svn commit: r1830692 - in /serf/branches/ocsp-verification: ./ SConstruct buckets/ssl_buckets.c test/test_buckets.c

Tue, 01 May 2018 10:19:33 -0700 

Author: brane
Date: Tue May  1 17:19:21 2018
New Revision: 1830692

URL: http://svn.apache.org/viewvc?rev=1830692&view=rev
Log:
On the ocsp-verification branch: Sync with trunk up to r1830691.

Modified:
    serf/branches/ocsp-verification/   (props changed)
    serf/branches/ocsp-verification/SConstruct
    serf/branches/ocsp-verification/buckets/ssl_buckets.c
    serf/branches/ocsp-verification/test/test_buckets.c

Propchange: serf/branches/ocsp-verification/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue May  1 17:19:21 2018
@@ -3,4 +3,4 @@
 /serf/branches/get-remaining:1701859-1708111
 /serf/branches/multiple_ssl_impls:1699382
 /serf/branches/windows-sspi:1698866-1698877
-/serf/trunk:1771884-1828523
+/serf/trunk:1771884-1830691

Modified: serf/branches/ocsp-verification/SConstruct
URL: 
http://svn.apache.org/viewvc/serf/branches/ocsp-verification/SConstruct?rev=1830692&r1=1830691&r2=1830692&view=diff
==============================================================================
--- serf/branches/ocsp-verification/SConstruct (original)
+++ serf/branches/ocsp-verification/SConstruct Tue May  1 17:19:21 2018
@@ -115,6 +115,9 @@ opts.AddVariables(
   BoolVariable('DISABLE_LOGGING',
                "Disable the logging framework at compile time",
                False),
+  BoolVariable('ENABLE_SLOW_TESTS',
+               "Enable long-running unit tests",
+               False),
   RawListVariable('CC', "Command name or path of the C compiler", None),
   RawListVariable('CFLAGS', "Extra flags for the C compiler (space-separated)",
                   None),
@@ -460,10 +463,20 @@ if not conf.CheckFunc('BIO_set_init'):
   env.Append(CPPDEFINES=['SERF_NO_SSL_BIO_WRAPPERS'])
 if not conf.CheckFunc('X509_STORE_get0_param'):
   env.Append(CPPDEFINES=['SERF_NO_SSL_X509_STORE_WRAPPERS'])
+if not conf.CheckFunc('X509_get0_notBefore'):
+  env.Append(CPPDEFINES=['SERF_NO_SSL_X509_GET0_NOTBEFORE'])
+if not conf.CheckFunc('X509_get0_notAfter'):
+  env.Append(CPPDEFINES=['SERF_NO_SSL_X509_GET0_NOTAFTER'])
+if not conf.CheckFunc('X509_STORE_CTX_get0_chain'):
+  env.Append(CPPDEFINES=['SERF_NO_SSL_X509_GET0_CHAIN'])
 if conf.CheckFunc('CRYPTO_set_locking_callback'):
   env.Append(CPPDEFINES=['SERF_HAVE_SSL_LOCKING_CALLBACKS'])
 if conf.CheckFunc('OPENSSL_malloc_init', '#include <openssl/crypto.h>'):
   env.Append(CPPDEFINES=['SERF_HAVE_OPENSSL_MALLOC_INIT'])
+if conf.CheckFunc('SSL_library_init', '#include <openssl/crypto.h>'):
+  env.Append(CPPDEFINES=['SERF_HAVE_OPENSSL_SSL_LIBRARY_INIT'])
+if conf.CheckFunc('OpenSSL_version_num', '#include <openssl/crypto.h>'):
+  env.Append(CPPDEFINES=['SERF_HAVE_OPENSSL_VERSION_NUM'])
 if conf.CheckFunc('SSL_set_alpn_protos'):
   env.Append(CPPDEFINES=['SERF_HAVE_OPENSSL_ALPN'])
 if conf.CheckType('OSSL_HANDSHAKE_STATE', '#include <openssl/ssl.h>'):
@@ -560,6 +573,10 @@ env.Alias('install', ['install-lib', 'in
 
 tenv = env.Clone()
 
