LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11343 Commits
1 Branch
46 MiB
Tree: 22baa9f3ed
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '22baa9f3ed'
${ noResults }
openwrt-packages-dist/libs/libevhtp/patches/020-openssl-1.1-compatibili...

132 lines
5.1 KiB
Raw Normal View History

libevhtp: add openssl 1.1 compatibility This patch is a backport of upstream changes. I read the Makefile warning and made sure it only updates the openssl calls and data types to the new API. It does not touch anything else! Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
7 years ago
 
  1. --- a/evhtp.c

  2. +++ b/evhtp.c

  3. @@ -1686,16 +1686,15 @@ _evhtp_ssl_thread_lock(int mode, int typ

  4.  #endif
  5.  static void
  6.  _evhtp_ssl_delete_scache_ent(evhtp_ssl_ctx_t * ctx, evhtp_ssl_sess_t * sess) {
  7. -    evhtp_t         * htp;

  8. -    evhtp_ssl_cfg_t * cfg;

  9. -    unsigned char   * sid;

  10. -    unsigned int      slen;

  11. +    evhtp_t          * htp;

  12. +    evhtp_ssl_cfg_t  * cfg;

  13. +    evhtp_ssl_data_t * sid;

  14. +    unsigned int       slen;

  15.  
  16.      htp  = (evhtp_t *)SSL_CTX_get_app_data(ctx);
  17.      cfg  = htp->ssl_cfg;
  18.  
  19. -    sid  = sess->session_id;

  20. -    slen = sess->session_id_length;

  21. +    sid = (evhtp_ssl_data_t *)SSL_SESSION_get_id(sess, &slen);

  22.  
  23.      if (cfg->scache_del) {
  24.          (cfg->scache_del)(htp, sid, slen);
  25. @@ -1706,14 +1705,17 @@ static int

  26.  _evhtp_ssl_add_scache_ent(evhtp_ssl_t * ssl, evhtp_ssl_sess_t * sess) {
  27.      evhtp_connection_t * connection;
  28.      evhtp_ssl_cfg_t    * cfg;
  29. -    unsigned char      * sid;

  30. +    evhtp_ssl_data_t   * sid;

  31.      int                  slen;
  32.  
  33.      connection = (evhtp_connection_t *)SSL_get_app_data(ssl);
  34. -    cfg        = connection->htp->ssl_cfg;

  35. +    if (connection->htp == NULL)

  36. +    {

  37. +    	return 0;	/* We cannot get the ssl_cfg */

  38. +    }

  39.  
  40. -    sid        = sess->session_id;

  41. -    slen       = sess->session_id_length;

  42. +    cfg	= connection->htp->ssl_cfg;

  43. +    sid = (evhtp_ssl_data_t *)SSL_SESSION_get_id(sess, &slen);

  44.  
  45.      SSL_set_timeout(sess, cfg->scache_timeout);
  46.  
  47. @@ -1725,7 +1727,7 @@ _evhtp_ssl_add_scache_ent(evhtp_ssl_t *

  48.  }
  49.  
  50.  static evhtp_ssl_sess_t *
  51. -_evhtp_ssl_get_scache_ent(evhtp_ssl_t * ssl, unsigned char * sid, int sid_len, int * copy) {

  52. +_evhtp_ssl_get_scache_ent(evhtp_ssl_t * ssl, evhtp_ssl_data_t * sid, int sid_len, int * copy) {

  53.      evhtp_connection_t * connection;
  54.      evhtp_ssl_cfg_t    * cfg;
  55.      evhtp_ssl_sess_t   * sess;
  56. @@ -1767,12 +1769,12 @@ _evhtp_ssl_servername(evhtp_ssl_t * ssl,

  57.          connection->vhost_via_sni = 1;
  58.  
  59.          SSL_set_SSL_CTX(ssl, evhtp_vhost->ssl_ctx);
  60. -        SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx));

  61. +        SSL_set_options(ssl, SSL_CTX_get_options(SSL_get_SSL_CTX(ssl)));

  62.  
  63.          if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
  64.              (SSL_num_renegotiations(ssl) == 0)) {
  65. -            SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),

  66. -                           SSL_CTX_get_verify_callback(ssl->ctx));

