httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <p...@querna.org>
Subject Re: svn commit: r798359 - in /httpd/httpd/branches/2.2.x: modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_engine_vars.c modules/ssl/ssl_util_ssl.c support/ab.c
Date Tue, 28 Jul 2009 02:13:20 GMT
-1 veto, please revert this commit.

Unless I missed something, these changes were not voted on in the
STATUS file.  I think wrowe's endorsement was... badly worded.

Thanks,

Paul


On Mon, Jul 27, 2009 at 7:08 PM, <fuankg@apache.org> wrote:
> Author: fuankg
> Date: Tue Jul 28 02:08:32 2009
> New Revision: 798359
>
> URL: http://svn.apache.org/viewvc?rev=798359&view=rev
> Log:
> backport support for OpenSSL 1.0.0 from HEAD. Based on:
> http://svn.apache.org/viewvc?view=rev&revision=748396
> http://svn.apache.org/viewvc?view=rev&revision=749466
> http://svn.apache.org/viewvc?view=rev&revision=798274
>
> Modified:
>    httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c
>    httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c
>    httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c
>    httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c
>    httpd/httpd/branches/2.2.x/support/ab.c
>
> Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c?rev=798359&r1=798358&r2=798359&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c (original)
> +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c Tue Jul 28 02:08:32 2009
> @@ -573,7 +573,7 @@
>             ssl_die();
>         }
>
> -        SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list);
> +        SSL_CTX_set_client_CA_list(ctx, ca_list);
>     }
>
>     /*
>
> Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c?rev=798359&r1=798358&r2=798359&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c (original)
> +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_kernel.c Tue Jul 28 02:08:32 2009
> @@ -222,7 +222,7 @@
>     X509_STORE *cert_store = NULL;
>     X509_STORE_CTX cert_store_ctx;
>     STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
> -    SSL_CIPHER *cipher = NULL;
> +    const SSL_CIPHER *cipher = NULL;
>     int depth, verify_old, verify, n;
>
>     if (ssl) {
> @@ -668,7 +668,7 @@
>                  * sk_X509_shift-ed the peer cert out of the chain.
>                  * we put it back here for the purpose of quick_renegotiation.
>                  */
> -                cert_stack = sk_new_null();
> +                cert_stack = sk_X509_new_null();
>                 sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
>             }
>
>
> Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c?rev=798359&r1=798358&r2=798359&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c (original)
> +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_vars.c Tue Jul 28 02:08:32 2009
> @@ -628,7 +628,7 @@
>     ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
>
>     if (ssl && strEQ(var, "")) {
> -        SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
> +        const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
>         result = (cipher != NULL ? (char *)SSL_CIPHER_get_name(cipher) : NULL);
>     }
>     else if (strcEQ(var, "_EXPORT"))
> @@ -649,7 +649,7 @@
>
>  static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize)
>  {
> -    SSL_CIPHER *cipher;
> +    const SSL_CIPHER *cipher;
>
>     *usekeysize = 0;
>     *algkeysize = 0;
>
> Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c?rev=798359&r1=798358&r2=798359&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c (original)
> +++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_util_ssl.c Tue Jul 28 02:08:32 2009
> @@ -294,7 +294,7 @@
>  #ifdef HAVE_SSL_X509V3_EXT_d2i
>     X509_EXTENSION *ext;
>     int ext_nid;
> -    STACK *sk;
> +    EXTENDED_KEY_USAGE *sk;
>     BOOL is_sgc;
>     int idx;
>     int i;
> @@ -303,9 +303,9 @@
>     idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1);
>     if (idx >= 0) {
>         ext = X509_get_ext(cert, idx);
> -        if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) {
> -            for (i = 0; i < sk_num(sk); i++) {
> -                ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_value(sk, i));
> +        if ((sk = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i(ext)) != NULL) {
> +            for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
> +                ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_ASN1_OBJECT_value(sk,
i));
>                 if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
>                     is_sgc = TRUE;
>                     break;
> @@ -467,7 +467,7 @@
>     X509 *x509;
>     unsigned long err;
>     int n;
> -    STACK *extra_certs;
> +    STACK_OF(X509) *extra_certs;
>
>     if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
>         return -1;
>
> Modified: httpd/httpd/branches/2.2.x/support/ab.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/support/ab.c?rev=798359&r1=798358&r2=798359&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.2.x/support/ab.c (original)
> +++ httpd/httpd/branches/2.2.x/support/ab.c Tue Jul 28 02:08:32 2009
> @@ -189,6 +189,12 @@
>
>  #endif
>
> +#if defined(USE_SSL) && (OPENSSL_VERSION_NUMBER >= 0x00909000)
> +#define AB_SSL_METHOD_CONST const
> +#else
> +#define AB_SSL_METHOD_CONST
> +#endif
> +
>  #include <math.h>
>  #if APR_HAVE_CTYPE_H
>  #include <ctype.h>
> @@ -480,7 +486,7 @@
>
>  static int ssl_print_connection_info(BIO *bio, SSL *ssl)
>  {
> -    SSL_CIPHER *c;
> +    const SSL_CIPHER *c;
>     int alg_bits,bits;
>
>     c = SSL_get_current_cipher(ssl);
> @@ -566,7 +572,7 @@
>             if (verbosity >= 2)
>                 ssl_print_info(c);
>             if (ssl_info == NULL) {
> -                SSL_CIPHER *ci;
> +                const SSL_CIPHER *ci;
>                 X509 *cert;
>                 int sk_bits, pk_bits, swork;
>
> @@ -1981,7 +1987,7 @@
>     const char *optarg;
>     char c;
>  #ifdef USE_SSL
> -    SSL_METHOD *meth = SSLv23_client_method();
> +    AB_SSL_METHOD_CONST SSL_METHOD *meth = SSLv23_client_method();
>  #endif
>
>     /* table defaults  */
>
>
>

Mime
View raw message