OpenSSL is preparing a 1.1.0 release which introduces API and ABI
incompatibilities (described in an in-progress[0] wiki page).
[0]: https://wiki.openssl.org/index.php/1.1_API_Changes
A rebuild[1] of all Debian packages using OpenSSL found that serf is
affected by these changes, specifically making BIO/BIO_METHOD opaque and
removing the need for the locking functions[2].
[1]: https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/
[2]:
https://github.com/openssl/openssl/blob/dae00d631fdaed48d88c454864abbd6ce99c63d6/include/openssl/crypto.h#L209-L216
The attached patches fix the build and pass the test suites both with
OpenSSL 1.0.2h and a pre-release of OpenSSL 1.1.0, but more eyes are
always good.
I'm including patches for both branches/1.3.x and trunk since there's a
bit of divergence between the two.
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
Index: trunk/buckets/ssl_buckets.c
===================================================================
--- trunk/buckets/ssl_buckets.c (revision 1747950)
+++ trunk/buckets/ssl_buckets.c (working copy)
@@ -49,7 +49,13 @@
#define APR_ARRAY_PUSH(ary,type) (*((type *)apr_array_push(ary)))
#endif
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define USE_OPENSSL_1_1_API
+#else
+#define X509_STORE_get0_param(store) store->param
+#endif
+
/*
* Here's an overview of the SSL bucket's relationship to OpenSSL and serf.
*
@@ -294,7 +300,11 @@
#endif
/* The server asked to renegotiate the SSL session. */
+#ifdef USE_OPENSSL_1_1_API
+ if (SSL_get_state(s) == TLS_ST_SW_HELLO_REQ) {
+#else
if (SSL_state(s) == SSL_ST_RENEGOTIATE) {
+#endif
serf_ssl_context_t *ssl_ctx = SSL_get_app_data(s);
ssl_ctx->renegotiation = 1;
@@ -310,10 +320,28 @@
}
+static void bio_set_data(BIO *bio, void *data)
+{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_set_data(bio, data);
+#else
+ bio->ptr = data;
+#endif
+}
+
+static void *bio_get_data(BIO *bio)
+{
+#ifdef USE_OPENSSL_1_1_API
+ return BIO_get_data(bio);
+#else
+ return bio->ptr;
+#endif
+}
+
/* Returns the amount read. */
static int bio_bucket_read(BIO *bio, char *in, int inlen)
{
- serf_ssl_context_t *ctx = bio->ptr;
+ serf_ssl_context_t *ctx = bio_get_data(bio);
const char *data;
apr_status_t status;
apr_size_t len;
@@ -356,7 +384,7 @@
/* Returns the amount written. */
static int bio_bucket_write(BIO *bio, const char *in, int inl)
{
- serf_ssl_context_t *ctx = bio->ptr;
+ serf_ssl_context_t *ctx = bio_get_data(bio);
serf_bucket_t *tmp;
serf__log(LOGLVL_DEBUG, LOGCOMP_SSL, __FILE__, ctx->config,
@@ -384,7 +412,7 @@
/* Returns the amount read. */
static int bio_file_read(BIO *bio, char *in, int inlen)
{
- apr_file_t *file = bio->ptr;
+ apr_file_t *file = bio_get_data(bio);
apr_status_t status;
apr_size_t len;
@@ -406,7 +434,7 @@
/* Returns the amount written. */
static int bio_file_write(BIO *bio, const char *in, int inl)
{
- apr_file_t *file = bio->ptr;
+ apr_file_t *file = bio_get_data(bio);
apr_size_t nbytes;
BIO_clear_retry_flags(bio);
@@ -419,7 +447,7 @@
static int bio_file_gets(BIO *bio, char *in, int inlen)
