|
--- a/evhtp.c
|
|
+++ b/evhtp.c
|
|
@@ -1817,16 +1817,15 @@ _evhtp_ssl_thread_lock(int mode, int typ
|
|
#endif
|
|
static void
|
|
_evhtp_ssl_delete_scache_ent(evhtp_ssl_ctx_t * ctx, evhtp_ssl_sess_t * sess) {
|
|
- evhtp_t * htp;
|
|
- evhtp_ssl_cfg_t * cfg;
|
|
- unsigned char * sid;
|
|
- unsigned int slen;
|
|
+ evhtp_t * htp;
|
|
+ evhtp_ssl_cfg_t * cfg;
|
|
+ evhtp_ssl_data_t * sid;
|
|
+ unsigned int slen;
|
|
|
|
htp = (evhtp_t *)SSL_CTX_get_app_data(ctx);
|
|
cfg = htp->ssl_cfg;
|
|
|
|
- sid = sess->session_id;
|
|
- slen = sess->session_id_length;
|
|
+ sid = (evhtp_ssl_data_t *)SSL_SESSION_get_id(sess, &slen);
|
|
|
|
if (cfg->scache_del) {
|
|
(cfg->scache_del)(htp, sid, slen);
|
|
@@ -1837,14 +1836,17 @@ static int
|
|
_evhtp_ssl_add_scache_ent(evhtp_ssl_t * ssl, evhtp_ssl_sess_t * sess) {
|
|
evhtp_connection_t * connection;
|
|
evhtp_ssl_cfg_t * cfg;
|
|
- unsigned char * sid;
|
|
+ evhtp_ssl_data_t * sid;
|
|
int slen;
|
|
|
|
connection = (evhtp_connection_t *)SSL_get_app_data(ssl);
|
|
- cfg = connection->htp->ssl_cfg;
|
|
+ if (connection->htp == NULL)
|
|
+ {
|
|
+ return 0; /* We cannot get the ssl_cfg */
|
|
+ }
|
|
|
|
- sid = sess->session_id;
|
|
- slen = sess->session_id_length;
|
|
+ cfg = connection->htp->ssl_cfg;
|
|
+ sid = (evhtp_ssl_data_t *)SSL_SESSION_get_id(sess, &slen);
|
|
|
|
SSL_set_timeout(sess, cfg->scache_timeout);
|
|
|
|
@@ -1856,7 +1858,7 @@ _evhtp_ssl_add_scache_ent(evhtp_ssl_t *
|
|
}
|
|
|
|
static evhtp_ssl_sess_t *
|
|
-_evhtp_ssl_get_scache_ent(evhtp_ssl_t * ssl, unsigned char * sid, int sid_len, int * copy) {
|
|
+_evhtp_ssl_get_scache_ent(evhtp_ssl_t * ssl, evhtp_ssl_data_t * sid, int sid_len, int * copy) {
|
|
evhtp_connection_t * connection;
|
|
evhtp_ssl_cfg_t * cfg;
|
|
evhtp_ssl_sess_t * sess;
|
|
@@ -1898,12 +1900,12 @@ _evhtp_ssl_servername(evhtp_ssl_t * ssl,
|
|
connection->vhost_via_sni = 1;
|
|
|
|
SSL_set_SSL_CTX(ssl, evhtp_vhost->ssl_ctx);
|
|
- SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx));
|
|
+ SSL_set_options(ssl, SSL_CTX_get_options(SSL_get_SSL_CTX(ssl)));
|
|
|
|
if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
|
|
(SSL_num_renegotiations(ssl) == 0)) {
|
|
- SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),
|
|
- SSL_CTX_get_verify_callback(ssl->ctx));
|
|
+ SSL_set_verify(ssl, SSL_CTX_get_verify_mode(SSL_get_SSL_CTX(ssl)),
|
|
+ SSL_CTX_get_verify_callback(SSL_get_SSL_CTX(ssl)));
|
|
}
|
|
|
|
return SSL_TLSEXT_ERR_OK;
|
|
@@ -3197,15 +3199,21 @@ evhtp_ssl_init(evhtp_t * htp, evhtp_ssl_
|
|
return -1;
|
|
}
