-2532] Fix make distclean for C++ API examples. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/d26cb392/build/crypto.m4 ---------------------------------------------------------------------- diff --git a/build/crypto.m4 b/build/crypto.m4 index 08730c9..4c5f8eb 100644 --- a/build/crypto.m4 +++ b/build/crypto.m4 @@ -68,41 +68,6 @@ AC_DEFUN([TS_CHECK_CRYPTO_NEXTPROTONEG], [ AC_SUBST(use_tls_npn) ]) -AC_DEFUN([TS_CHECK_CRYPTO_TICKETS], [ - _tickets_saved_LIBS=$LIBS - enable_tls_tickets=yes - - TS_ADDTO(LIBS, [$OPENSSL_LIBS]) - AC_CHECK_HEADERS(openssl/tls1.h openssl/ssl.h openssl/ts.h openssl/hmac.h openssl/evp.h) - AC_MSG_CHECKING([for SSL_CTX_set_tlsext_ticket_key_cb]) - AC_COMPILE_IFELSE( - [ - AC_LANG_PROGRAM([[ -#if HAVE_OPENSSL_SSL_H -#include <openssl/ssl.h> -#endif -#if HAVE_OPENSSL_TLS1_H -#include <openssl/tls1.h> -#endif - ]], - [[SSL_CTX_set_tlsext_ticket_key_cb(NULL, NULL);]]) - ], - [ - AC_MSG_RESULT([yes]) - ], - [ - AC_MSG_RESULT([no]) - enable_tls_tickets=no - ]) - - LIBS=$_tickets_saved_LIBS - - AC_MSG_CHECKING(whether to enable TLS session ticket support) - AC_MSG_RESULT([$enable_tls_tickets]) - TS_ARG_ENABLE_VAR([use], [tls-tickets]) - AC_SUBST(use_tls_tickets) -]) - AC_DEFUN([TS_CHECK_CRYPTO_SNI], [ _sni_saved_LIBS=$LIBS enable_tls_sni=yes http://git-wip-us.apache.org/repos/asf/trafficserver/blob/d26cb392/configure.ac ---------------------------------------------------------------------- diff --git a/configure.ac b/configure.ac index 8458c04..05fa46f 100644 --- a/configure.ac +++ b/configure.ac @@ -1139,10 +1139,6 @@ TS_CHECK_CRYPTO_EC_KEYS TS_CHECK_CRYPTO_SNI # -# Check for RFC5077 TLS session ticket support. -TS_CHECK_CRYPTO_TICKETS - -# # Check for zlib presence and usability TS_CHECK_ZLIB http://git-wip-us.apache.org/repos/asf/trafficserver/blob/d26cb392/iocore/net/SSLUtils.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 44db439..4b1b646 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -70,9 +70,11 @@ typedef const SSL_METHOD * ink_ssl_method_t; typedef SSL_METHOD * ink_ssl_method_t; #endif -#if TS_USE_TLS_TICKETS -static int ssl_callback_session_ticket(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int); -#endif /* TS_USE_TLS_TICKETS */ +// Check if the ticket_key callback #define is available, and if so, enable session tickets. +#ifdef SSL_CTX_set_tlsext_ticket_key_cb +# define HAVE_OPENSSL_SESSION_TICKETS 1 + static int ssl_callback_session_ticket(SSL *, unsigned char *, unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int); +#endif /* SSL_CTX_set_tlsext_ticket_key_cb */ struct ssl_ticket_key_t { @@ -254,7 +256,7 @@ ssl_context_enable_ecdh(SSL_CTX * ctx) static SSL_CTX * ssl_context_enable_tickets(SSL_CTX * ctx, const char * ticket_key_path) { -#if TS_USE_TLS_TICKETS +#if HAVE_OPENSSL_SESSION_TICKETS xptr<char> ticket_key_data; int ticket_key_len; ssl_ticket_key_t * ticket_key = NULL; @@ -295,10 +297,10 @@ fail: delete ticket_key; return ctx; -#else /* TS_USE_TLS_TICKETS */ +#else /* !HAVE_OPENSSL_SESSION_TICKETS */ (void)ticket_key_path; return ctx; -#endif /* TS_USE_TLS_TICKETS */ +#endif /* HAVE_OPENSSL_SESSION_TICKETS */ } void @@ -900,7 +902,7 @@ SSLParseCertificateConfiguration( return true; } -#if TS_USE_TLS_TICKETS +#if HAVE_OPENSSL_SESSION_TICKETS /* * RFC 5077. Create session ticket to resume SSL session without requiring session-specific state at the TLS server. * Specifically, it distributes the encrypted session-state information to the client in the form of a ticket and @@ -945,7 +947,7 @@ ssl_callback_session_ticket( return -1; } -#endif /* TS_USE_TLS_TICKETS */ +#endif /* HAVE_OPENSSL_SESSION_TICKETS */ void SSLReleaseContext(SSL_CTX * ctx) http://git-wip-us.apache.org/repos/asf/trafficserver/blob/d26cb392/lib/ts/ink_config.h.in ---------------------------------------------------------------------- diff --git a/lib/ts/ink_config.h.in b/lib/ts/ink_config.h.in index ba6fd53..8268c5d 100644 --- a/lib/ts/ink_config.h.in +++ b/lib/ts/ink_config.h.in @@ -68,7 +68,6 @@ #define TS_USE_TLS_NPN @use_tls_npn@ #define TS_USE_TLS_SNI @use_tls_sni@ #define TS_USE_TLS_ECKEY @use_tls_eckey@ -#define TS_USE_TLS_TICKETS @use_tls_tickets@ #define TS_USE_LINUX_NATIVE_AIO @use_linux_native_aio@ #define TS_USE_COP_DEBUG @use_cop_debug@ #define TS_USE_INTERIM_CACHE @has_interim_cache@
