httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_init.c ssl_engine_kernel.c ssl_engine_pphrase.c ssl_toolkit_compat.h ssl_util.c ssl_util_ssl.c ssl_util_ssl.h
Date Thu, 03 Apr 2003 04:54:21 GMT
wrowe       2003/04/02 20:54:21

  Modified:    modules/ssl mod_ssl.h ssl_engine_init.c ssl_engine_kernel.c
                        ssl_engine_pphrase.c ssl_toolkit_compat.h
                        ssl_util.c ssl_util_ssl.c ssl_util_ssl.h
  Log:
    Introduce a number of SSLC hints to mod_ssl, including the following
    type overrides;
  
      MODSSL_CLIENT_CERT_CB_ARG_TYPE
      MODSSL_PCHAR_CAST      (for a host of non-void/const sslc values)
      modssl_read_bio_cb_fn  (for several callbacks with same prototypes)
  
    Declare callback functions appropriately.
  
    And protect us from indetermineant toolkits with
    #error "Unrecognized SSL Toolkit!"
  
  Revision  Changes    Path
  1.128     +1 -1      httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.127
  retrieving revision 1.128
  diff -u -r1.127 -r1.128
  --- mod_ssl.h	29 Mar 2003 02:18:43 -0000	1.127
  +++ mod_ssl.h	3 Apr 2003 04:54:20 -0000	1.128
  @@ -584,7 +584,7 @@
   DH          *ssl_callback_TmpDH(SSL *, int, int);
   int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
   int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
  -int          ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
  +int          ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY
**pkey);
   int          ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
   SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
   void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
  
  
  
  1.112     +12 -4     httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.111
  retrieving revision 1.112
  diff -u -r1.111 -r1.112
  --- ssl_engine_init.c	6 Mar 2003 08:43:39 -0000	1.111
  +++ ssl_engine_init.c	3 Apr 2003 04:54:20 -0000	1.112
  @@ -556,8 +556,8 @@
                        "Configuring client authentication");
   
           if (!SSL_CTX_load_verify_locations(ctx,
  -                                           mctx->auth.ca_cert_file,
  -                                           mctx->auth.ca_cert_path))
  +                         MODSSL_PCHAR_CAST mctx->auth.ca_cert_file,
  +                         MODSSL_PCHAR_CAST mctx->auth.ca_cert_path))
           {
               ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                       "Unable to configure verify locations "
  @@ -614,7 +614,7 @@
                    "Configuring permitted SSL ciphers [%s]", 
                    suite);
   
  -    if (!SSL_CTX_set_cipher_list(ctx, suite)) {
  +    if (!SSL_CTX_set_cipher_list(ctx, MODSSL_PCHAR_CAST suite)) {
           ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                   "Unable to configure permitted SSL ciphers");
           ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
  @@ -1077,10 +1077,17 @@
       }
   }
   
  +#ifdef SSLC_VERSION_NUMBER
  +static int ssl_init_FindCAList_X509NameCmp(char **a, char **b)
  +{
  +    return(X509_NAME_cmp((void*)*a, (void*)*b));
  +}
  +#else
   static int ssl_init_FindCAList_X509NameCmp(X509_NAME **a, X509_NAME **b)
   {
       return(X509_NAME_cmp(*a, *b));
   }
  +#endif
   
   static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list,
                                   server_rec *s, const char *file)
  @@ -1088,7 +1095,8 @@
       int n;
       STACK_OF(X509_NAME) *sk;
   
  -    sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(file);
  +    sk = (STACK_OF(X509_NAME) *)
  +             SSL_load_client_CA_file(MODSSL_PCHAR_CAST file);
   
       if (!sk) {
           return;
  
  
  
  1.87      +2 -2      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.86
  retrieving revision 1.87
  diff -u -r1.86 -r1.87
  --- ssl_engine_kernel.c	3 Feb 2003 17:53:12 -0000	1.86
  +++ ssl_engine_kernel.c	3 Apr 2003 04:54:20 -0000	1.87
  @@ -638,7 +638,7 @@
                    * we put it back here for the purpose of quick_renegotiation.
                    */
                   cert_stack = sk_new_null();
  -                sk_X509_push(cert_stack, cert);
  +                sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
               }
   
               if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
  @@ -1531,7 +1531,7 @@
       *pkey = info->x_pkey->dec_pkey; \
       EVP_PKEY_reference_inc(*pkey)
   