+# Check if long-running tests should be enabled
+if tenv.get('ENABLE_SLOW_TESTS', None):
+    tenv.Append(CPPDEFINES=['SERF_TEST_DEFLATE_4GBPLUS_BUCKETS'])
+
 # MockHTTP requires C99 standard, so use it for the test suite.
 cflags = tenv['CFLAGS']
 tenv.Replace(CFLAGS = [f.replace('-std=c89', '-std=c99') for f in cflags])

Modified: serf/branches/ocsp-verification/buckets/ssl_buckets.c
URL: 
http://svn.apache.org/viewvc/serf/branches/ocsp-verification/buckets/ssl_buckets.c?rev=1830692&r1=1830691&r2=1830692&view=diff
==============================================================================
--- serf/branches/ocsp-verification/buckets/ssl_buckets.c (original)
+++ serf/branches/ocsp-verification/buckets/ssl_buckets.c Tue May  1 17:19:21 
2018
@@ -53,6 +53,18 @@
 #define X509_STORE_get0_param(store) ((store)->param)
 #endif
 
+#ifdef SERF_NO_SSL_X509_GET0_NOTBEFORE
+#define X509_get0_notBefore(cert) (X509_get_notBefore(cert))
+#endif
+
+#ifdef SERF_NO_SSL_X509_GET0_NOTAFTER
+#define X509_get0_notAfter(cert) (X509_get_notAfter(cert))
+#endif
+
+#ifdef SERF_NO_SSL_X509_GET0_CHAIN
+#define X509_STORE_CTX_get0_chain(store) (X509_STORE_CTX_get_chain(store))
+#endif
+
 
 /*
  * Here's an overview of the SSL bucket's relationship to OpenSSL and serf.
@@ -864,10 +876,10 @@ validate_server_certificate(int cert_val
         failures |= SERF_SSL_CERT_INVALID_HOST;
 
     /* Check certificate expiry dates. */
-    if (X509_cmp_current_time(X509_get_notBefore(server_cert)) >= 0) {
+    if (X509_cmp_current_time(X509_get0_notBefore(server_cert)) >= 0) {
         failures |= SERF_SSL_CERT_NOTYETVALID;
     }
-    else if (X509_cmp_current_time(X509_get_notAfter(server_cert)) <= 0) {
+    else if (X509_cmp_current_time(X509_get0_notAfter(server_cert)) <= 0) {
         failures |= SERF_SSL_CERT_EXPIRED;
     }
 
@@ -907,7 +919,7 @@ validate_server_certificate(int cert_val
         apr_pool_create(&subpool, ctx->pool);
 
         /* Borrow the chain to pass to the callback. */
-        chain = X509_STORE_CTX_get_chain(store_ctx);
+        chain = X509_STORE_CTX_get0_chain(store_ctx);
 
         /* If the chain can't be retrieved, just pass the current
            certificate. */
@@ -1453,7 +1465,11 @@ static void init_ssl_libraries(void)
 #ifdef SERF_LOGGING_ENABLED
         /* Warn when compile-time and run-time version of OpenSSL differ in
            major/minor version number. */
+#ifdef SERF_HAVE_OPENSSL_VERSION_NUM
+        unsigned long libver = OpenSSL_version_num();
+#else
         long libver = SSLeay();
+#endif
 
         if ((libver ^ OPENSSL_VERSION_NUMBER) & 0xFFF00000) {
             serf__log(LOGLVL_WARNING, LOGCOMP_SSL, __FILE__, NULL,
@@ -1468,10 +1484,12 @@ static void init_ssl_libraries(void)
 #else
         CRYPTO_malloc_init();
 #endif
+#ifdef SERF_HAVE_OPENSSL_SSL_LIBRARY_INIT
         ERR_load_crypto_strings();
         SSL_load_error_strings();
         SSL_library_init();
         OpenSSL_add_all_algorithms();
+#endif
 
