-*- coding: utf-8 -*-
Changes with Apache 2.3.15
+ *) mod_ssl, configure, ab: drop support for RSA BSAFE SSL-C toolkit.
+ [Kaspar Brand]
+
*) mod_usertrack: Run mod_usertrack earlier in the fixups hook to ensure the
cookie is set when modules such as mod_rewrite trigger a redirect. Also
use r->err_headers_out for the cookie, for the same reason. PR29755.
])
dnl
-dnl APACHE_CHECK_SSL_TOOLKIT
+dnl APACHE_CHECK_OPENSSL
dnl
-dnl Configure for the detected openssl/ssl-c toolkit installation, giving
-dnl
preference to "--with-ssl=<path>" if it was specified.
+dnl Configure for OpenSSL, giving preference to
+dnl "--with-ssl=<path>" if it was specified.
dnl
-AC_DEFUN(APACHE_CHECK_SSL_TOOLKIT,[
- AC_CACHE_CHECK([for SSL/TLS toolkit], [ac_cv_ssltk], [
+AC_DEFUN(APACHE_CHECK_OPENSSL,[
+ AC_CACHE_CHECK([for OpenSSL], [ac_cv_openssl], [
dnl initialise the variables we use
- ac_cv_ssltk=yes
- ap_ssltk_found=""
- ap_ssltk_base=""
- ap_ssltk_libs=""
- ap_ssltk_type=""
-
- dnl Determine the SSL/TLS toolkit's base directory, if any
- AC_MSG_CHECKING([for user-provided SSL/TLS toolkit base])
- AC_ARG_WITH(sslc, APACHE_HELP_STRING(--with-sslc=DIR,RSA SSL-C SSL/TLS toolkit), [
- dnl If --with-sslc specifies a directory, we use that directory or fail
+ ac_cv_openssl=yes
+ ap_openssl_found=""
+ ap_openssl_base=""
+ ap_openssl_libs=""
+
+ dnl Determine the OpenSSL base directory, if any
+ AC_MSG_CHECKING([for user-provided OpenSSL base directory])
+ AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,OpenSSL base directory), [
+ dnl If --with-ssl specifies a directory, we use that directory
if test "x$withval" != "xyes" -a "x$withval" != "x"; then
dnl This ensures $withval is actually a directory and that it is absolute
- ap_ssltk_base="`cd $withval ; pwd`"
+ ap_openssl_base="`cd $withval ; pwd`"
fi
- ap_ssltk_type="sslc"
])
- AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,OpenSSL SSL/TLS toolkit), [
- dnl If --with-ssl specifies a directory, we use that directory or fail
- if test "x$withval" != "xyes" -a "x$withval" != "x"; then
- dnl This ensures $withval is actually a directory and that it is absolute
- ap_ssltk_base="`cd $withval ; pwd`"
- fi
- ])
- if test "x$ap_ssltk_base" = "x"; then
+ if test "x$ap_openssl_base" = "x"; then
AC_MSG_RESULT(none)
else
- AC_MSG_RESULT($ap_ssltk_base)
+ AC_MSG_RESULT($ap_openssl_base)
fi
dnl Run header and version checks
saved_LDFLAGS="$LDFLAGS"
SSL_LIBS=""
- dnl Before doing anything else, load in pkg-config variables (if not sslc).
- if test "x$ap_ssltk_type" = "x" -a -n "$PKGCONFIG"; then
+ dnl Before doing anything else, load in pkg-config variables
+ if test -n "$PKGCONFIG"; then
saved_PKG_CONFIG_PATH="$PKG_CONFIG_PATH"
- if test "x$ap_ssltk_base" != "x" -a \
- -f "${ap_ssltk_base}/lib/pkgconfig/openssl.pc"; then
+ if test "x$ap_openssl_base" != "x" -a \
+ -f "${ap_openssl_base}/lib/pkgconfig/openssl.pc"; then
dnl Ensure that the given path is used by pkg-config too, otherwise
dnl the system openssl.pc might be picked up instead.