{
- apr_file_t *file = bio->ptr;
+ apr_file_t *file = bio_get_data(bio);
apr_status_t status;
status = apr_file_gets(in, inlen, file);
@@ -435,10 +463,16 @@
static int bio_bucket_create(BIO *bio)
{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_set_shutdown(bio, 1);
+ BIO_set_init(bio, 1);
+ BIO_set_data(bio, NULL);
+#else
bio->shutdown = 1;
bio->init = 1;
bio->num = -1;
bio->ptr = NULL;
+#endif
return 1;
}
@@ -472,6 +506,7 @@
return ret;
}
+#ifndef USE_OPENSSL_1_1_API
static BIO_METHOD bio_bucket_method = {
BIO_TYPE_MEM,
"Serf SSL encryption and decryption buckets",
@@ -501,7 +536,50 @@
NULL /* sslc does not have the callback_ctrl field */
#endif
};
+#endif
+static BIO_METHOD *bio_meth_bucket_new(void)
+{
+ BIO_METHOD *biom = NULL;
+
+#ifdef USE_OPENSSL_1_1_API
+ biom = BIO_meth_new(BIO_TYPE_MEM,
+ "Serf SSL encryption and decryption buckets");
+ if (biom) {
+ BIO_meth_set_write(biom, bio_bucket_write);
+ BIO_meth_set_read(biom, bio_bucket_read);
+ BIO_meth_set_ctrl(biom, bio_bucket_ctrl);
+ BIO_meth_set_create(biom, bio_bucket_create);
+ BIO_meth_set_destroy(biom, bio_bucket_destroy);
+ }
+#else
+ biom = &bio_bucket_method;
+#endif
+
+ return biom;
+}
+
+static BIO_METHOD *bio_meth_file_new(void)
+{
+ BIO_METHOD *biom = NULL;
+
+#ifdef USE_OPENSSL_1_1_API
+ biom = BIO_meth_new(BIO_TYPE_FILE, "Wrapper around APR file structures");
+ if (biom) {
+ BIO_meth_set_write(biom, bio_file_write);
+ BIO_meth_set_read(biom, bio_file_read);
+ BIO_meth_set_gets(biom, bio_file_gets);
+ BIO_meth_set_ctrl(biom, bio_bucket_ctrl);
+ BIO_meth_set_create(biom, bio_bucket_create);
+ BIO_meth_set_destroy(biom, bio_bucket_destroy);
+ }
+#else
+ biom = &bio_file_method;
+#endif
+
+ return biom;
+}
+
#ifndef OPENSSL_NO_TLSEXT
/* Callback called when the server response has some OCSP info.
Returns 1 if the application accepts the OCSP response as successful,
@@ -511,7 +589,6 @@
{
serf_ssl_context_t *ctx = (serf_ssl_context_t*)baton;
OCSP_RESPONSE *response;
- OCSP_RESPBYTES *rb;
const unsigned char *resp_der;
int len;
long resp_status;
@@ -533,10 +610,8 @@
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
- rb = response->responseBytes;
-
/* Did the server get a valid response from the OCSP responder */
- resp_status = ASN1_ENUMERATED_get(response->responseStatus);
+ resp_status = OCSP_response_status(response);
switch (resp_status) {
case OCSP_RESPONSE_STATUS_SUCCESSFUL:
break;
@@ -1028,8 +1103,12 @@
/* Once we got through the initial handshake, we should have received
the ALPN information if there is such information. */
ctx->handshake_finished = SSL_is_init_finished(ctx->ssl)
+#ifdef USE_OPENSSL_1_1_API
+ || (SSL_get_state(ctx->ssl) == TLS_ST_OK);
+#else
|| (SSL_state(ctx->ssl)
& SSL_CB_HANDSHAKE_DONE);
+#endif
/* Call the protocol callback as soon as possible as this triggers
pipelining data for the selected protocol. */
@@ -1226,7 +1305,7 @@
return status;
}
-#if APR_HAS_THREADS
+#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API)
static apr_pool_t *ssl_pool;