 #if APR_HAS_THREADS && defined(SERF_HAVE_SSL_LOCKING_CALLBACKS)
         numlocks = CRYPTO_num_locks();
@@ -2348,18 +2366,18 @@ apr_hash_t *serf_ssl_cert_certificate(
     /* set expiry dates */
     bio = BIO_new(BIO_s_mem());
     if (bio) {
-        ASN1_TIME *notBefore, *notAfter;
+        const ASN1_TIME *notBefore, *notAfter;
         char buf[256];
 
         memset (buf, 0, sizeof (buf));
-        notBefore = X509_get_notBefore(cert->ssl_cert);
+        notBefore = X509_get0_notBefore(cert->ssl_cert);
         if (ASN1_TIME_print(bio, notBefore)) {
             BIO_read(bio, buf, 255);
             apr_hash_set(tgt, "notBefore", APR_HASH_KEY_STRING,
                          apr_pstrdup(pool, buf));
         }
         memset (buf, 0, sizeof (buf));
-        notAfter = X509_get_notAfter(cert->ssl_cert);
+        notAfter = X509_get0_notAfter(cert->ssl_cert);
         if (ASN1_TIME_print(bio, notAfter)) {
             BIO_read(bio, buf, 255);
             apr_hash_set(tgt, "notAfter", APR_HASH_KEY_STRING,

Modified: serf/branches/ocsp-verification/test/test_buckets.c
URL: 
http://svn.apache.org/viewvc/serf/branches/ocsp-verification/test/test_buckets.c?rev=1830692&r1=1830691&r2=1830692&view=diff
==============================================================================
--- serf/branches/ocsp-verification/test/test_buckets.c (original)
+++ serf/branches/ocsp-verification/test/test_buckets.c Tue May  1 17:19:21 2018
@@ -2089,6 +2089,7 @@ create_gzip_deflate_bucket(serf_bucket_t
     return defbkt;
 }
 
+#ifdef SERF_TEST_DEFLATE_4GBPLUS_BUCKETS
 /* Test for issue #152: the trailers of gzipped data only store the 4 most
    significant bytes of the length, so when the compressed data is >4GB
    we can't just compare actual length with expected length. */
@@ -2125,6 +2126,7 @@ static void test_deflate_4GBplus_buckets
     }
 #endif
 
+    printf("\n");
     actual_size = 0;
     for (i = 0; i < NR_OF_LOOPS; i++) {
         const char *data;
@@ -2132,8 +2134,11 @@ static void test_deflate_4GBplus_buckets
         apr_size_t read_len;
         apr_status_t status;
 
-        if (i % 1000 == 0)
-            printf("%d\n", i);
+        if (i % 1000 == 0) {
+            printf("\rtest_deflate_4GBplus_buckets: %d of %d",
+                   i, NR_OF_LOOPS);
+            fflush(stdout);
+        }
 
         status = apr_generate_random_bytes(uncompressed, BUFSIZE);
         CuAssertIntEquals(tc, APR_SUCCESS, status);
@@ -2166,6 +2171,7 @@ static void test_deflate_4GBplus_buckets
 
         actual_size += read_len;
     }
+    printf("\n");
 
     put_32bit(&gzip_trailer[0], unc_crc);
     put_32bit(&gzip_trailer[4], unc_length);
@@ -2193,6 +2199,7 @@ static void test_deflate_4GBplus_buckets
 #undef NR_OF_LOOPS
 #undef BUFSIZE
 }
+#endif /* SERF_TEST_DEFLATE_4GBPLUS_BUCKETS */
 
 /* Basic test for serf_linebuf_fetch(). */
 static void test_linebuf_fetch_crlf(CuTest *tc)
@@ -3348,7 +3355,7 @@ CuSuite *test_buckets(void)
         SUITE_ADD_TEST(suite, test_brotli_decompress_bucket_garbage_at_end);
         SUITE_ADD_TEST(suite, test_brotli_decompress_response_body);
     }
-#if 0
+#ifdef SERF_TEST_DEFLATE_4GBPLUS_BUCKETS
     /* This test for issue #152 takes a lot of time generating 4GB+ of random
        data so it's disabled by default. */
     SUITE_ADD_TEST(suite, test_deflate_4GBplus_buckets);

Reply via email to