-1 veto, please revert this commit. Unless I missed something, these changes were not voted on in the STATUS file. I think wrowe's endorsement was... badly worded.
Thanks, Paul On Mon, Jul 27, 2009 at 7:08 PM, <[email protected]> wrote: > Author: fuankg > Date: Tue Jul 28 02:08:32 2009 > New Revision: 798359 > > URL: http://svn.apache.org/viewvc?rev=798359&view=rev > Log: > backport support for OpenSSL 1.0.0 from HEAD. Based on: > http://svn.apache.org/viewvc?view=rev&revision=748396 > http://svn.apache.org/viewvc?view=rev&revision=749466 > http://svn.apache.org/viewvc?view=rev&revision=798274 > > Modified: > httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c > httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c > httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c > httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c > httpd/httpd/branches/2.2.x/support/ab.c > > Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c?rev=798359&r1=798358&r2=798359&view=diff > ============================================================================== > --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c (original) > +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c Tue Jul 28 > 02:08:32 2009 > @@ -573,7 +573,7 @@ > ssl_die(); > } > > - SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list); > + SSL_CTX_set_client_CA_list(ctx, ca_list); > } > > /* > > Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c?rev=798359&r1=798358&r2=798359&view=diff > ============================================================================== > --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c (original) > +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c Tue Jul 28 > 02:08:32 2009 > @@ -222,7 +222,7 @@ > X509_STORE *cert_store = NULL; > X509_STORE_CTX cert_store_ctx; > STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL; > - SSL_CIPHER *cipher = NULL; > + const SSL_CIPHER *cipher = NULL; > int depth, verify_old, verify, n; > > if (ssl) { > @@ -668,7 +668,7 @@ > * sk_X509_shift-ed the peer cert out of the chain. > * we put it back here for the purpose of quick_renegotiation. > */ > - cert_stack = sk_new_null(); > + cert_stack = sk_X509_new_null(); > sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert); > } > > > Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c?rev=798359&r1=798358&r2=798359&view=diff > ============================================================================== > --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c (original) > +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c Tue Jul 28 > 02:08:32 2009 > @@ -628,7 +628,7 @@ > ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize); > > if (ssl && strEQ(var, "")) { > - SSL_CIPHER *cipher = SSL_get_current_cipher(ssl); > + const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl); > result = (cipher != NULL ? (char *)SSL_CIPHER_get_name(cipher) : > NULL); > } > else if (strcEQ(var, "_EXPORT")) > @@ -649,7 +649,7 @@ > > static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int > *algkeysize) > { > - SSL_CIPHER *cipher; > + const SSL_CIPHER *cipher; > > *usekeysize = 0; > *algkeysize = 0; > > Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c?rev=798359&r1=798358&r2=798359&view=diff > ============================================================================== > --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c (original) > +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c Tue Jul 28 02:08:32 > 2009 > @@ -294,7 +294,7 @@ > #ifdef HAVE_SSL_X509V3_EXT_d2i > X509_EXTENSION *ext; > int ext_nid; > - STACK *sk; > + EXTENDED_KEY_USAGE *sk; > BOOL is_sgc; > int idx; > int i; > @@ -303,9 +303,9 @@ > idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1); > if (idx >= 0) { > ext = X509_get_ext(cert, idx); > - if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) { > - for (i = 0; i < sk_num(sk); i++) { > - ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_value(sk, i)); > + if ((sk = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i(ext)) != NULL) { > + for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) { > + ext_nid = OBJ_obj2nid((ASN1_OBJECT > *)sk_ASN1_OBJECT_value(sk, i)); > if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) { > is_sgc = TRUE; > break; > @@ -467,7 +467,7 @@ > X509 *x509; > unsigned long err; > int n; > - STACK *extra_certs; > + STACK_OF(X509) *extra_certs; > > if ((bio = BIO_new(BIO_s_file_internal())) == NULL) > return -1; > > Modified: httpd/httpd/branches/2.2.x/support/ab.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/ab.c?rev=798359&r1=798358&r2=798359&view=diff > ============================================================================== > --- httpd/httpd/branches/2.2.x/support/ab.c (original) > +++ httpd/httpd/branches/2.2.x/support/ab.c Tue Jul 28 02:08:32 2009 > @@ -189,6 +189,12 @@ > > #endif > > +#if defined(USE_SSL) && (OPENSSL_VERSION_NUMBER >= 0x00909000) > +#define AB_SSL_METHOD_CONST const > +#else > +#define AB_SSL_METHOD_CONST > +#endif > + > #include <math.h> > #if APR_HAVE_CTYPE_H > #include <ctype.h> > @@ -480,7 +486,7 @@ > > static int ssl_print_connection_info(BIO *bio, SSL *ssl) > { > - SSL_CIPHER *c; > + const SSL_CIPHER *c; > int alg_bits,bits; > > c = SSL_get_current_cipher(ssl); > @@ -566,7 +572,7 @@ > if (verbosity >= 2) > ssl_print_info(c); > if (ssl_info == NULL) { > - SSL_CIPHER *ci; > + const SSL_CIPHER *ci; > X509 *cert; > int sk_bits, pk_bits, swork; > > @@ -1981,7 +1987,7 @@ > const char *optarg; > char c; > #ifdef USE_SSL > - SSL_METHOD *meth = SSLv23_client_method(); > + AB_SSL_METHOD_CONST SSL_METHOD *meth = SSLv23_client_method(); > #endif > > /* table defaults */ > > >