- PKG_CONFIG_PATH="${ap_ssltk_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}"
+ PKG_CONFIG_PATH="${ap_openssl_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}"
export PKG_CONFIG_PATH
fi
- ap_ssltk_libs="`$PKGCONFIG --libs-only-l openssl 2>&1`"
+ ap_openssl_libs="`$PKGCONFIG --libs-only-l openssl 2>&1`"
if test $? -eq 0; then
- ap_ssltk_found="yes"
+ ap_openssl_found="yes"
pkglookup="`$PKGCONFIG --cflags-only-I openssl`"
APR_ADDTO(CPPFLAGS, [$pkglookup])
APR_ADDTO(INCLUDES, [$pkglookup])
fi
PKG_CONFIG_PATH="$saved_PKG_CONFIG_PATH"
fi
- if test "x$ap_ssltk_base" != "x" -a "x$ap_ssltk_found" = "x"; then
- APR_ADDTO(CPPFLAGS, [-I$ap_ssltk_base/include])
- APR_ADDTO(INCLUDES, [-I$ap_ssltk_base/include])
- APR_ADDTO(LDFLAGS, [-L$ap_ssltk_base/lib])
- APR_ADDTO(SSL_LIBS, [-L$ap_ssltk_base/lib])
+
+ dnl fall back to the user-supplied directory if not found via pkg-config
+ if test "x$ap_openssl_base" != "x" -a "x$ap_openssl_found" = "x"; then
+ APR_ADDTO(CPPFLAGS, [-I$ap_openssl_base/include])
+ APR_ADDTO(INCLUDES, [-I$ap_openssl_base/include])
+ APR_ADDTO(LDFLAGS, [-L$ap_openssl_base/lib])
+ APR_ADDTO(SSL_LIBS, [-L$ap_openssl_base/lib])
if test "x$ap_platform_runtime_link_flag" != "x"; then
- APR_ADDTO(LDFLAGS, [$ap_platform_runtime_link_flag$ap_ssltk_base/lib])
- APR_ADDTO(SSL_LIBS, [$ap_platform_runtime_link_flag$ap_ssltk_base/lib])
+ APR_ADDTO(LDFLAGS, [$ap_platform_runtime_link_flag$ap_openssl_base/lib])
+ APR_ADDTO(SSL_LIBS, [$ap_platform_runtime_link_flag$ap_openssl_base/lib])
fi
fi
- if test "x$ap_ssltk_type" = "x"; then
- dnl First check for manditory headers
- AC_CHECK_HEADERS([openssl/opensslv.h openssl/ssl.h], [ap_ssltk_type="openssl"], [])
- if test "$ap_ssltk_type" = "openssl"; then
- dnl so it's OpenSSL - test for a good version
- AC_MSG_CHECKING([for OpenSSL version])
- AC_TRY_COMPILE([#include <openssl/opensslv.h>],[
+
+ AC_MSG_CHECKING([for OpenSSL version])
+ AC_TRY_COMPILE([#include <openssl/opensslv.h>],[
#if !defined(OPENSSL_VERSION_NUMBER)
-#error "Missing openssl version"
+#error "Missing OpenSSL version"
#endif
#if (OPENSSL_VERSION_NUMBER < 0x009060af) \
|| ((OPENSSL_VERSION_NUMBER > 0x00907000) && (OPENSSL_VERSION_NUMBER < 0x0090702f))
#error "Insecure openssl version " OPENSSL_VERSION_TEXT
#endif],
- [AC_MSG_RESULT(OK)],
- [dnl Replace this with OPENSSL_VERSION_TEXT from opensslv.h?
- AC_MSG_RESULT([not encouraging])
- AC_MSG_WARN([OpenSSL version may contain security vulnerabilities!]
- [ Ensure the latest security patches have been applied!])
