Author: kotkov Date: Thu May 18 09:33:55 2023 New Revision: 1909904 URL: http://svn.apache.org/viewvc?rev=1909904&view=rev Log: On the '1.3.x' branch: Merge the r1909252 group from trunk:
* r1909252, r1909385, r1909406, r1909413, r1909433 Do not use OpenSSL functions that operate with FILE to avoid potential CRT versions mismatch. Use BIO based functions instead. Justification: Avoids a potential source of CRT versions mismatch. Removes a dependency on openssl/applink.c. Branch: ^/serf/branches/1.3.x-r1909252-group Votes: +1: kotkov, ivan Modified: serf/branches/1.3.x/ (props changed) serf/branches/1.3.x/SConstruct serf/branches/1.3.x/STATUS serf/branches/1.3.x/buckets/ssl_buckets.c serf/branches/1.3.x/test/server/test_sslserver.c serf/branches/1.3.x/test/test_ssl.c Propchange: serf/branches/1.3.x/ ------------------------------------------------------------------------------ Merged /serf/trunk:r1909252,1909385,1909406,1909413,1909433 Merged /serf/branches/1.3.x-r1909252-group:r1909407-1909903 Modified: serf/branches/1.3.x/SConstruct URL: http://svn.apache.org/viewvc/serf/branches/1.3.x/SConstruct?rev=1909904&r1=1909903&r2=1909904&view=diff ============================================================================== --- serf/branches/1.3.x/SConstruct (original) +++ serf/branches/1.3.x/SConstruct Thu May 18 09:33:55 2023 @@ -277,7 +277,10 @@ if sys.platform != 'win32': env.Append(PLATFORM='posix') else: # Warning level 4, no unused argument warnings - env.Append(CCFLAGS=['/W4', '/wd4100']) + env.Append(CCFLAGS=['/W4', + '/wd4100', # Unused argument + '/we4013', # 'function' undefined; assuming extern returning int + ]) # Choose runtime and optimization if debug: @@ -301,6 +304,9 @@ SOURCES = Glob('*.c') + Glob('buckets/*. lib_static = env.StaticLibrary(LIBNAMESTATIC, SOURCES) lib_shared = env.SharedLibrary(LIBNAME, SOURCES + SHARED_SOURCES) +# Define OPENSSL_NO_STDIO to prevent using _fp() API. +env.Append(CPPDEFINES=['OPENSSL_NO_STDIO']) + if aprstatic: env.Append(CPPDEFINES=['APR_DECLARE_STATIC', 'APU_DECLARE_STATIC']) Modified: serf/branches/1.3.x/STATUS URL: http://svn.apache.org/viewvc/serf/branches/1.3.x/STATUS?rev=1909904&r1=1909903&r2=1909904&view=diff ============================================================================== --- serf/branches/1.3.x/STATUS (original) +++ serf/branches/1.3.x/STATUS Thu May 18 09:33:55 2023 @@ -35,16 +35,6 @@ Candidate changes: this point for the 1.3.x branch - Seems to only be required for LibreSSL, not OpenSSL) - * r1909252, r1909385, r1909406, r1909413, r1909433 - Do not use OpenSSL functions that operate with FILE to avoid potential CRT - versions mismatch. Use BIO based functions instead. - Justification: - Avoids a potential source of CRT versions mismatch. Removes a dependency - on openssl/applink.c. - Branch: ^/serf/branches/1.3.x-r1909252-group - Votes: - +1: kotkov, ivan - Veto-blocked changes: ===================== Modified: serf/branches/1.3.x/buckets/ssl_buckets.c URL: http://svn.apache.org/viewvc/serf/branches/1.3.x/buckets/ssl_buckets.c?rev=1909904&r1=1909903&r2=1909904&view=diff ============================================================================== --- serf/branches/1.3.x/buckets/ssl_buckets.c (original) +++ serf/branches/1.3.x/buckets/ssl_buckets.c Thu May 18 09:33:55 2023 @@ -1551,11 +1551,11 @@ apr_status_t serf_ssl_load_cert_file( const char *file_path, apr_pool_t *pool) { - FILE *fp = fopen(file_path, "r"); + BIO *bio = BIO_new_file(file_path, "r"); - if (fp) { - X509 *ssl_cert = PEM_read_X509(fp, NULL, NULL, NULL); - fclose(fp); + if (bio) { + X509 *ssl_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); + BIO_free(bio); if (ssl_cert) { *cert = apr_palloc(pool, sizeof(serf_ssl_certificate_t)); Modified: serf/branches/1.3.x/test/server/test_sslserver.c URL: http://svn.apache.org/viewvc/serf/branches/1.3.x/test/server/test_sslserver.c?rev=1909904&r1=1909903&r2=1909904&view=diff ============================================================================== --- serf/branches/1.3.x/test/server/test_sslserver.c (original) +++ serf/branches/1.3.x/test/server/test_sslserver.c Thu May 18 09:33:55 2023 @@ -44,6 +44,11 @@ typedef struct ssl_context_t { } ssl_context_t; +static int err_file_print_cb(const char *str, size_t len, void *bp) +{ + return fwrite(str, 1, len, bp); +} + static int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata) { strncpy(buf, "serftest", size); @@ -275,10 +280,10 @@ init_ssl_context(serv_ctx_t *serv_ctx, store = SSL_CTX_get_cert_store(ssl_ctx->ctx); while(certfile) { - FILE *fp = fopen(certfile, "r"); - if (fp) { - X509 *ssl_cert = PEM_read_X509(fp, NULL, NULL, NULL); - fclose(fp); + BIO *bio = BIO_new_file(certfile, "r"); + if (bio) { + X509 *ssl_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); + BIO_free(bio); SSL_CTX_add_extra_chain_cert(ssl_ctx->ctx, ssl_cert); @@ -379,7 +384,7 @@ static apr_status_t ssl_handshake(serv_c return serv_ctx->bio_read_status; /* Usually APR_EAGAIN */ default: serf__log(TEST_VERBOSE, __FILE__, "SSL Error %d: ", ssl_err); - ERR_print_errors_fp(stderr); + ERR_print_errors_cb(err_file_print_cb, stderr); serf__log_nopref(TEST_VERBOSE, "\n"); return SERF_ERROR_ISSUE_IN_TESTSUITE; } @@ -435,7 +440,7 @@ ssl_socket_read(serv_ctx_t *serv_ctx, ch *len = 0; serf__log(TEST_VERBOSE, __FILE__, "ssl_socket_read SSL Error %d: ", ssl_err); - ERR_print_errors_fp(stderr); + ERR_print_errors_cb(err_file_print_cb, stderr); serf__log_nopref(TEST_VERBOSE, "\n"); return SERF_ERROR_ISSUE_IN_TESTSUITE; } Modified: serf/branches/1.3.x/test/test_ssl.c URL: http://svn.apache.org/viewvc/serf/branches/1.3.x/test/test_ssl.c?rev=1909904&r1=1909903&r2=1909904&view=diff ============================================================================== --- serf/branches/1.3.x/test/test_ssl.c (original) +++ serf/branches/1.3.x/test/test_ssl.c Thu May 18 09:33:55 2023 @@ -28,12 +28,6 @@ #include "test_serf.h" -#if defined(WIN32) && defined(_DEBUG) -/* Include this file to allow running a Debug build of serf with a Release - build of OpenSSL. */ -#include <openssl/applink.c> -#endif - /* Test setting up the openssl library. */ static void test_ssl_init(CuTest *tc) {