static apr_thread_mutex_t **ssl_locks;
@@ -1313,7 +1392,7 @@
val = apr_atomic_cas32(&have_init_ssl, INIT_BUSY, INIT_UNINITIALIZED);
if (!val) {
-#if APR_HAS_THREADS
+#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API)
int i, numlocks;
#endif
@@ -1330,13 +1409,17 @@
}
#endif
+#ifdef USE_OPENSSL_1_1_API
+ OPENSSL_malloc_init();
+#else
CRYPTO_malloc_init();
+#endif
ERR_load_crypto_strings();
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
-#if APR_HAS_THREADS
+#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API)
numlocks = CRYPTO_num_locks();
apr_pool_create(&ssl_pool, NULL);
ssl_locks = apr_palloc(ssl_pool, sizeof(apr_thread_mutex_t*)*numlocks);
@@ -1418,8 +1501,8 @@
continue;
}
- bio = BIO_new(&bio_file_method);
- bio->ptr = cert_file;
+ bio = BIO_new(bio_meth_file_new());
+ bio_set_data(bio, cert_file);
ctx->cert_path = cert_path;
p12 = d2i_PKCS12_bio(bio, NULL);
@@ -1630,8 +1713,8 @@
disable_compression(ssl_ctx);
ssl_ctx->ssl = SSL_new(ssl_ctx->ctx);
- ssl_ctx->bio = BIO_new(&bio_bucket_method);
- ssl_ctx->bio->ptr = ssl_ctx;
+ ssl_ctx->bio = BIO_new(bio_meth_bucket_new());
+ bio_set_data(ssl_ctx->bio, ssl_ctx);
SSL_set_bio(ssl_ctx->ssl, ssl_ctx->bio, ssl_ctx->bio);
@@ -1835,8 +1918,8 @@
init_ssl_libraries();
- bio = BIO_new(&bio_file_method);
- bio->ptr = cert_file;
+ bio = BIO_new(bio_meth_file_new());
+ bio_set_data(bio, cert_file);
ssl_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
@@ -1880,7 +1963,7 @@
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|
X509_V_FLAG_CRL_CHECK_ALL);
} else {
- X509_VERIFY_PARAM_clear_flags(store->param, X509_V_FLAG_CRL_CHECK|
+ X509_VERIFY_PARAM_clear_flags(X509_STORE_get0_param(store), X509_V_FLAG_CRL_CHECK|
X509_V_FLAG_CRL_CHECK_ALL);
}
return APR_SUCCESS;
@@ -1903,8 +1986,8 @@
return status;
}
- bio = BIO_new(&bio_file_method);
- bio->ptr = crl_file;
+ bio = BIO_new(bio_meth_file_new());
+ bio_set_data(bio, crl_file);
crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL);
Index: trunk/test/MockHTTPinC/MockHTTP_server.c
===================================================================
--- trunk/test/MockHTTPinC/MockHTTP_server.c (revision 1747950)
+++ trunk/test/MockHTTPinC/MockHTTP_server.c (working copy)
@@ -2239,6 +2239,10 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define USE_OPENSSL_1_1_API
+#endif
+
struct sslCtx_t {
bool handshake_done;
bool renegotiate;
@@ -2273,14 +2277,38 @@
*/
static int bio_apr_socket_create(BIO *bio)
{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_set_shutdown(bio, 1);
+ BIO_set_init(bio, 1);
+ BIO_set_data(bio, NULL);
+#else
bio->shutdown = 1;
bio->init = 1;
bio->num = -1;
bio->ptr = NULL;
+#endif
return 1;
}
+static void bio_set_data(BIO *bio, void *data)
+{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_set_data(bio, data);
+#else
+ bio->ptr = data;
+#endif
+}
+
+static void *bio_get_data(BIO *bio)
+{
+#ifdef USE_OPENSSL_1_1_API
+ return BIO_get_data(bio);
+#else
+ return bio->ptr;
+#endif
+}
+
/**
* OpenSSL BIO callback. Cleans up the BIO structure.