- ])
- else
- AC_MSG_RESULT([no OpenSSL headers found])
- fi
- fi
- if test "$ap_ssltk_type" != "openssl"; then
- dnl Might be SSL-C - report, then test anything relevant
- AC_CHECK_HEADERS([sslc.h], [ap_ssltk_type="sslc"], [ap_ssltk_type=""])
- if test "$ap_ssltk_type" = "sslc"; then
- ap_ssltk_libs="-lsslc"
- AC_MSG_CHECKING([for SSL-C version])
- AC_TRY_COMPILE([#include <sslc.h>],[
-#if !defined(SSLC_VERSION_NUMBER)
-#error "Missing SSL-C version"
-#endif
-#if SSLC_VERSION_NUMBER < 0x2310
-#define stringize_ver(x) #x
-#error "Insecure SSL-C version " stringize_ver(SSLC_VERSION_NUMBER)
-#endif],
- [AC_MSG_RESULT(OK)],
- [dnl Replace this with SSLC_VERSION_NUMBER?
- AC_MSG_RESULT([not encouraging])
- echo "WARNING: SSL-C version may contain security vulnerabilities!"
- echo " Ensure the latest security patches have been applied!"
- ])
- else
- AC_MSG_RESULT([no SSL-C headers found])
- fi
- fi
- if test "x$ap_ssltk_type" = "x"; then
- ac_cv_ssltk="no"
- AC_MSG_WARN([...No recognized SSL/TLS toolkit detected])
- else
- if test "$ap_ssltk_type" = "openssl" -a "x$ap_ssltk_found" = "x"; then
- ap_ssltk_found="yes"
- ap_ssltk_libs="-lssl -lcrypto `$apr_config --libs`"
- fi
- APR_ADDTO(SSL_LIBS, [$ap_ssltk_libs])
- APR_ADDTO(LIBS, [$ap_ssltk_libs])
+ [AC_MSG_RESULT(OK)],
+ [dnl Replace this with OPENSSL_VERSION_TEXT from opensslv.h?
+ AC_MSG_RESULT([not encouraging])
+ AC_MSG_WARN([OpenSSL version may contain security vulnerabilities!]
+ [ Ensure the latest security patches have been applied!])
+ ])
+
+ if test "x$ac_cv_openssl" = "xyes"; then
+ ap_openssl_libs="-lssl -lcrypto `$apr_config --libs`"
+ APR_ADDTO(SSL_LIBS, [$ap_openssl_libs])
+ APR_ADDTO(LIBS, [$ap_openssl_libs])
APACHE_SUBST(SSL_LIBS)
dnl Run library and function checks
liberrors=""
- if test "$ap_ssltk_type" = "openssl"; then
- AC_CHECK_HEADERS([openssl/engine.h])
- AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
- AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
- else
- AC_CHECK_FUNCS([SSLC_library_version SSL_CTX_new], [], [liberrors="yes"])
- AC_CHECK_FUNCS(SSL_set_state)
- fi
- dnl restore
- CPPFLAGS="$saved_CPPFLAGS"
- LIBS="$saved_LIBS"
- LDFLAGS="$saved_LDFLAGS"
+ AC_CHECK_HEADERS([openssl/engine.h])
+ AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"])
+ AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines])
if test "x$liberrors" != "x"; then
- ac_cv_ssltk=no
- AC_MSG_WARN([... Error, SSL/TLS libraries were missing or unusable])
+ ac_cv_openssl=no
+ AC_MSG_WARN([OpenSSL libraries are unusable])
fi
fi
- ])
- if test "x$ac_cv_ssltk" = "xyes" ; then
- dnl Adjust apache's configuration based on what we found above.
