Enforce OpenSSL 0.9.7 or later at compile time (#error out otherwise).

author Kaspar Brand <kbrand@apache.org>

Sun, 14 Aug 2011 17:37:03 +0000 (17:37 +0000)

committer Kaspar Brand <kbrand@apache.org>

Sun, 14 Aug 2011 17:37:03 +0000 (17:37 +0000)
author Kaspar Brand <kbrand@apache.org>
Sun, 14 Aug 2011 17:37:03 +0000 (17:37 +0000)
committer Kaspar Brand <kbrand@apache.org>
Sun, 14 Aug 2011 17:37:03 +0000 (17:37 +0000)
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c

index f9ae36b32ec316585f480e5c0cbcbde091c33f12..fd24b7b4efda15c35ca11bf2ebf08d939125dfce 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -190,6 +190,14 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
      SSLSrvConfigRec *sc;
      server_rec *s;
  
+    if (SSLeay() < SSL_LIBRARY_VERSION) {
+        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server,
+                     "Init: this version of mod_ssl was compiled against "
+                     "a newer library (%s, version currently loaded is %s)"
+                     " - may result in undefined or erroneous behavior",
+                     SSL_LIBRARY_TEXT, SSLeay_version(SSLEAY_VERSION));
+    }
+
      /* We initialize mc->pid per-process in the child init,
       * but it should be initialized for startup before we
       * call ssl_rand_seed() below.
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h

index 36ea6140787a3e961bed46eb9f563130b6fb07b9..d25337710d0b2c1df90cffe74e80abcb062c2bdb 100644 (file)
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -100,6 +100,10 @@
  #include <openssl/engine.h>
  #endif
  
+#if (OPENSSL_VERSION_NUMBER < 0x0090700f)
+#error mod_ssl requires OpenSSL 0.9.7 or later
+#endif
+
  /* ...shifting sands of OpenSSL... */
  #if (OPENSSL_VERSION_NUMBER >= 0x0090707f)
  #define MODSSL_D2I_SSL_SESSION_CONST const
@@ -153,10 +157,6 @@
  #endif
  #endif
  
-#ifndef sk_STRING_pop
-#define sk_STRING_pop sk_pop
-#endif
-
  /* mod_ssl headers */
  #include "ssl_util_ssl.h"
  
@@ -241,11 +241,6 @@ ap_set_module_config(c->conn_config, &ssl_module, val)
  #define DEFAULT_OCSP_TIMEOUT 10
  #endif
  
-/**
- * Support for MM library
- */
-#define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
-
  /**
   * Define the certificate algorithm types
   */
@@ -323,10 +318,6 @@ typedef enum {
  #define SSL_VERIFY_PEER_STRICT \
       (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
  
-#ifndef X509_V_ERR_CERT_UNTRUSTED
-#define X509_V_ERR_CERT_UNTRUSTED 27
-#endif
-
  #define ssl_verify_error_is_optional(errnum) \
     ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
      || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \
author	Kaspar Brand <kbrand@apache.org>
	Sun, 14 Aug 2011 17:37:03 +0000 (17:37 +0000)
committer	Kaspar Brand <kbrand@apache.org>
	Sun, 14 Aug 2011 17:37:03 +0000 (17:37 +0000)
modules/ssl/ssl_engine_init.c		patch \| blob \| history
modules/ssl/ssl_private.h		patch \| blob \| history