Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 46145 invoked from network); 28 Feb 2009 15:46:32 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Feb 2009 15:46:32 -0000 Received: (qmail 48316 invoked by uid 500); 28 Feb 2009 15:46:29 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 48260 invoked by uid 500); 28 Feb 2009 15:46:29 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 48251 invoked by uid 99); 28 Feb 2009 15:46:29 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 28 Feb 2009 07:46:29 -0800 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [207.106.84.159] (HELO atlas.jtan.com) (207.106.84.159) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 28 Feb 2009 15:46:19 +0000 X-JTAN-Outgoing-From: sctemme@apache.org X-JTAN-Outgoing-To: X-JTAN-Received: [216.191.233.130] X-JTAN-Recipient: X-JTAN-AntiSPAM: not spam, Outgoing not scanned X-JTAN-AntiVirus: Found to be clean, Outgoing not scanned Received: from [172.16.1.15] ([216.191.233.130]) (authenticated bits=0) by atlas.jtan.com (8.12.8p1/8.12.8) with ESMTP id n1SFjtRQ019568 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Sat, 28 Feb 2009 15:45:56 GMT Message-Id: From: Sander Temme To: dev@httpd.apache.org In-Reply-To: <49A8E47B.8080206@velox.ch> Content-Type: multipart/signed; boundary=Apple-Mail-32--169285268; micalg=sha1; protocol="application/pkcs7-signature" Mime-Version: 1.0 (Apple Message framework v930.3) Subject: Re: svn commit: r748396 - in /httpd/httpd/trunk: modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_util_ssl.c support/ab.c Date: Sat, 28 Feb 2009 10:45:49 -0500 References: <20090227051620.0551623889B2@eris.apache.org> <49A86D45.7070705@apache.org> <49A8E47B.8080206@velox.ch> X-Mailer: Apple Mail (2.930.3) X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail-32--169285268 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit On Feb 28, 2009, at 2:15 AM, Kaspar Brand wrote: > Ruediger Pluem wrote: >> >> On 02/27/2009 06:16 AM, sctemme@apache.org wrote: >>> Author: sctemme >>> Date: Fri Feb 27 05:16:18 2009 >>> New Revision: 748396 >>> >>> URL: http://svn.apache.org/viewvc?rev=748396&view=rev >>> Log: >>> The development trunk of OpenSSL has tightened up the type safety >>> of the STACK construct >>> and the functions that manipulate it. Make httpd trunk compile >>> against OpenSSL HEAD >>> as well as OpenSSL 0.9.8j. Also, get rid of some warnings. > > I filed a bug (+ patch) about this in August last year: > > https://issues.apache.org/bugzilla/show_bug.cgi?id=45521 > > ... and find it rather irritating that the required modifications now > appear to have been redone from scratch (not that I'm particularly > keen > on getting my specific code into the tree, but two persons doing the > same within a few months is pretty needless). Oops, yes that was largely double work. If anyting that should teach me to search Bugzilla before I start hacking. In my defense, I was in a spot without connectivity when I did my patch. You did get one part I didn't, the x509 name comparison callback: -static int ssl_init_FindCAList_X509NameCmp(X509_NAME **a, X509_NAME **b) +static int ssl_init_FindCAList_X509NameCmp(const X509_NAME * const *a, + const X509_NAME * const *b) I just couldn't wrap my head around that there and then. I'll pull that in, with attribution of course. >> Hm. Now I get the following warning with openssl-0.9.8d: >> >> ab.c: In function 'main': >> ab.c:2230: warning: passing argument 1 of 'SSL_CTX_new' discards >> qualifiers from pointer target type Meh. Investigating. > It seems to me that the changes which constify SSL_CIPHER and > SSL_METHOD > are not really related to the modifications for additional STACK type > safety, or am I missing something? Correct, it's the "also" part. S. -- Sander Temme sctemme@apache.org PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF --Apple-Mail-32--169285268 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGPDCCAvUw ggJeoAMCAQICEGQKMmrovbmsDFmEErKvcDUwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkEx JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA4MDYxNzE4MzYwOVoXDTA5MDYxNzE4MzYw OVowWzEOMAwGA1UEBBMFVGVtbWUxDzANBgNVBCoTBlNhbmRlcjEVMBMGA1UEAxMMU2FuZGVyIFRl bW1lMSEwHwYJKoZIhvcNAQkBFhJzY3RlbW1lQGFwYWNoZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDYnHoZmQYVE9cAnYC+qePb2mCJriBvehvoNBO9Z/c4Zf2dJrXQQYUbXPxO hIklkgZph5RQV6CtIKiEnu7wseHM3q0huvNR2OhlZ8BggluV5nVX0BoyMG1ZWmM1v6ldT3uE5mGr 1qb2zOzrSYVoyA7V6d1OVV9/QOna3BAU/0TmfbG5VsclZS/V8GAsLU5rbuj8Tqu6mDJncw0mH4nV 7IIXtU/scqDl1QLtcHBLsajFtdXICAPUficOmcGZsfZz1rZs8jx2p1AOY+0LoMqXjtTbE1Jey3o2 20Hi5KqaKsbmgXpY8cAi4sKNTMEfgejrosKXL40L6ol244C6uNJ4eQddAgMBAAGjLzAtMB0GA1Ud EQQWMBSBEnNjdGVtbWVAYXBhY2hlLm9yZzAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GB AFZUHxJtpZwO6wbBf4lwU853P4DB335zug918adjGXECE4Jz70bMK87qLMY7UJKRXhYt40gG0o7b pTsEHoF8dY3MVuFpOaY8bDDZ92NfVMC/Zuh7xZJG66ilEe/Ns44oVo4S8R5SgF7Y0ONNmaBJSKEb Dt0LDMTCZfcL85X9SjVuMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUFADCB0TELMAkGA1UE BhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQK ExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZp c2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkB FhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIz NTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0 ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph 8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4H v0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQI MAYBAf8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBl cnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQD ExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+ whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FX JY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAxAw ggMMAgEBMHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkp IEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhBkCjJq 6L25rAxZhBKyr3A1MAkGBSsOAwIaBQCgggFvMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ KoZIhvcNAQkFMQ8XDTA5MDIyODE1NDU1MlowIwYJKoZIhvcNAQkEMRYEFLlYb5yxG2YVYG3pqdIb 4L+aYhsWMIGFBgkrBgEEAYI3EAQxeDB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUg Q29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwg SXNzdWluZyBDQQIQZAoyaui9uawMWYQSsq9wNTCBhwYLKoZIhvcNAQkQAgsxeKB2MGIxCzAJBgNV BAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNU aGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQZAoyaui9uawMWYQSsq9wNTANBgkq hkiG9w0BAQEFAASCAQCqQPD51RYQToQLulzIRwui0BaSo3MlfMnMvN2EOgdbpzxh0K144TNmFdnp Mrcaf70bZXw/lcXCAd6zFMhBqxsQn0BXYysbeesauUFZwOJM3h6uAcl1fjOfFIVqigK2GWZp+dG4 5seDooMJvdQs6HExNvmWlSibJDWFoS0knTqmWNGCHxsADBiRpMAtd6Ls7YdBB/iwUd23RNAXIm4Q 4jLzsle3mvYzn7B+Gq0ySTgTSJ8x1E2yzEBlgLCsvAZ0LWG8jLsdgOLn/smgfOO9+PMiZm8VQjRv APTUj4YhRSecNXY0gHfNYtE4g0SFwTRh9IV+QgUGe3Euh/Gvt6Q/iUbwAAAAAAAA --Apple-Mail-32--169285268--