  -int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey) 
  +int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey)

   {
       conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
       server_rec *s = c->base_server;
  
  
  
  1.44      +10 -5     httpd-2.0/modules/ssl/ssl_engine_pphrase.c
  
  Index: ssl_engine_pphrase.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_pphrase.c,v
  retrieving revision 1.43
  retrieving revision 1.44
  diff -u -r1.43 -r1.44
  --- ssl_engine_pphrase.c	3 Feb 2003 17:53:12 -0000	1.43
  +++ ssl_engine_pphrase.c	3 Apr 2003 04:54:20 -0000	1.44
  @@ -142,7 +142,11 @@
    */
   static server_rec *ssl_pphrase_server_rec = NULL;
   
  +#ifdef SSLC_VERSION_NUMBER
  +int ssl_pphrase_Handle_CB(char *, int, int);
  +#else
   int ssl_pphrase_Handle_CB(char *, int, int, void *);
  +#endif
   
   static char *pphrase_array_get(apr_array_header_t *arr, int idx)
   {
  @@ -635,8 +639,14 @@
       return 0;
   }
   
  +#ifdef SSLC_VERSION_NUMBER
  +int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify)
  +{
  +    void *srv = ssl_pphrase_server_rec;
  +#else
   int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
   {
  +#endif
       SSLModConfigRec *mc;
       server_rec *s;
       apr_pool_t *p;
  @@ -651,11 +661,6 @@
       BOOL *pbPassPhraseDialogOnce;
       char *cpp;
       int len = -1;
  -
  -#ifndef OPENSSL_VERSION_NUMBER
  -    /* make up for sslc flaw */
  -    srv = ssl_pphrase_server_rec;
  -#endif
   
       mc = myModConfig((server_rec *)srv);
   
  
  
  
  1.30      +39 -18    httpd-2.0/modules/ssl/ssl_toolkit_compat.h
  
  Index: ssl_toolkit_compat.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_toolkit_compat.h,v
  retrieving revision 1.29
  retrieving revision 1.30
  diff -u -r1.29 -r1.30
  --- ssl_toolkit_compat.h	14 Mar 2003 02:20:50 -0000	1.29
  +++ ssl_toolkit_compat.h	3 Apr 2003 04:54:20 -0000	1.30
  @@ -107,9 +107,13 @@
   
   #define MODSSL_BIO_CB_ARG_TYPE const char
   #define MODSSL_CRYPTO_CB_ARG_TYPE const char
  +#define MODSSL_CLIENT_CERT_CB_ARG_TYPE X509
  +#define MODSSL_PCHAR_CAST
   
   #define modssl_X509_verify_cert X509_verify_cert
   
  +typedef int (modssl_read_bio_cb_fn)(char*,int,int,void*);
  +
   #if (OPENSSL_VERSION_NUMBER < 0x00904000)
   #define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb)
   #else
  @@ -134,14 +138,17 @@
   
   #define HAVE_SSL_X509V3_EXT_d2i
   
  -#else /* HAVE_SSLC */
  +#elif defined(HAVE_SSLC)
   
  +#include <bio.h>
  +#include <ssl.h>
  +#include <err.h>
  +#include <x509.h>
  +#include <pem.h>
  +#include <evp.h>
  +#include <objects.h>
   #include <sslc.h>
   
  -#if SSLC_VERSION > 0x1FFF
  -#include <x509v3.h>
  -#endif
  -
   /* sslc does not support this function, OpenSSL has since 9.5.1 */
   #define RAND_status() 1
   
  @@ -154,6 +161,10 @@
   
   #define MODSSL_BIO_CB_ARG_TYPE char
   #define MODSSL_CRYPTO_CB_ARG_TYPE char
  +#define MODSSL_CLIENT_CERT_CB_ARG_TYPE void
  +#define MODSSL_PCHAR_CAST (char *)
  +
  +typedef int (modssl_read_bio_cb_fn)(char*,int,int);
   
   #define modssl_X509_verify_cert(c) X509_verify_cert(c, NULL)
   
