Initial OpenSSL 3.0 support

author William Marlow <william.marlow@ibm.com>

Sat, 18 Jun 2022 20:43:31 +0000 (21:43 +0100)

committer Azat Khuzhin <azat@libevent.org>

Sat, 9 Jul 2022 20:24:53 +0000 (23:24 +0300)
author William Marlow <william.marlow@ibm.com>
Sat, 18 Jun 2022 20:43:31 +0000 (21:43 +0100)
committer Azat Khuzhin <azat@libevent.org>
Sat, 9 Jul 2022 20:24:53 +0000 (23:24 +0300)
diff --git a/bufferevent_openssl.c b/bufferevent_openssl.c

index 6ace1e3aea215ec1bd51d9cb2c2943261bcbff9f..1e851749d04508310c8ae509392ec21b892870b1 100644 (file)
--- a/bufferevent_openssl.c
+++ b/bufferevent_openssl.c
@@ -259,7 +259,9 @@ conn_closed(struct bufferevent_ssl *bev_ssl, int when, int errcode, int ret)
                 bufferevent_ssl_put_error(bev_ssl, errcode);
                 break;
         case SSL_ERROR_SSL:
-               /* Protocol error. */
+               /* Protocol error; possibly a dirty shutdown. */
+               if (ret == 0 && SSL_is_init_finished(bev_ssl->ssl) == 0)
+                       dirty_shutdown = 1;
                 bufferevent_ssl_put_error(bev_ssl, errcode);
                 break;
         case SSL_ERROR_WANT_X509_LOOKUP:
diff --git a/sample/becat.c b/sample/becat.c

index 00c5a55eeecb6e542213950726a2633c5c1dbbb7..c6daf90a2738de1261743395aec1ec7a23fb9b66 100644 (file)
--- a/sample/becat.c
+++ b/sample/becat.c
@@ -188,6 +188,10 @@ static void ssl_ctx_free(struct ssl_context *ssl)
  static int ssl_load_key(struct ssl_context *ssl)
  {
         int err = 1;
+#if OPENSSL_VERSION_MAJOR >= 3
+       ssl->pkey = EVP_RSA_gen(4096);
+       err = ssl->pkey == NULL;
+#else
         BIGNUM *bn;
         RSA *key;
  
@@ -205,6 +209,7 @@ static int ssl_load_key(struct ssl_context *ssl)
         err = 0;
  err:
         BN_free(bn);
+#endif
         return err;
  }
  static int ssl_load_cert(struct ssl_context *ssl)
@@ -386,8 +391,12 @@ static void be_ssl_errors(struct bufferevent *bev)
         while ((err = bufferevent_get_openssl_error(bev))) {
                 const char *msg = ERR_reason_error_string(err);
                 const char *lib = ERR_lib_error_string(err);
+#if OPENSSL_VERSION_MAJOR >= 3
+               error("ssl/err=%d/%s in %s\n", err, msg, lib);
+#else
                 const char *func = ERR_func_error_string(err);
                 error("ssl/err=%d/%s in %s %s\n", err, msg, lib, func);
+#endif
         }
  }
  static int event_cb_(struct bufferevent *bev, short what, int ssl, int stop)
diff --git a/sample/le-proxy.c b/sample/le-proxy.c

index d46a5e15974f981c14581930c12903749f4e808d..881d3a5935ef109f5ca247181d1abe9ff2b821c2 100644 (file)
--- a/sample/le-proxy.c
+++ b/sample/le-proxy.c
@@ -113,10 +113,15 @@ eventcb(struct bufferevent *bev, short what, void *ctx)
                                     ERR_reason_error_string(err);
                                 const char *lib = (const char*)
                                     ERR_lib_error_string(err);
+#if OPENSSL_VERSION_MAJOR >= 3
+                               fprintf(stderr,
+                                       "%s in %s\n", msg, lib);
+#else
                                 const char *func = (const char*)
                                     ERR_func_error_string(err);
                                 fprintf(stderr,
                                     "%s in %s %s\n", msg, lib, func);
+#endif
                         }
                         if (errno)
                                 perror("connection error");
diff --git a/test/regress_mbedtls.c b/test/regress_mbedtls.c

index 6822fecebfacb3f67bf1b5231d72a984f74c0fb6..df152a2f67ff3683e910c4a943b58c91b61148e2 100644 (file)
--- a/test/regress_mbedtls.c
+++ b/test/regress_mbedtls.c
@@ -48,6 +48,7 @@
  
  #define SSL_renegotiate mbedtls_ssl_renegotiate
  #define SSL_get_peer_certificate mbedtls_ssl_get_peer_cert
+#define SSL_get1_peer_certificate mbedtls_ssl_get_peer_cert
  #define SSL_new mbedtls_ssl_new
  #define SSL_use_certificate(a, b) \
         do {                          \
diff --git a/test/regress_ssl.c b/test/regress_ssl.c

index 19b29b564e30f3b8affa392a55e31b4749cf87cf..a27f225a913aefb88938e05b1a9226ac4323317c 100644 (file)
--- a/test/regress_ssl.c
+++ b/test/regress_ssl.c
@@ -224,7 +224,16 @@ eventcb(struct bufferevent *bev, short what, void *ctx)
                 ++n_connected;
                 ssl = bufferevent_ssl_get_ssl(bev);
                 tt_assert(ssl);
+#if OPENSSL_VERSION_MAJOR >= 3
+               /* SSL_get1_peer_certificate() means we want
+                * to increase the reference count on the cert
+                * and so we will need to free it ourselves later
+                * when we're done with it. The non-reference count
+                * increasing version is not available in OpenSSL 1.1.1. */
+               peer_cert = SSL_get1_peer_certificate(ssl);
+#else
                 peer_cert = SSL_get_peer_certificate(ssl);
+#endif
                 if (type & REGRESS_OPENSSL_SERVER) {
                         tt_assert(peer_cert == NULL);
                 } else {
author	William Marlow <william.marlow@ibm.com>
	Sat, 18 Jun 2022 20:43:31 +0000 (21:43 +0100)
committer	Azat Khuzhin <azat@libevent.org>
	Sat, 9 Jul 2022 20:24:53 +0000 (23:24 +0300)
bufferevent_openssl.c		patch \| blob \| history
sample/becat.c		patch \| blob \| history
sample/le-proxy.c		patch \| blob \| history
test/regress_mbedtls.c		patch \| blob \| history
test/regress_ssl.c		patch \| blob \| history