Repository: trafficserver Updated Branches: refs/heads/master 3e6b4b920 -> b7d839157
TS-3382: Add support for the CRYPTO_THREADID calls to support openssl 1.1 Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/b7d83915 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/b7d83915 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/b7d83915 Branch: refs/heads/master Commit: b7d839157475be3c721f26b6a11e9c5bba393e58 Parents: 3e6b4b9 Author: shinrich <[email protected]> Authored: Sun Apr 12 18:08:17 2015 -0500 Committer: shinrich <[email protected]> Committed: Thu Jun 4 14:37:34 2015 -0500 ---------------------------------------------------------------------- iocore/net/SSLInternal.cc | 8 ++++---- iocore/net/SSLNetVConnection.cc | 8 +++++--- iocore/net/SSLUtils.cc | 22 ++++++++++++++-------- 3 files changed, 23 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b7d83915/iocore/net/SSLInternal.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLInternal.cc b/iocore/net/SSLInternal.cc index bccf2b5..ddfa36e 100644 --- a/iocore/net/SSLInternal.cc +++ b/iocore/net/SSLInternal.cc @@ -35,12 +35,12 @@ #include "P_SSLNetVConnection.h" void -SSL_set_rbio(SSLNetVConnection *sslvc, BIO *rbio) +SSL_set_rbio(SSL *ssl, BIO *rbio) { - if (sslvc->ssl->rbio != NULL) { - BIO_free(sslvc->ssl->rbio); + if (ssl->rbio != NULL) { + BIO_free(ssl->rbio); } - sslvc->ssl->rbio = rbio; + ssl->rbio = rbio; } #endif http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b7d83915/iocore/net/SSLNetVConnection.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index 1be57d5..4e3eb8c 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -27,9 +27,11 @@ #include "P_SSLUtils.h" #include "InkAPIInternal.h" // Added to include the ssl_hook definitions +#if !TS_USE_SET_RBIO // Defined in SSLInternal.c, should probably make a separate include // file for this at some point -void SSL_set_rbio(SSLNetVConnection *sslvc, BIO *rbio); +void SSL_set_rbio(SSL *ssl, BIO *rbio); +#endif #define SSL_READ_ERROR_NONE 0 #define SSL_READ_ERROR 1 @@ -368,7 +370,7 @@ SSLNetVConnection::read_raw_data() // Must be reset on each read BIO *rbio = BIO_new_mem_buf(start, this->handShakeBioStored); BIO_set_mem_eof_return(rbio, -1); - SSL_set_rbio(this, rbio); + SSL_set_rbio(this->ssl, rbio); return r; } @@ -525,7 +527,7 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread) // Must be reset on each read BIO *rbio = BIO_new_mem_buf(start, this->handShakeBioStored); BIO_set_mem_eof_return(rbio, -1); - SSL_set_rbio(this, rbio); + SSL_set_rbio(this->ssl, rbio); } } } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b7d83915/iocore/net/SSLUtils.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 12fca99..be44495 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -131,10 +131,10 @@ static InkHashTable *ssl_cipher_name_table = NULL; * may use pthreads and openssl without confusing us here. (TS-2271). */ -static unsigned long -SSL_pthreads_thread_id() +static void +SSL_pthreads_thread_id(CRYPTO_THREADID* id) { - return (unsigned long)pthread_self(); + CRYPTO_THREADID_set_numeric(id, (unsigned long)pthread_self()); } static void @@ -782,7 +782,7 @@ SSLInitializeLibrary() } CRYPTO_set_locking_callback(SSL_locking_callback); - CRYPTO_set_id_callback(SSL_pthreads_thread_id); + CRYPTO_THREADID_set_callback(SSL_pthreads_thread_id); } #ifdef SSL_CTX_set_tlsext_ticket_key_cb @@ -1066,7 +1066,7 @@ SSLDiagnostic(const SrcLoc &loc, bool debug, SSLNetVConnection *vc, const char * ats_ip_ntop(vc->get_remote_addr(), ip_buf, sizeof(ip_buf)); } - es = CRYPTO_thread_id(); + es = (unsigned long)pthread_self(); while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { if (debug) { if (unlikely(diags->on())) { @@ -1220,7 +1220,7 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config &sslMu ats_scoped_str completeServerCertPath; SSL_CTX *ctx = SSLDefaultServerContext(); EVP_MD_CTX digest; - STACK_OF(X509_NAME) * ca_list; + STACK_OF(X509_NAME) * ca_list = NULL; unsigned char hash_buf[EVP_MAX_MD_SIZE]; unsigned int hash_len = 0; char const *setting_cert = sslMultCertSettings.cert.get(); @@ -1409,8 +1409,14 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config &sslMu SSL_CTX_set_verify_depth(ctx, params->verify_depth); // might want to make configurable at some point. } - ca_list = SSL_load_client_CA_file(params->serverCACertFilename); - SSL_CTX_set_client_CA_list(ctx, ca_list); + // Set the list of CA's to send to client if we ask for a client + // certificate + if (params->serverCACertFilename) { + ca_list = SSL_load_client_CA_file(params->serverCACertFilename); + if (ca_list) { + SSL_CTX_set_client_CA_list(ctx, ca_list); + } + } EVP_MD_CTX_init(&digest); if (EVP_DigestInit_ex(&digest, evp_md_func, NULL) == 0) {
