Author: brane
Date: Sat Dec 17 12:36:10 2016
New Revision: 1774752
URL: http://svn.apache.org/viewvc?rev=1774752&view=rev
Log:
On the ocsp-verification branch: Synced with trunk up to r1774751.
Modified:
serf/branches/ocsp-verification/ (props changed)
serf/branches/ocsp-verification/buckets/fcgi_buckets.c
serf/branches/ocsp-verification/buckets/hpack_buckets.c
serf/branches/ocsp-verification/buckets/ssl_buckets.c
serf/branches/ocsp-verification/test/MockHTTPinC/MockHTTP_server.c
serf/branches/ocsp-verification/test/test_ssl.c
Propchange: serf/branches/ocsp-verification/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Dec 17 12:36:10 2016
@@ -3,4 +3,4 @@
/serf/branches/get-remaining:1701859-1708111
/serf/branches/multiple_ssl_impls:1699382
/serf/branches/windows-sspi:1698866-1698877
-/serf/trunk:1771884-1774385
+/serf/trunk:1771884-1774751
Modified: serf/branches/ocsp-verification/buckets/fcgi_buckets.c
URL:
http://svn.apache.org/viewvc/serf/branches/ocsp-verification/buckets/fcgi_buckets.c?rev=1774752&r1=1774751&r2=1774752&view=diff
==============================================================================
--- serf/branches/ocsp-verification/buckets/fcgi_buckets.c (original)
+++ serf/branches/ocsp-verification/buckets/fcgi_buckets.c Sat Dec 17 12:36:10
2016
@@ -742,7 +742,8 @@ static apr_status_t serf_fcgi_frame_refi
}
serf__log(LOGLVL_DEBUG, LOGCOMP_CONN, __FILE__, ctx->config,
- "Generating 0x%x frame on stream 0x%x of size 0x%x\n",
+ "Generating 0x%x frame on stream 0x%x of size %"
+ APR_SIZE_T_FMT "\n",
ctx->frame_type, ctx->stream_id, payload);
/* Create FCGI record */
Modified: serf/branches/ocsp-verification/buckets/hpack_buckets.c
URL:
http://svn.apache.org/viewvc/serf/branches/ocsp-verification/buckets/hpack_buckets.c?rev=1774752&r1=1774751&r2=1774752&view=diff
==============================================================================
--- serf/branches/ocsp-verification/buckets/hpack_buckets.c (original)
+++ serf/branches/ocsp-verification/buckets/hpack_buckets.c Sat Dec 17 12:36:10
2016
@@ -1868,9 +1868,7 @@ hpack_process(serf_bucket_t *bucket)
if (status)
continue;
- /* Send remote tablesize update to our table */
- if (v >= APR_SIZE_MAX)
- return SERF_ERROR_HTTP2_COMPRESSION_ERROR;
+ /* Send remote tablesize update to our table */
status = hpack_table_size_update(ctx->tbl, (apr_size_t)v);
if (status)
return status;
Modified: serf/branches/ocsp-verification/buckets/ssl_buckets.c
URL:
http://svn.apache.org/viewvc/serf/branches/ocsp-verification/buckets/ssl_buckets.c?rev=1774752&r1=1774751&r2=1774752&view=diff
==============================================================================
--- serf/branches/ocsp-verification/buckets/ssl_buckets.c (original)
+++ serf/branches/ocsp-verification/buckets/ssl_buckets.c Sat Dec 17 12:36:10
2016
@@ -587,7 +587,7 @@ static void bio_meth_free(BIO_METHOD *bi
#endif
}
-#ifndef OPENSSL_NO_TLSEXT
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
static int ocsp_response_status(int failures, OCSP_RESPONSE *response)
{
long resp_status = OCSP_response_status(response);
@@ -675,7 +675,7 @@ static int ocsp_callback(SSL *ssl, void
return cert_valid;
}
-#endif
+#endif /* OPENSSL_NO_TLSEXT && OPENSSL_NO_OCSP */
typedef enum san_copy_t {
EscapeNulAndCopy = 0,
@@ -2080,7 +2080,7 @@ apr_status_t
serf_ssl_check_cert_status_request(serf_ssl_context_t *ssl_ctx, int enabled)
{
-#ifndef OPENSSL_NO_TLSEXT
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
SSL_CTX_set_tlsext_status_cb(ssl_ctx->ctx, ocsp_callback);
SSL_CTX_set_tlsext_status_arg(ssl_ctx->ctx, ssl_ctx);
SSL_set_tlsext_status_type(ssl_ctx->ssl, TLSEXT_STATUSTYPE_ocsp);