- dnl (a) define preprocessor symbols
- if test "$ap_ssltk_type" = "openssl"; then
- AC_DEFINE(HAVE_OPENSSL, 1, [Define if SSL is supported using OpenSSL])
- else
- AC_DEFINE(HAVE_SSLC, 1, [Define if SSL is supported using SSL-C])
- fi
+ dnl restore
+ CPPFLAGS="$saved_CPPFLAGS"
+ LIBS="$saved_LIBS"
+ LDFLAGS="$saved_LDFLAGS"
+ ])
+ if test "x$ac_cv_openssl" = "xyes"; then
+ AC_DEFINE(HAVE_OPENSSL, 1, [Define if OpenSSL is available])
fi
])
the original SSLProxy* directives
o per-directory SSLCACertificate{File,Path} is now thread-safe but
requires SSL_set_cert_store patch to OpenSSL
- o RSA sslc is supported via ssl_toolkit_compat.h
o the ssl_engine_{ds,ext}.c source files are obsolete and no longer
exist
"
dnl # hook module into the Autoconf mechanism (--enable-ssl option)
APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , most, [
- APACHE_CHECK_SSL_TOOLKIT
- if test "$ac_cv_ssltk" = "yes" ; then
+ APACHE_CHECK_OPENSSL
+ if test "$ac_cv_openssl" = "yes" ; then
APR_ADDTO(MOD_SSL_LDADD, [\$(SSL_LIBS)])
CHECK_OCSP
if test "x$enable_ssl" = "xshared"; then
/*
* Try to kill the internals of the SSL library.
*/
-#ifdef HAVE_OPENSSL
#if OPENSSL_VERSION_NUMBER >= 0x00907001
/* Corresponds to OPENSSL_load_builtin_modules():
* XXX: borrowed from apps.h, but why not CONF_modules_free()
* which also invokes CONF_modules_finish()?
*/
CONF_modules_unload(1);
-#endif
#endif
/* Corresponds to SSL_library_init: */
EVP_cleanup();
* code can successfully test the SSL environment.
*/
CRYPTO_malloc_init();
-#ifdef HAVE_OPENSSL
ERR_load_crypto_strings();
-#endif
SSL_load_error_strings();
SSL_library_init();
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
ENGINE_load_builtin_engines();
#endif
-#ifdef HAVE_OPENSSL
OpenSSL_add_all_algorithms();
#if OPENSSL_VERSION_NUMBER >= 0x00907001
OPENSSL_load_builtin_modules();
-#endif
#endif
/*
if (idx == SSL_AIDX_ECC)
pkey_type = EVP_PKEY_EC;
else
-#endif /* SSL_LIBRARY_VERSION */
+#endif
pkey_type = (idx == SSL_AIDX_RSA) ? EVP_PKEY_RSA : EVP_PKEY_DSA;
if (!(asn1 = ssl_asn1_table_get(mc->tPrivateKey, id))) {
}
}
-#ifdef SSLC_VERSION_NUMBER
-static int ssl_init_FindCAList_X509NameCmp(char **a, char **b)
-{
- return(X509_NAME_cmp((void*)*a, (void*)*b));
-}
-#else
static int ssl_init_FindCAList_X509NameCmp(const X509_NAME * const *a,
const X509_NAME * const *b)
{
return(X509_NAME_cmp(*a, *b));
}
-#endif
static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list,
server_rec *s, const char *file)
bio_filter_out_ctrl,
bio_filter_create,
bio_filter_destroy,
-#ifdef OPENSSL_VERSION_NUMBER
- NULL /* sslc does not have the callback_ctrl field */
-#endif
+ NULL
};
typedef struct {
NULL, /* ctrl is never called */
bio_filter_create,
bio_filter_destroy,
-#ifdef OPENSSL_VERSION_NUMBER
- NULL /* sslc does not have the callback_ctrl field */
-#endif
+ NULL
};
*/
pubkey = X509_get_pubkey(cert);
rc = X509_CRL_verify(crl, pubkey);