  67. +            SSL_set_verify(ssl, SSL_CTX_get_verify_mode(SSL_get_SSL_CTX(ssl)),

  68. +                           SSL_CTX_get_verify_callback(SSL_get_SSL_CTX(ssl)));

  69.          }
  70.  
  71.          return SSL_TLSEXT_ERR_OK;
  72. @@ -3017,15 +3019,21 @@ evhtp_ssl_init(evhtp_t * htp, evhtp_ssl_

  73.          return -1;
  74.      }
  75.  
  76. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  77.      SSL_library_init();
  78.      SSL_load_error_strings();
  79. +#endif

  80.      RAND_poll();
  81.  
  82.      STACK_OF(SSL_COMP) * comp_methods = SSL_COMP_get_compression_methods();
  83.      sk_SSL_COMP_zero(comp_methods);
  84.  
  85.      htp->ssl_cfg = cfg;
  86. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  87.      htp->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
  88. +#else

  89. +    htp->ssl_ctx = SSL_CTX_new(TLS_server_method());

  90. +#endif

  91.  
  92.  #if OPENSSL_VERSION_NUMBER >= 0x10000000L
  93.      SSL_CTX_set_options(htp->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
  94. @@ -3062,7 +3070,11 @@ evhtp_ssl_init(evhtp_t * htp, evhtp_ssl_

  95.      SSL_CTX_set_verify(htp->ssl_ctx, cfg->verify_peer, cfg->x509_verify_cb);
  96.  
  97.      if (cfg->x509_chk_issued_cb != NULL) {
  98. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  99.          htp->ssl_ctx->cert_store->check_issued = cfg->x509_chk_issued_cb;
  100. +#else

  101. +	X509_STORE_set_check_issued(SSL_CTX_get_cert_store(htp->ssl_ctx), cfg->x509_chk_issued_cb);

  102. +#endif

  103.      }
  104.  
  105.      if (cfg->verify_depth) {
  106. --- a/evhtp.h

  107. +++ b/evhtp.h

  108. @@ -34,6 +34,11 @@ typedef SSL                       evhtp_

  109.  typedef SSL_CTX                   evhtp_ssl_ctx_t;
  110.  typedef X509                      evhtp_x509_t;
  111.  typedef X509_STORE_CTX            evhtp_x509_store_ctx_t;
  112. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  113. +typedef unsigned char             evhtp_ssl_data_t;

  114. +#else

  115. +typedef const unsigned char       evhtp_ssl_data_t;

  116. +#endif

  117.  #else
  118.  typedef void                      evhtp_ssl_sess_t;
  119.  typedef void                      evhtp_ssl_t;
  120. @@ -154,9 +159,9 @@ typedef int (*evhtp_headers_iterator)(ev

  121.  typedef int (*evhtp_ssl_verify_cb)(int pre_verify, evhtp_x509_store_ctx_t * ctx);
  122.  typedef int (*evhtp_ssl_chk_issued_cb)(evhtp_x509_store_ctx_t * ctx, evhtp_x509_t * x, evhtp_x509_t * issuer);
  123.  
  124. -typedef int (*evhtp_ssl_scache_add)(evhtp_connection_t * connection, unsigned char * sid, int sid_len, evhtp_ssl_sess_t * sess);

  125. -typedef void (*evhtp_ssl_scache_del)(evhtp_t * htp, unsigned char * sid, int sid_len);

  126. -typedef evhtp_ssl_sess_t * (*evhtp_ssl_scache_get)(evhtp_connection_t * connection, unsigned char * sid, int sid_len);

  127. +typedef int (*evhtp_ssl_scache_add)(evhtp_connection_t * connection, evhtp_ssl_data_t * sid, int sid_len, evhtp_ssl_sess_t * sess);

  128. +typedef void (*evhtp_ssl_scache_del)(evhtp_t * htp, evhtp_ssl_data_t * sid, int sid_len);

  129. +typedef evhtp_ssl_sess_t * (*evhtp_ssl_scache_get)(evhtp_connection_t * connection, evhtp_ssl_data_t * sid, int sid_len);

  130.  typedef void * (*evhtp_ssl_scache_init)(evhtp_t *);
  131.  
  132.  #define EVHTP_VERSION           "1.1.6"