This is an automated email from the ASF dual-hosted git repository. maskit pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push: new e80389f Make ATS buildable with BoringSSL again e80389f is described below commit e80389f9e0120ced282d459f81e843c8f2fda71d Author: Masakazu Kitajo <mas...@apache.org> AuthorDate: Fri May 25 15:26:24 2018 +0900 Make ATS buildable with BoringSSL again --- iocore/net/P_OCSPStapling.h | 5 +++++ iocore/net/SSLUtils.cc | 7 +++++++ lib/ts/HashMD5.cc | 6 ++++++ proxy/InkAPI.cc | 2 ++ 4 files changed, 20 insertions(+) diff --git a/iocore/net/P_OCSPStapling.h b/iocore/net/P_OCSPStapling.h index 1078d8d..007cc91 100644 --- a/iocore/net/P_OCSPStapling.h +++ b/iocore/net/P_OCSPStapling.h @@ -23,8 +23,13 @@ #include <openssl/ssl.h> +#ifdef OCSP_sendreq_new #define HAVE_OPENSSL_OCSP_STAPLING 1 +#endif + +#ifdef HAVE_OPENSSL_OCSP_STAPLING void ssl_stapling_ex_init(); bool ssl_stapling_init_cert(SSL_CTX *ctx, X509 *cert, const char *certname); void ocsp_update(); int ssl_callback_ocsp_stapling(SSL *); +#endif diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 7b240eb..54b56a0 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -888,7 +888,9 @@ void SSLPostConfigInitialize() { if (SSLConfigParams::engine_conf_file) { +#ifndef OPENSSL_IS_BORINGSSL ENGINE_load_dynamic(); +#endif OPENSSL_load_builtin_modules(); if (CONF_modules_load_file(SSLConfigParams::engine_conf_file, nullptr, 0) <= 0) { @@ -1505,9 +1507,14 @@ ssl_callback_info(const SSL *ssl, int where, int ret) #ifdef SSL3_ST_SR_CLNT_HELLO_A if (state == SSL3_ST_SR_CLNT_HELLO_A) { #else +#ifdef SSL_ST_RENEGOTIATE + // This is for BoringSSL + if (state == SSL_ST_RENEGOTIATE) { +#else if (state == TLS_ST_SR_CLNT_HELLO) { #endif #endif +#endif netvc->setSSLClientRenegotiationAbort(true); Debug("ssl", "ssl_callback_info trying to renegotiate from the client"); } diff --git a/lib/ts/HashMD5.cc b/lib/ts/HashMD5.cc index c8b0340..e1fd6ec 100644 --- a/lib/ts/HashMD5.cc +++ b/lib/ts/HashMD5.cc @@ -68,7 +68,13 @@ ATSHashMD5::size() const void ATSHashMD5::clear() { +#ifndef OPENSSL_IS_BORINGSSL int ret = EVP_MD_CTX_reset(ctx); +#else + // OpenSSL's EVP_MD_CTX_reset always returns 1 + int ret = 1; + EVP_MD_CTX_reset(ctx); +#endif ink_assert(ret == 1); ret = EVP_DigestInit_ex(ctx, EVP_md5(), nullptr); ink_assert(ret == 1); diff --git a/proxy/InkAPI.cc b/proxy/InkAPI.cc index b1bf3fe..c971f88 100644 --- a/proxy/InkAPI.cc +++ b/proxy/InkAPI.cc @@ -9279,6 +9279,7 @@ TSSslServerContextCreate(TSSslX509 cert, const char *certname) SSLConfigParams *config = SSLConfig::acquire(); if (config != nullptr) { ret = reinterpret_cast<TSSslContext>(SSLCreateServerContext(config)); +#ifdef HAVE_OPENSSL_OCSP_STAPLING if (ret && SSLConfigParams::ssl_ocsp_enabled && cert && certname) { if (SSL_CTX_set_tlsext_status_cb(reinterpret_cast<SSL_CTX *>(ret), ssl_callback_ocsp_stapling)) { if (!ssl_stapling_init_cert(reinterpret_cast<SSL_CTX *>(ret), reinterpret_cast<X509 *>(cert), certname)) { @@ -9286,6 +9287,7 @@ TSSslServerContextCreate(TSSslX509 cert, const char *certname) } } } +#endif SSLConfig::release(config); } return ret; -- To stop receiving notification emails like this one, please contact mas...@apache.org.