httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_config.c ssl_engine_init.c ssl_toolkit_compat.h
Date Fri, 30 May 2003 18:41:53 GMT
wrowe       2003/05/30 11:41:53

  Modified:    .        acinclude.m4
               modules/ssl ssl_engine_config.c ssl_engine_init.c
                        ssl_toolkit_compat.h
  Log:
    Based on list discussion between myself and Geoff, it seems prudent
    to check for both the existence of the openssl/engine.h header file
    and some 'expected function' such as ENGINE_init() (better suggestions
    are welcome.)  Also clear up some confusion; so long as we have
    ENGINE_load_builtin_engines() we should attempt to preload those.
  
    This patch protects all ENGINE-based code within the tests for the
    engine header and function, and changes a version test into a
    function test.
  
  Revision  Changes    Path
  1.144     +4 -0      httpd-2.0/acinclude.m4
  
  Index: acinclude.m4
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/acinclude.m4,v
  retrieving revision 1.143
  retrieving revision 1.144
  diff -u -r1.143 -r1.144
  --- acinclude.m4	27 May 2003 19:32:29 -0000	1.143
  +++ acinclude.m4	30 May 2003 18:41:53 -0000	1.144
  @@ -356,6 +356,7 @@
     fi
     if test "x$ap_ssltk_type" = "x"; then
       AC_MSG_CHECKING(for OpenSSL version)
  +    dnl First check for manditory headers
       AC_CHECK_HEADERS([openssl/opensslv.h openssl/ssl.h], [ap_ssltk_type="openssl"], [])
       if test "$ap_ssltk_type" = "openssl"; then
         dnl so it's OpenSSL - test for a good version
  @@ -373,6 +374,8 @@
          echo "WARNING: OpenSSL version may contain security vulnerabilities!"
          echo "         Ensure the latest security patches have been applied!"
         ])
  +      dnl Look for additional, possibly missing headers
  +      AC_CHECK_HEADERS(openssl/engine.h)
       else
         AC_MSG_RESULT([no OpenSSL headers found])
       fi
  @@ -425,6 +428,7 @@
       AC_CHECK_LIB(crypto, SSLeay_version, [], [liberrors="yes"])
       AC_CHECK_LIB(ssl, SSL_CTX_new, [], [liberrors="yes"])
       AC_CHECK_FUNCS(ENGINE_init)
  +    AC_CHECK_FUNCS(ENGINE_load_builtin_engines)
     else
       AC_CHECK_LIB(sslc, SSLC_library_version, [], [liberrors="yes"])
       AC_CHECK_LIB(sslc, SSL_CTX_new, [], [liberrors="yes"])
  
  
  
  1.79      +2 -2      httpd-2.0/modules/ssl/ssl_engine_config.c
  
  Index: ssl_engine_config.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
  retrieving revision 1.78
  retrieving revision 1.79
  diff -u -r1.78 -r1.79
  --- ssl_engine_config.c	19 May 2003 14:48:47 -0000	1.78
  +++ ssl_engine_config.c	30 May 2003 18:41:53 -0000	1.79
  @@ -510,7 +510,7 @@
       return NULL;
   }
   
  -#ifdef HAVE_ENGINE_INIT
  +#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
   const char *ssl_cmd_SSLCryptoDevice(cmd_parms *cmd,
                                       void *dcfg,
                                       const char *arg)
  @@ -518,7 +518,7 @@
       SSLModConfigRec *mc = myModConfig(cmd->server);
       const char *err;
       ENGINE *e;
  -#if SSL_LIBRARY_VERSION >= 0x00907000
  +#ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES
       static int loaded_engines = FALSE;
   
       /* early loading to make sure the engines are already 
  
  
  
  1.114     +2 -2      httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.113
  retrieving revision 1.114
  diff -u -r1.113 -r1.114
  --- ssl_engine_init.c	19 May 2003 14:48:47 -0000	1.113
  +++ ssl_engine_init.c	30 May 2003 18:41:53 -0000	1.114
  @@ -270,7 +270,7 @@
       /*
        * SSL external crypto device ("engine") support
        */
  -#ifdef HAVE_ENGINE_INIT
  +#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
       ssl_init_Engine(base_server, p);
   #endif
   
  @@ -351,7 +351,7 @@
    * Support for external a Crypto Device ("engine"), usually
    * a hardware accellerator card for crypto operations.
    */
  -#ifdef HAVE_ENGINE_INIT
  +#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
   void ssl_init_Engine(server_rec *s, apr_pool_t *p)
   {
       SSLModConfigRec *mc = myModConfig(s);
  
  
  
  1.36      +4 -1      httpd-2.0/modules/ssl/ssl_toolkit_compat.h
  
  Index: ssl_toolkit_compat.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_toolkit_compat.h,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -r1.35 -r1.36
  --- ssl_toolkit_compat.h	22 May 2003 19:41:32 -0000	1.35
  +++ ssl_toolkit_compat.h	30 May 2003 18:41:53 -0000	1.36
  @@ -66,7 +66,10 @@
   #include <openssl/evp.h>
   #include <openssl/rand.h>
   #include <openssl/x509v3.h>
  -#ifdef HAVE_ENGINE_INIT
  +/* Avoid tripping over an engine build installed globally and detected
  + * when the user points at an explicit non-engine flavor of OpenSSL
  + */
  +#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
   #include <openssl/engine.h>
   #endif
   
  
  
  

Mime
View raw message