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
SSL_library_init();
|
|
SSL_load_error_strings();
|
|
+#endif
|
|
RAND_poll();
|
|
|
|
STACK_OF(SSL_COMP) * comp_methods = SSL_COMP_get_compression_methods();
|
|
sk_SSL_COMP_zero(comp_methods);
|
|
|
|
htp->ssl_cfg = cfg;
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
htp->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
|
|
+#else
|
|
+ htp->ssl_ctx = SSL_CTX_new(TLS_server_method());
|
|
+#endif
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
|
SSL_CTX_set_options(htp->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
|
|
@@ -3242,7 +3250,11 @@ evhtp_ssl_init(evhtp_t * htp, evhtp_ssl_
|
|
SSL_CTX_set_verify(htp->ssl_ctx, cfg->verify_peer, cfg->x509_verify_cb);
|
|
|
|
if (cfg->x509_chk_issued_cb != NULL) {
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
htp->ssl_ctx->cert_store->check_issued = cfg->x509_chk_issued_cb;
|
|
+#else
|
|
+ X509_STORE_set_check_issued(SSL_CTX_get_cert_store(htp->ssl_ctx), cfg->x509_chk_issued_cb);
|
|
+#endif
|
|
}
|
|
|
|
if (cfg->verify_depth) {
|
|
--- a/evhtp.h
|
|
+++ b/evhtp.h
|
|
@@ -34,6 +34,11 @@ typedef SSL evhtp_
|
|
typedef SSL_CTX evhtp_ssl_ctx_t;
|
|
typedef X509 evhtp_x509_t;
|
|
typedef X509_STORE_CTX evhtp_x509_store_ctx_t;
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+typedef unsigned char evhtp_ssl_data_t;
|
|
+#else
|
|
+typedef const unsigned char evhtp_ssl_data_t;
|
|
+#endif
|
|
#else
|
|
typedef void evhtp_ssl_sess_t;
|
|
typedef void evhtp_ssl_t;
|
|
@@ -157,9 +162,9 @@ typedef int (*evhtp_headers_iterator)(ev
|
|
typedef int (*evhtp_ssl_verify_cb)(int pre_verify, evhtp_x509_store_ctx_t * ctx);
|
|
typedef int (*evhtp_ssl_chk_issued_cb)(evhtp_x509_store_ctx_t * ctx, evhtp_x509_t * x, evhtp_x509_t * issuer);
|
|
|
|
-typedef int (*evhtp_ssl_scache_add)(evhtp_connection_t * connection, unsigned char * sid, int sid_len, evhtp_ssl_sess_t * sess);
|
|
-typedef void (*evhtp_ssl_scache_del)(evhtp_t * htp, unsigned char * sid, int sid_len);
|
|
-typedef evhtp_ssl_sess_t * (*evhtp_ssl_scache_get)(evhtp_connection_t * connection, unsigned char * sid, int sid_len);
|
|
+typedef int (*evhtp_ssl_scache_add)(evhtp_connection_t * connection, evhtp_ssl_data_t * sid, int sid_len, evhtp_ssl_sess_t * sess);
|
|
+typedef void (*evhtp_ssl_scache_del)(evhtp_t * htp, evhtp_ssl_data_t * sid, int sid_len);
|
|
+typedef evhtp_ssl_sess_t * (*evhtp_ssl_scache_get)(evhtp_connection_t * connection, evhtp_ssl_data_t * sid, int sid_len);
|
|
typedef void * (*evhtp_ssl_scache_init)(evhtp_t *);
|
|
|
|
#define EVHTP_VERSION "1.2.0"
|