-#ifdef OPENSSL_VERSION_NUMBER
- /* Only refcounted in OpenSSL */
if (pubkey)
EVP_PKEY_free(pubkey);
-#endif
if (rc <= 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Invalid signature on CRL");
*/
static server_rec *ssl_pphrase_server_rec = NULL;
-#ifdef SSLC_VERSION_NUMBER
-int ssl_pphrase_Handle_CB(char *, int, int);
-#else
int ssl_pphrase_Handle_CB(char *, int, int, void *);
-#endif
static char *pphrase_array_get(apr_array_header_t *arr, int idx)
{
return 0;
}
-#ifdef SSLC_VERSION_NUMBER
-int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify)
-{
- void *srv = ssl_pphrase_server_rec;
-#else
int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
{
-#endif
SSLModConfigRec *mc;
server_rec *s;
apr_pool_t *p;
static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl)
{
char *result = "NULL";
-#ifdef OPENSSL_VERSION_NUMBER
#if (OPENSSL_VERSION_NUMBER >= 0x00908000)
SSL_SESSION *pSession = SSL_get_session(ssl);
break;
}
}
-#endif
#endif
return result;
}
#define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA|SSL_ALGO_ECC)
#else
#define SSL_ALGO_ALL (SSL_ALGO_RSA|SSL_ALGO_DSA)
-#endif /* SSL_LIBRARY_VERSION */
+#endif
#define SSL_AIDX_RSA (0)
#define SSL_AIDX_DSA (1)
#define SSL_AIDX_MAX (3)
#else
#define SSL_AIDX_MAX (2)
-#endif /* SSL_LIBRARY_VERSION */
+#endif
/**
DH *ssl_callback_TmpDH(SSL *, int, int);
#ifndef OPENSSL_NO_EC
EC_KEY *ssl_callback_TmpECDH(SSL *, int, int);
-#endif /* SSL_LIBRARY_VERSION */
+#endif
int ssl_callback_SSLVerify(int, X509_STORE_CTX *);
int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);
/**
* @file ssl_toolkit_compat.h
* @brief this header file provides a compatiblity layer
- * between OpenSSL and RSA sslc
*
* @defgroup MOD_SSL_TOOLKIT Toolkit
* @ingroup MOD_SSL
* @{
*/
-#ifdef HAVE_OPENSSL
-
/** OpenSSL headers */
#include <openssl/ssl.h>
#include <openssl/err.h>
#endif
#endif
-#elif defined(HAVE_SSLC)
-
-#include <bio.h>
-#include <ssl.h>
-#include <err.h>
-#include <x509.h>
-#include <pem.h>
-#include <evp.h>
-#include <objects.h>
-#include <sslc.h>
-
-/** sslc does not support this function, OpenSSL has since 9.5.1 */
-#define RAND_status() 1
-
-/** sslc names this function a bit differently */
-#define CRYPTO_num_locks() CRYPTO_get_num_locks()
-
-#ifndef STACK_OF
-#define STACK_OF(type) STACK
-#endif
-
-#define MODSSL_BIO_CB_ARG_TYPE char
-#define MODSSL_CRYPTO_CB_ARG_TYPE char
-#define MODSSL_INFO_CB_ARG_TYPE SSL*
-#define MODSSL_CLIENT_CERT_CB_ARG_TYPE void
-#define MODSSL_PCHAR_CAST (char *)
-#define MODSSL_D2I_SSL_SESSION_CONST
-#define MODSSL_D2I_PrivateKey_CONST
-#define MODSSL_D2I_X509_CONST
-
-typedef int (modssl_read_bio_cb_fn)(char*,int,int);
-
-#define modssl_X509_verify_cert(c) X509_verify_cert(c, NULL)
-
-#define modssl_PEM_read_bio_X509(b, x, cb, arg) \
- PEM_read_bio_X509(b, x, cb)
-
-#define modssl_PEM_X509_INFO_read_bio(b, x, cb, arg)\
- PEM_X509_INFO_read_bio(b, x, cb)
-