*/
@@ -2322,7 +2350,7 @@
static int bio_apr_socket_read(BIO *bio, char *in, int inlen)
{
apr_size_t len = inlen;
- _mhClientCtx_t *cctx = bio->ptr;
+ _mhClientCtx_t *cctx = bio_get_data(bio);
sslCtx_t *ssl_ctx = cctx->ssl_ctx;
apr_status_t status;
@@ -2351,7 +2379,7 @@
static int bio_apr_socket_write(BIO *bio, const char *in, int inlen)
{
apr_size_t len = inlen;
- _mhClientCtx_t *cctx = bio->ptr;
+ _mhClientCtx_t *cctx = bio_get_data(bio);
sslCtx_t *ssl_ctx = cctx->ssl_ctx;
apr_status_t status;
@@ -2375,6 +2403,7 @@
}
+#ifndef USE_OPENSSL_1_1_API
static BIO_METHOD bio_apr_socket_method = {
BIO_TYPE_SOCKET,
"APR sockets",
@@ -2389,7 +2418,28 @@
NULL /* sslc does not have the callback_ctrl field */
#endif
};
+#endif
+static BIO_METHOD *bio_meth_apr_socket_new(void)
+{
+ BIO_METHOD *biom = NULL;
+
+#ifdef USE_OPENSSL_1_1_API
+ biom = BIO_meth_new(BIO_TYPE_SOCKET, "APR sockets");
+ if (biom) {
+ BIO_meth_set_write(biom, bio_apr_socket_write);
+ BIO_meth_set_read(biom, bio_apr_socket_read);
+ BIO_meth_set_ctrl(biom, bio_apr_socket_ctrl);
+ BIO_meth_set_create(biom, bio_apr_socket_create);
+ BIO_meth_set_destroy(biom, bio_apr_socket_destroy);
+ }
+#else
+ biom = &bio_apr_socket_method;
+#endif
+
+ return biom;
+}
+
static int ocspCreateResponse(OCSP_RESPONSE **resp, mhOCSPRespnseStatus_t status)
{
int ret = 1;
@@ -2608,7 +2658,11 @@
/* Init OpenSSL globally */
if (!init_done)
{
+#ifdef USE_OPENSSL_1_1_API
+ OPENSSL_malloc_init();
+#else
CRYPTO_malloc_init();
+#endif
ERR_load_crypto_strings();
SSL_load_error_strings();
SSL_library_init();
@@ -2720,8 +2774,8 @@
| SSL_MODE_ENABLE_PARTIAL_WRITE
| SSL_MODE_AUTO_RETRY);
- ssl_ctx->bio = BIO_new(&bio_apr_socket_method);
- ssl_ctx->bio->ptr = cctx;
+ ssl_ctx->bio = BIO_new(bio_meth_apr_socket_new());
+ bio_set_data(ssl_ctx->bio, cctx);
initSSL(cctx);
apr_pool_cleanup_register(cctx->pool, cctx,
Index: branches/1.3.x/buckets/ssl_buckets.c
===================================================================
--- branches/1.3.x/buckets/ssl_buckets.c (revision 1747950)
+++ branches/1.3.x/buckets/ssl_buckets.c (working copy)
@@ -52,7 +52,11 @@
#define APR_ARRAY_PUSH(ary,type) (*((type *)apr_array_push(ary)))
#endif
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define USE_OPENSSL_1_1_API
+#endif
+
/*
* Here's an overview of the SSL bucket's relationship to OpenSSL and serf.
*
@@ -232,10 +236,28 @@
}
#endif
+static void bio_set_data(BIO *bio, void *data)
+{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_set_data(bio, data);
+#else
+ bio->ptr = data;
+#endif
+}
+
+static void *bio_get_data(BIO *bio)
+{
+#ifdef USE_OPENSSL_1_1_API
+ return BIO_get_data(bio);
+#else
+ return bio->ptr;
+#endif
+}
+
/* Returns the amount read. */
static int bio_bucket_read(BIO *bio, char *in, int inlen)
{
- serf_ssl_context_t *ctx = bio->ptr;
+ serf_ssl_context_t *ctx = bio_get_data(bio);
const char *data;
apr_status_t status;
apr_size_t len;
@@ -279,7 +301,7 @@
/* Returns the amount written. */
static int bio_bucket_write(BIO *bio, const char *in, int inl)
{
- serf_ssl_context_t *ctx = bio->ptr;
+ serf_ssl_context_t *ctx = bio_get_data(bio);
serf_bucket_t *tmp;
serf__log(SSL_VERBOSE, __FILE__, "bio_bucket_write called for %d bytes\n",
@@ -307,7 +329,7 @@
/* Returns the amount read. */