  @@ -179,7 +190,7 @@
   #define PEM_F_DEF_CALLBACK PEM_F_DEF_CB
   #endif
   
  -#if SSLC_VERSION < 0x2000
  +#if SSLC_VERSION_NUMBER < 0x2000
   
   #define X509_STORE_CTX_set_depth(st, d)    
   #define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
  @@ -190,37 +201,47 @@
   #define modssl_set_verify(ssl, verify, cb) \
       SSL_set_verify(ssl, verify)
   
  -#endif
  +#else /* SSLC_VERSION_NUMBER >= 0x2000 */
  +
  +#define CRYPTO_malloc_init R_malloc_init
  +
  +#define EVP_cleanup() 
  +
  +#endif /* SSLC_VERSION_NUMBER >= 0x2000 */
  +
  +typedef void (*modssl_popfree_fn)(char *data);
   
  -/* BEGIN GENERATED SECTION */
  -#define sk_SSL_CIPHER_free sk_free
   #define sk_SSL_CIPHER_dup sk_dup
  -#define sk_SSL_CIPHER_num sk_num
   #define sk_SSL_CIPHER_find(st, data) sk_find(st, (void *)data)
  +#define sk_SSL_CIPHER_free sk_free
  +#define sk_SSL_CIPHER_num sk_num
   #define sk_SSL_CIPHER_value (SSL_CIPHER *)sk_value
   #define sk_X509_num sk_num
   #define sk_X509_push sk_push
  +#define sk_X509_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free))
   #define sk_X509_value (X509 *)sk_value
  -#define sk_X509_INFO_value (X509_INFO *)sk_value
   #define sk_X509_INFO_free sk_free
  -#define sk_X509_INFO_pop_free sk_pop_free 
  +#define sk_X509_INFO_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free))
   #define sk_X509_INFO_num sk_num
   #define sk_X509_INFO_new_null sk_new_null
  +#define sk_X509_INFO_value (X509_INFO *)sk_value
  +#define sk_X509_NAME_find(st, data) sk_find(st, (void *)data)
  +#define sk_X509_NAME_free sk_free
  +#define sk_X509_NAME_new sk_new
   #define sk_X509_NAME_num sk_num
   #define sk_X509_NAME_push(st, data) sk_push(st, (void *)data)
   #define sk_X509_NAME_value (X509_NAME *)sk_value
  -#define sk_X509_NAME_free sk_free
  -#define sk_X509_NAME_new sk_new
  -#define sk_X509_NAME_find(st, data) sk_find(st, (void *)data)
   #define sk_X509_NAME_ENTRY_num sk_num
   #define sk_X509_NAME_ENTRY_value (X509_NAME_ENTRY *)sk_value
   #define sk_X509_NAME_set_cmp_func sk_set_cmp_func
   #define sk_X509_REVOKED_num sk_num
   #define sk_X509_REVOKED_value (X509_REVOKED *)sk_value
  -#define sk_X509_pop_free sk_pop_free
  -/* END GENERATED SECTION */
   
  -#endif /* OPENSSL_VERSION_NUMBER */
  +#else /* ! HAVE_OPENSSL && ! HAVE_SSLC */
  +
  +#error "Unrecognized SSL Toolkit!"
  +
  +#endif /* ! HAVE_OPENSSL && ! HAVE_SSLC */
   
   #ifndef modssl_set_verify
   #define modssl_set_verify(ssl, verify, cb) \
  
  
  
  1.38      +18 -0     httpd-2.0/modules/ssl/ssl_util.c
  
  Index: ssl_util.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util.c,v
  retrieving revision 1.37
  retrieving revision 1.38
  diff -u -r1.37 -r1.38
  --- ssl_util.c	3 Feb 2003 17:53:13 -0000	1.37
  +++ ssl_util.c	3 Apr 2003 04:54:20 -0000	1.38
  @@ -402,8 +402,18 @@
   static apr_thread_mutex_t **lock_cs;
   static int                  lock_num_locks;
   