-#define modssl_PEM_read_bio_PrivateKey(b, k, cb, arg) \
- PEM_read_bio_PrivateKey(b, k, cb)
-
-#ifndef HAVE_SSL_SET_STATE
-#define SSL_set_state(ssl, state) /** XXX: should throw an error */
-#endif
-
-#define modssl_set_cipher_list(ssl, l) \
- SSL_set_cipher_list(ssl, (char *)l)
-
-#define modssl_free free
-
-#ifndef PEM_F_DEF_CALLBACK
-#define PEM_F_DEF_CALLBACK PEM_F_DEF_CB
-#endif
-
-#if SSLC_VERSION_NUMBER < 0x2000
-
-#define X509_STORE_CTX_set_depth(st, d)
-#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
-#define X509_REVOKED_get_serialNumber(xs) (xs->serialNumber)
-
-#define modssl_set_verify(ssl, verify, cb) \
- SSL_set_verify(ssl, verify)
-
-#else /** SSLC_VERSION_NUMBER >= 0x2000 */
-
-#define CRYPTO_malloc_init R_malloc_init
-
-#define EVP_cleanup()
-
-#endif /** SSLC_VERSION_NUMBER >= 0x2000 */
-
-typedef void (*modssl_popfree_fn)(char *data);
-
-#define sk_SSL_CIPHER_dup sk_dup
-#define sk_SSL_CIPHER_find(st, data) sk_find(st, (void *)data)
-#define sk_SSL_CIPHER_free sk_free
-#define sk_SSL_CIPHER_num sk_num
-#define sk_SSL_CIPHER_value (SSL_CIPHER *)sk_value
-#define sk_X509_num sk_num
-#define sk_X509_push sk_push
-#define sk_X509_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free))
-#define sk_X509_value (X509 *)sk_value
-#define sk_X509_INFO_free sk_free
-#define sk_X509_INFO_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free))
-#define sk_X509_INFO_num sk_num
-#define sk_X509_INFO_new_null sk_new_null
-#define sk_X509_INFO_value (X509_INFO *)sk_value
-#define sk_X509_NAME_find(st, data) sk_find(st, (void *)data)
-#define sk_X509_NAME_free sk_free
-#define sk_X509_NAME_new sk_new
-#define sk_X509_NAME_num sk_num
-#define sk_X509_NAME_push(st, data) sk_push(st, (void *)data)
-#define sk_X509_NAME_value (X509_NAME *)sk_value
-#define sk_X509_NAME_ENTRY_num sk_num
-#define sk_X509_NAME_ENTRY_value (X509_NAME_ENTRY *)sk_value
-#define sk_X509_NAME_set_cmp_func sk_set_cmp_func
-#define sk_X509_REVOKED_num sk_num
-#define sk_X509_REVOKED_value (X509_REVOKED *)sk_value
-
-#else /** ! HAVE_OPENSSL && ! HAVE_SSLC */
-
-#error "Unrecognized SSL Toolkit!"
-
-#endif /* ! HAVE_OPENSSL && ! HAVE_SSLC */
-
#ifndef modssl_set_verify
#define modssl_set_verify(ssl, verify, cb) \
SSL_set_verify(ssl, verify, cb)
break;
}
}
-#ifdef OPENSSL_VERSION_NUMBER
- /* Only refcounted in OpenSSL */
if (pFreeKey != NULL)
EVP_PKEY_free(pFreeKey);
-#endif
return t;
}
static apr_thread_mutex_t **lock_cs;
static int lock_num_locks;
-#ifdef HAVE_SSLC
-#if SSLC_VERSION_NUMBER >= 0x2000
-static int ssl_util_thr_lock(int mode, int type,
- char *file, int line)
-#else
-static void ssl_util_thr_lock(int mode, int type,
- char *file, int line)
-#endif
-#else
static void ssl_util_thr_lock(int mode, int type,
const char *file, int line)
-#endif
{
if (type < lock_num_locks) {
if (mode & CRYPTO_LOCK) {
else {
apr_thread_mutex_unlock(lock_cs[type]);
}
-#ifdef HAVE_SSLC
