On Jul 27, 2009, at 7:13 PM, Paul Querna wrote:
-1 veto, please revert this commit. Unless I missed something, these changes were not voted on in the STATUS file. I think wrowe's endorsement was... badly worded.
Yeah, let's do this the right way and I will review and vote swiftly. S.
Thanks, Paul On Mon, Jul 27, 2009 at 7:08 PM, <[email protected]> wrote:Author: fuankg Date: Tue Jul 28 02:08:32 2009 New Revision: 798359 URL: http://svn.apache.org/viewvc?rev=798359&view=rev Log: backport support for OpenSSL 1.0.0 from HEAD. Based on: http://svn.apache.org/viewvc?view=rev&revision=748396 http://svn.apache.org/viewvc?view=rev&revision=749466 http://svn.apache.org/viewvc?view=rev&revision=798274 Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c httpd/httpd/branches/2.2.x/support/ab.c Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c?rev=798359&r1=798358&r2=798359&view=diff = = = = = = = = = =====================================================================--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c (original) +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c Tue Jul 28 02:08:32 2009@@ -573,7 +573,7 @@ ssl_die(); } - SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list); + SSL_CTX_set_client_CA_list(ctx, ca_list); } /* Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c?rev=798359&r1=798358&r2=798359&view=diff= = = = = = = = = ===================================================================== --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c (original) +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c Tue Jul 28 02:08:32 2009@@ -222,7 +222,7 @@ X509_STORE *cert_store = NULL; X509_STORE_CTX cert_store_ctx;STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;- SSL_CIPHER *cipher = NULL; + const SSL_CIPHER *cipher = NULL; int depth, verify_old, verify, n; if (ssl) { @@ -668,7 +668,7 @@ * sk_X509_shift-ed the peer cert out of the chain.* we put it back here for the purpose of quick_renegotiation.*/ - cert_stack = sk_new_null(); + cert_stack = sk_X509_new_null(); sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert); } Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c?rev=798359&r1=798358&r2=798359&view=diff= = = = = = = = = ===================================================================== --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c (original) +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c Tue Jul 28 02:08:32 2009@@ -628,7 +628,7 @@ ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize); if (ssl && strEQ(var, "")) { - SSL_CIPHER *cipher = SSL_get_current_cipher(ssl); + const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);result = (cipher != NULL ? (char *)SSL_CIPHER_get_name(cipher) : NULL);} else if (strcEQ(var, "_EXPORT")) @@ -649,7 +649,7 @@static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize){ - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; *usekeysize = 0; *algkeysize = 0; Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c?rev=798359&r1=798358&r2=798359&view=diff= = = = = = = = = =====================================================================--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c (original)+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c Tue Jul 28 02:08:32 2009@@ -294,7 +294,7 @@ #ifdef HAVE_SSL_X509V3_EXT_d2i X509_EXTENSION *ext; int ext_nid; - STACK *sk; + EXTENDED_KEY_USAGE *sk; BOOL is_sgc; int idx; int i; @@ -303,9 +303,9 @@ idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1); if (idx >= 0) { ext = X509_get_ext(cert, idx); - if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) { - for (i = 0; i < sk_num(sk); i++) {- ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_value(sk, i)); + if ((sk = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i(ext)) != NULL) {+ for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {+ ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_ASN1_OBJECT_value(sk, i));if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) { is_sgc = TRUE; break; @@ -467,7 +467,7 @@ X509 *x509; unsigned long err; int n; - STACK *extra_certs; + STACK_OF(X509) *extra_certs; if ((bio = BIO_new(BIO_s_file_internal())) == NULL) return -1; Modified: httpd/httpd/branches/2.2.x/support/ab.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/ab.c?rev=798359&r1=798358&r2=798359&view=diff= = = = = = = = = =====================================================================--- httpd/httpd/branches/2.2.x/support/ab.c (original) +++ httpd/httpd/branches/2.2.x/support/ab.c Tue Jul 28 02:08:32 2009 @@ -189,6 +189,12 @@ #endif +#if defined(USE_SSL) && (OPENSSL_VERSION_NUMBER >= 0x00909000) +#define AB_SSL_METHOD_CONST const +#else +#define AB_SSL_METHOD_CONST +#endif + #include <math.h> #if APR_HAVE_CTYPE_H #include <ctype.h> @@ -480,7 +486,7 @@ static int ssl_print_connection_info(BIO *bio, SSL *ssl) { - SSL_CIPHER *c; + const SSL_CIPHER *c; int alg_bits,bits; c = SSL_get_current_cipher(ssl); @@ -566,7 +572,7 @@ if (verbosity >= 2) ssl_print_info(c); if (ssl_info == NULL) { - SSL_CIPHER *ci; + const SSL_CIPHER *ci; X509 *cert; int sk_bits, pk_bits, swork; @@ -1981,7 +1987,7 @@ const char *optarg; char c; #ifdef USE_SSL - SSL_METHOD *meth = SSLv23_client_method(); + AB_SSL_METHOD_CONST SSL_METHOD *meth = SSLv23_client_method(); #endif /* table defaults */
-- Sander Temme [email protected] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
smime.p7s
Description: S/MIME cryptographic signature