  +#ifdef SSLC_VERSION_NUMBER
  +#if SSLC_VERSION_NUMBER >= 0x2000
  +static int ssl_util_thr_lock(int mode, int type,
  +                              const char *file, int line)
  +#else
  +static void ssl_util_thr_lock(int mode, int type,
  +                              const char *file, int line)
  +#endif
  +#else
   static void ssl_util_thr_lock(int mode, int type,
                                 const char *file, int line)
  +#endif
   {
       if (type < lock_num_locks) {
           if (mode & CRYPTO_LOCK) {
  @@ -412,6 +422,14 @@
           else {
               apr_thread_mutex_unlock(lock_cs[type]);
           }
  +#ifdef HAVE_SSLC
  +#if SSLC_VERSION_NUMBER > 0x2000
  +        return 1;
  +    }
  +    else {
  +        return -1;
  +#endif
  +#endif
       }
   }
   
  
  
  
  1.26      +4 -4      httpd-2.0/modules/ssl/ssl_util_ssl.c
  
  Index: ssl_util_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util_ssl.c,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- ssl_util_ssl.c	3 Feb 2003 17:53:13 -0000	1.25
  +++ ssl_util_ssl.c	3 Apr 2003 04:54:20 -0000	1.26
  @@ -107,7 +107,7 @@
   **  _________________________________________________________________
   */
   
  -X509 *SSL_read_X509(char* filename, X509 **x509, int (*cb)(char*,int,int,void*))
  +X509 *SSL_read_X509(char* filename, X509 **x509, modssl_read_bio_cb_fn *cb)
   {
       X509 *rc;
       BIO *bioS;
  @@ -158,7 +158,7 @@
   }
   #endif
   
  -EVP_PKEY *SSL_read_PrivateKey(char* filename, EVP_PKEY **key, int (*cb)(char*,int,int,void*),
void *s)
  +EVP_PKEY *SSL_read_PrivateKey(char* filename, EVP_PKEY **key, modssl_read_bio_cb_fn *cb,
void *s)
   {
       EVP_PKEY *rc;
       BIO *bioS;
  @@ -430,7 +430,7 @@
           return FALSE;
       }
   
  -    if (BIO_read_filename(in, filename) <= 0) {
  +    if (BIO_read_filename(in, MODSSL_PCHAR_CAST filename) <= 0) {
           BIO_free(in);
           return FALSE;
       }
  @@ -493,7 +493,7 @@
    * should be sent to the peer in the SSL Certificate message.
    */
   int SSL_CTX_use_certificate_chain(
  -    SSL_CTX *ctx, char *file, int skipfirst, int (*cb)(char*,int,int,void*))
  +    SSL_CTX *ctx, char *file, int skipfirst, modssl_read_bio_cb_fn *cb)
   {
       BIO *bio;
       X509 *x509;
  
  
  
  1.19      +3 -3      httpd-2.0/modules/ssl/ssl_util_ssl.h
  
  Index: ssl_util_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util_ssl.h,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- ssl_util_ssl.h	3 Feb 2003 17:53:13 -0000	1.18
  +++ ssl_util_ssl.h	3 Apr 2003 04:54:20 -0000	1.19
  @@ -90,8 +90,8 @@
   void        SSL_init_app_data2_idx(void);
   void       *SSL_get_app_data2(SSL *);
   void        SSL_set_app_data2(SSL *, void *);
  -X509       *SSL_read_X509(char *, X509 **, int (*)(char*,int,int,void*));
  -EVP_PKEY   *SSL_read_PrivateKey(char *, EVP_PKEY **, int (*)(char*,int,int,void*), void
*);
  +X509       *SSL_read_X509(char *, X509 **, modssl_read_bio_cb_fn *);
  +EVP_PKEY   *SSL_read_PrivateKey(char *, EVP_PKEY **, modssl_read_bio_cb_fn *, void *);
   int         SSL_smart_shutdown(SSL *ssl);
   X509_STORE *SSL_X509_STORE_create(char *, char *);
   int         SSL_X509_STORE_lookup(X509_STORE *, int, X509_NAME *, X509_OBJECT *);
  @@ -101,7 +101,7 @@
   BOOL        SSL_X509_getCN(apr_pool_t *, X509 *, char **);
   BOOL        SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
   BOOL        SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
  -int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, int (*)(char*,int,int,void*));
  +int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, modssl_read_bio_cb_fn
*);
   char       *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
   
   /* util functions for OpenSSL+sslc compat */
  
  
  

Mime
View raw message