-#if SSLC_VERSION_NUMBER >= 0x2000
- return 1;
- }
- else {
- return -1;
-#endif
-#endif
}
}
*cp = NUL;
return str;
}
-
-/* sslc+OpenSSL compat */
-
int modssl_session_get_time(SSL_SESSION *session)
{
-#ifdef OPENSSL_VERSION_NUMBER
return SSL_SESSION_get_time(session);
-#else /* assume sslc */
- CRYPTO_TIME_T ct;
- SSL_SESSION_get_time(session, &ct);
- return CRYPTO_time_to_int(&ct);
-#endif
}
-#ifndef SSLC_VERSION_NUMBER
-#define SSLC_VERSION_NUMBER 0x0000
-#endif
-
DH *modssl_dh_configure(unsigned char *p, int plen,
unsigned char *g, int glen)
{
return NULL;
}
-#if defined(OPENSSL_VERSION_NUMBER) || (SSLC_VERSION_NUMBER < 0x2000)
dh->p = BN_bin2bn(p, plen, NULL);
dh->g = BN_bin2bn(g, glen, NULL);
if (!(dh->p && dh->g)) {
DH_free(dh);
return NULL;
}
-#else
- R_EITEMS_add(dh->data, PK_TYPE_DH, PK_DH_P, 0, p, plen, R_EITEMS_PF_COPY);
- R_EITEMS_add(dh->data, PK_TYPE_DH, PK_DH_G, 0, g, glen, R_EITEMS_PF_COPY);
-#endif
return dh;
}
#define __SSL_UTIL_SSL_H__
/**
- * Determine SSL library version number
+ * SSL library version number
*/
-#define SSL_NIBBLE(x,n) ((x >> (n * 4)) & 0xF)
-#ifdef OPENSSL_VERSION_NUMBER
#define SSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
#define SSL_LIBRARY_NAME "OpenSSL"
#define SSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT
#define SSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)
-#elif defined(SSLC_VERSION_NUMBER)
-#define SSL_LIBRARY_VERSION SSLC_VERSION_NUMBER
-#define SSL_LIBRARY_NAME "SSL-C"
-#define SSL_LIBRARY_TEXT { 'S', 'S', 'L', '-', 'C', ' ', \
- '0' + SSL_NIBBLE(SSLC_VERSION_NUMBER,3), '.', \
- '0' + SSL_NIBBLE(SSLC_VERSION_NUMBER,2), '.', \
- '0' + SSL_NIBBLE(SSLC_VERSION_NUMBER,1), '.', \
- '0' + SSL_NIBBLE(SSLC_VERSION_NUMBER,0), 0 }
-#define SSL_LIBRARY_DYNTEXT SSLC_library_info(SSLC_INFO_VERSION)
-#elif !defined(SSL_LIBRARY_VERSION)
-#define SSL_LIBRARY_VERSION 0x0000
-#define SSL_LIBRARY_NAME "OtherSSL"
-#define SSL_LIBRARY_TEXT "OtherSSL 0.0.0 00 XXX 0000"
-#define SSL_LIBRARY_DYNTEXT "OtherSSL 0.0.0 00 XXX 0000"
-#endif
/**
* Maximum length of a DER encoded session.
int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, modssl_read_bio_cb_fn *);
char *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
-/** util functions for OpenSSL+sslc compat */
int modssl_session_get_time(SSL_SESSION *session);
DH *modssl_dh_configure(unsigned char *p, int plen,
#include "ap_config_auto.h"
#endif
-#if defined(HAVE_SSLC)
-
-/* Libraries for RSA SSL-C */
-#include <rsa.h>
-#include <x509.h>
-#include <pem.h>
-#include <err.h>
-#include <ssl.h>
-#include <r_rand.h>
-#include <sslc.h>
-#define USE_SSL
-#define RSAREF
-#define SK_NUM(x) sk_num(x)
-#define SK_VALUE(x,y) sk_value(x,y)
-typedef STACK X509_STACK_TYPE;
-
-#elif defined(HAVE_OPENSSL)
+#if defined(HAVE_OPENSSL)
-/* Libraries on most systems.. */
#include <openssl/rsa.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
projects / apache / commitdiff