static int bio_file_read(BIO *bio, char *in, int inlen)
{
- apr_file_t *file = bio->ptr;
+ apr_file_t *file = bio_get_data(bio);
apr_status_t status;
apr_size_t len;
@@ -329,7 +351,7 @@
/* Returns the amount written. */
static int bio_file_write(BIO *bio, const char *in, int inl)
{
- apr_file_t *file = bio->ptr;
+ apr_file_t *file = bio_get_data(bio);
apr_size_t nbytes;
BIO_clear_retry_flags(bio);
@@ -342,7 +364,7 @@
static int bio_file_gets(BIO *bio, char *in, int inlen)
{
- apr_file_t *file = bio->ptr;
+ apr_file_t *file = bio_get_data(bio);
apr_status_t status;
status = apr_file_gets(in, inlen, file);
@@ -358,10 +380,16 @@
static int bio_bucket_create(BIO *bio)
{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_set_shutdown(bio, 1);
+ BIO_set_init(bio, 1);
+ BIO_set_data(bio, NULL);
+#else
bio->shutdown = 1;
bio->init = 1;
bio->num = -1;
bio->ptr = NULL;
+#endif
return 1;
}
@@ -395,6 +423,7 @@
return ret;
}
+#ifndef USE_OPENSSL_1_1_API
static BIO_METHOD bio_bucket_method = {
BIO_TYPE_MEM,
"Serf SSL encryption and decryption buckets",
@@ -424,7 +453,49 @@
NULL /* sslc does not have the callback_ctrl field */
#endif
};
+#endif
+static BIO_METHOD *bio_meth_bucket_new(void)
+{
+ BIO_METHOD *biom = NULL;
+
+#ifdef USE_OPENSSL_1_1_API
+ biom = BIO_meth_new(BIO_TYPE_MEM,
+ "Serf SSL encryption and decryption buckets");
+ if (biom) {
+ BIO_meth_set_write(biom, bio_bucket_write);
+ BIO_meth_set_read(biom, bio_bucket_read);
+ BIO_meth_set_ctrl(biom, bio_bucket_ctrl);
+ BIO_meth_set_create(biom, bio_bucket_create);
+ BIO_meth_set_destroy(biom, bio_bucket_destroy);
+ }
+#else
+ biom = &bio_bucket_method;
+#endif
+
+ return biom;
+}
+
+static BIO_METHOD *bio_meth_file_new(void)
+{
+ BIO_METHOD *biom = NULL;
+
+#ifdef USE_OPENSSL_1_1_API
+ biom = BIO_meth_new(BIO_TYPE_FILE,
+ "Wrapper around APR file structures");
+ BIO_meth_set_write(biom, bio_file_write);
+ BIO_meth_set_read(biom, bio_file_read);
+ BIO_meth_set_gets(biom, bio_file_gets);
+ BIO_meth_set_ctrl(biom, bio_bucket_ctrl);
+ BIO_meth_set_create(biom, bio_bucket_create);
+ BIO_meth_set_destroy(biom, bio_bucket_destroy);
+#else
+ biom = &bio_file_method;
+#endif
+
+ return biom;
+}
+
typedef enum san_copy_t {
EscapeNulAndCopy = 0,
ErrorOnNul = 1,
@@ -973,7 +1044,7 @@
return status;
}
-#if APR_HAS_THREADS
+#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API)
static apr_pool_t *ssl_pool;
static apr_thread_mutex_t **ssl_locks;
@@ -1060,7 +1131,7 @@
val = apr_atomic_cas32(&have_init_ssl, INIT_BUSY, INIT_UNINITIALIZED);
if (!val) {
-#if APR_HAS_THREADS
+#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API)
int i, numlocks;
#endif
@@ -1077,13 +1148,17 @@
}
#endif
+#ifdef USE_OPENSSL_1_1_API
+ OPENSSL_malloc_init();
+#else
CRYPTO_malloc_init();
+#endif
ERR_load_crypto_strings();
SSL_load_error_strings();
SSL_library_init();
OpenSSL_add_all_algorithms();
-#if APR_HAS_THREADS
+#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API)
numlocks = CRYPTO_num_locks();
apr_pool_create(&ssl_pool, NULL);
ssl_locks = apr_palloc(ssl_pool, sizeof(apr_thread_mutex_t*)*numlocks);
@@ -1161,8 +1236,8 @@
continue;
}
- bio = BIO_new(&bio_file_method);
- bio->ptr = cert_file;
+ bio = BIO_new(bio_meth_file_new());
+ bio_set_data(bio, cert_file);
ctx->cert_path = cert_path;
