tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From billbar...@apache.org
Subject svn commit: r1712199 - in /tomcat/native/branches/1.1.x/native/src: ssl.c sslnetwork.c sslutils.c
Date Tue, 03 Nov 2015 02:07:20 GMT
Author: billbarker
Date: Tue Nov  3 02:07:20 2015
New Revision: 1712199

URL: http://svn.apache.org/viewvc?rev=1712199&view=rev
Log:
Align with OpenSSL master. The big change is that now OpenSSL take full control of the SSL
state machine, so we can't change it anymore. But it also looks like doing a read after renegotiate
isn't necessary anymore. I'll wait to see how Gump reacts before porting to 1.2.x

Modified:
    tomcat/native/branches/1.1.x/native/src/ssl.c
    tomcat/native/branches/1.1.x/native/src/sslnetwork.c
    tomcat/native/branches/1.1.x/native/src/sslutils.c

Modified: tomcat/native/branches/1.1.x/native/src/ssl.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?rev=1712199&r1=1712198&r2=1712199&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/ssl.c (original)
+++ tomcat/native/branches/1.1.x/native/src/ssl.c Tue Nov  3 02:07:20 2015
@@ -654,12 +654,14 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize
         TCN_FREE_CSTRING(engine);
         return (jint)APR_SUCCESS;
     }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     if (SSLeay() < 0x0090700L) {
         TCN_FREE_CSTRING(engine);
         tcn_ThrowAPRException(e, APR_EINVAL);
         ssl_initialized = 0;
         return (jint)APR_EINVAL;
     }
+#enduf
     /* We must register the library in full, to ensure our configuration
      * code can successfully test the SSL environment.
      */

Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=1712199&r1=1712198&r2=1712199&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Tue Nov  3 02:07:20 2015
@@ -645,6 +645,7 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene
 #endif
         return APR_EGENERAL;
     }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #if OPENSSL_VERSION_NUMBER >= 0x1000100fL
     SSL_set_state(con->ssl, SSL_ST_ACCEPT);
 #else
@@ -668,13 +669,11 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, rene
             break;
     }
     con->reneg_state = RENEG_REJECT;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
     if (SSL_get_state(con->ssl) != SSL_ST_OK) {
-#else
-    if (SSL_get_state(con->ssl) != TLS_ST_OK) {
-#endif
         return APR_EGENERAL;
     }
+#endif
 
     return APR_SUCCESS;
 }

Modified: tomcat/native/branches/1.1.x/native/src/sslutils.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslutils.c?rev=1712199&r1=1712198&r2=1712199&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslutils.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslutils.c Tue Nov  3 02:07:20 2015
@@ -225,7 +225,11 @@ int SSL_CTX_use_certificate_chain(SSL_CT
     unsigned long err;
     int n;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
+#else
+    if ((bio = BIO_new(BIO_s_file())) == NULL)
+#endif
         return -1;
     if (BIO_read_filename(bio, file) <= 0) {
         BIO_free(bio);
@@ -534,9 +538,11 @@ void SSL_callback_handshake(const SSL *s
     if ((where & SSL_CB_ACCEPT_LOOP) && con->reneg_state == RENEG_REJECT)
{
         int state = SSL_get_state(ssl);
 
-        if (state == SSL3_ST_SR_CLNT_HELLO_A
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
+        if (state == SSL3_ST_SR_CLNT_HELLO_A
             || state == SSL23_ST_SR_CLNT_HELLO_A
+#else
+        if (state == TLS_ST_SR_CLNT_HELLO
 #endif
             ) {
             con->reneg_state = RENEG_ABORT;



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message