Modified: serf/branches/ocsp-verification/test/MockHTTPinC/MockHTTP_server.c
URL:
http://svn.apache.org/viewvc/serf/branches/ocsp-verification/test/MockHTTPinC/MockHTTP_server.c?rev=1774752&r1=1774751&r2=1774752&view=diff
==============================================================================
--- serf/branches/ocsp-verification/test/MockHTTPinC/MockHTTP_server.c
(original)
+++ serf/branches/ocsp-verification/test/MockHTTPinC/MockHTTP_server.c Sat Dec
17 12:36:10 2016
@@ -2448,6 +2448,7 @@ static void bio_meth_free(BIO_METHOD *bi
#endif
}
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
static int ocspCreateResponse(OCSP_RESPONSE **resp, mhOCSPRespnseStatus_t
status)
{
int ret = 1;
@@ -2526,6 +2527,7 @@ static int ocspStatusCallback(SSL *ssl,
/* Couldn't find match */
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
+#endif /* OPENSSL_NO_TLSEXT && OPENSSL_NO_OCSP */
/* Convert an ssl error into an apr status code for a specific context */
static apr_status_t status_from_ssl(sslCtx_t *ssl_ctx, int ret_code)
@@ -2625,6 +2627,7 @@ static apr_status_t initSSL(_mhClientCtx
return APR_SUCCESS;
}
+#ifndef OPENSSL_NO_TLSEXT
static int alpn_select_callback(SSL *ssl,
const unsigned char **out,
unsigned char *outlen,
@@ -2653,6 +2656,7 @@ static int alpn_select_callback(SSL *ssl
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
+#endif /* OPENSSL_NO_TLSEXT */
/**
* Inits the OpenSSL context.
@@ -2703,11 +2707,13 @@ static apr_status_t initSSLCtx(_mhClient
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10002000L /* >= 1.0.2 */
+# ifndef OPENSSL_NO_TLSEXT
if (cctx->serv_ctx->alpn) {
SSL_CTX_set_alpn_select_cb(ssl_ctx->ctx,
alpn_select_callback,
cctx->serv_ctx);
}
+# endif
#endif
if (cctx->protocols == mhProtoSSLv2) {
@@ -2773,7 +2779,7 @@ static apr_status_t initSSLCtx(_mhClient
break;
}
-#ifndef OPENSSL_NO_TLSEXT
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
if (cctx->ocspEnabled) {
SSL_CTX_set_tlsext_status_cb(ssl_ctx->ctx, ocspStatusCallback);
SSL_CTX_set_tlsext_status_arg(ssl_ctx->ctx, cctx);
Modified: serf/branches/ocsp-verification/test/test_ssl.c
URL:
http://svn.apache.org/viewvc/serf/branches/ocsp-verification/test/test_ssl.c?rev=1774752&r1=1774751&r2=1774752&view=diff
==============================================================================
--- serf/branches/ocsp-verification/test/test_ssl.c (original)
+++ serf/branches/ocsp-verification/test/test_ssl.c Sat Dec 17 12:36:10 2016
@@ -2046,7 +2046,9 @@ static void test_ssl_ocsp_response_error
handler_ctx, tb->pool);
CuAssertTrue(tc, tb->result_flags & TEST_RESULT_SERVERCERTCB_CALLED);
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_OCSP)
CuAssertTrue(tc, tb->result_flags & TEST_RESULT_OCSP_CHECK_SUCCESSFUL);
+#endif
}
/* Validate that the subject's CN containing a '\0' byte is reported as failure
@@ -2214,6 +2216,7 @@ static void test_ssl_server_cert_with_sa
CuAssertTrue(tc, tb->result_flags & TEST_RESULT_SERVERCERTCB_CALLED);
}
+#ifndef OPENSSL_NO_TLSEXT
static apr_status_t http11_select_protocol(void *baton,
const char *protocol)
{
@@ -2253,10 +2256,12 @@ static apr_status_t http11_alpn_setup(ap
return APR_SUCCESS;
}
+#endif /* OPENSSL_NO_TLSEXT */
static void test_ssl_alpn_negotiate(CuTest *tc)
{
+#ifndef OPENSSL_NO_TLSEXT
test_baton_t *tb = tc->testBaton;
handler_baton_t handler_ctx[1];
const int num_requests = sizeof(handler_ctx)/sizeof(handler_ctx[0]);
@@ -2301,6 +2306,7 @@ static void test_ssl_alpn_negotiate(CuTe
run_client_and_mock_servers_loops_expect_ok(tc, tb, num_requests,
handler_ctx, tb->pool);
+#endif /* OPENSSL_NO_TLSEXT */
}