p12 = d2i_PKCS12_bio(bio, NULL);
@@ -1335,8 +1410,8 @@
disable_compression(ssl_ctx);
ssl_ctx->ssl = SSL_new(ssl_ctx->ctx);
- ssl_ctx->bio = BIO_new(&bio_bucket_method);
- ssl_ctx->bio->ptr = ssl_ctx;
+ ssl_ctx->bio = BIO_new(bio_meth_bucket_new());
+ bio_set_data(ssl_ctx->bio, ssl_ctx);
SSL_set_bio(ssl_ctx->ssl, ssl_ctx->bio, ssl_ctx->bio);
Index: branches/1.3.x/test/server/test_sslserver.c
===================================================================
--- branches/1.3.x/test/server/test_sslserver.c (revision 1747950)
+++ branches/1.3.x/test/server/test_sslserver.c (working copy)
@@ -27,6 +27,10 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define USE_OPENSSL_1_1_API
+#endif
+
static int init_done = 0;
typedef struct ssl_context_t {
@@ -45,12 +49,36 @@
return strlen(buf);
}
+static void bio_set_data(BIO *bio, void *data)
+{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_set_data(bio, data);
+#else
+ bio->ptr = data;
+#endif
+}
+
+static void *bio_get_data(BIO *bio)
+{
+#ifdef USE_OPENSSL_1_1_API
+ return BIO_get_data(bio);
+#else
+ return bio->ptr;
+#endif
+}
+
static int bio_apr_socket_create(BIO *bio)
{
+#ifdef USE_OPENSSL_1_1_API
+ BIO_set_shutdown(bio, 1);
+ BIO_set_init(bio, 1);
+ BIO_set_data(bio, NULL);
+#else
bio->shutdown = 1;
bio->init = 1;
bio->num = -1;
bio->ptr = NULL;
+#endif
return 1;
}
@@ -88,7 +116,7 @@
static int bio_apr_socket_read(BIO *bio, char *in, int inlen)
{
apr_size_t len = inlen;
- serv_ctx_t *serv_ctx = bio->ptr;
+ serv_ctx_t *serv_ctx = bio_get_data(bio);
apr_status_t status;
BIO_clear_retry_flags(bio);
@@ -114,7 +142,7 @@
static int bio_apr_socket_write(BIO *bio, const char *in, int inlen)
{
apr_size_t len = inlen;
- serv_ctx_t *serv_ctx = bio->ptr;
+ serv_ctx_t *serv_ctx = bio_get_data(bio);
apr_status_t status = apr_socket_send(serv_ctx->client_sock, in, &len);
@@ -129,6 +157,7 @@
}
+#ifndef USE_OPENSSL_1_1_API
static BIO_METHOD bio_apr_socket_method = {
BIO_TYPE_SOCKET,
"APR sockets",
@@ -143,7 +172,28 @@
NULL /* sslc does not have the callback_ctrl field */
#endif
};
+#endif
+static BIO_METHOD *bio_meth_apr_socket_new(void)
+{
+ BIO_METHOD *biom = NULL;
+
+#ifdef USE_OPENSSL_1_1_API
+ biom = BIO_meth_new(BIO_TYPE_SOCKET, "APR sockets");
+ if (biom) {
+ BIO_meth_set_write(biom, bio_apr_socket_write);
+ BIO_meth_set_read(biom, bio_apr_socket_read);
+ BIO_meth_set_ctrl(biom, bio_apr_socket_ctrl);
+ BIO_meth_set_create(biom, bio_apr_socket_create);
+ BIO_meth_set_destroy(biom, bio_apr_socket_destroy);
+ }
+#else
+ biom = &bio_apr_socket_method;
+#endif
+
+ return biom;
+}
+
static int validate_client_certificate(int preverify_ok, X509_STORE_CTX *ctx)
{
serf__log(TEST_VERBOSE, __FILE__, "validate_client_certificate called, "
@@ -177,7 +227,11 @@
/* Init OpenSSL globally */
if (!init_done)
{
+#ifdef USE_OPENSSL_1_1_API
+ OPENSSL_malloc_init();
+#else
CRYPTO_malloc_init();
+#endif
ERR_load_crypto_strings();
SSL_load_error_strings();
SSL_library_init();
@@ -234,8 +288,8 @@
SSL_CTX_set_mode(ssl_ctx->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
- ssl_ctx->bio = BIO_new(&bio_apr_socket_method);
- ssl_ctx->bio->ptr = serv_ctx;
+ ssl_ctx->bio = BIO_new(bio_meth_apr_socket_new());
+ bio_set_data(ssl_ctx->bio, serv_ctx);
init_ssl(serv_ctx);
}
