From: Rainer Jung <rjung@apache.org>
Date: Sun, 20 Mar 2016 14:23:06 +0000 (+0000)
Subject: Support for OpenSSL 1.1.0:
X-Git-Tag: 2.5.0-alpha~1860
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dcf2165a63169513050f245c92576801ec7c60fd;p=apache

Support for OpenSSL 1.1.0:
- The callback function passed to
  SSL_CTX_sess_set_get_cb() now needs the
  session id argument to be const.
  So constify the session id.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1735883 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 17ac01437a..91da94c4f5 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1841,7 +1841,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
 
 static void ssl_session_log(server_rec *s,
                             const char *request,
-                            unsigned char *id,
+                            IDCONST unsigned char *id,
                             unsigned int idlen,
                             const char *status,
                             const char *result,
@@ -1881,7 +1881,7 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
     SSLSrvConfigRec *sc = mySrvConfig(s);
     long timeout        = sc->session_cache_timeout;
     BOOL rc;
-    unsigned char *id;
+    IDCONST unsigned char *id;
     unsigned int idlen;
 
     /*
@@ -1925,7 +1925,7 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
  *  of our other Apache pre-forked server processes.
  */
 SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl,
-                                               unsigned char *id,
+                                               IDCONST unsigned char *id,
                                                int idlen, int *do_copy)
 {
     /* Get Apache context back through OpenSSL context */
@@ -1964,7 +1964,7 @@ void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx,
 {
     server_rec *s;
     SSLSrvConfigRec *sc;
-    unsigned char *id;
+    IDCONST unsigned char *id;
     unsigned int idlen;
 
     /*
diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index 0992e8caa3..5d1c6a4897 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -438,7 +438,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, SSLConnRec *sslconn,
         char buf[MODSSL_SESSION_ID_STRING_LEN];
         SSL_SESSION *pSession = SSL_get_session(ssl);
         if (pSession) {
-            unsigned char *id;
+            IDCONST unsigned char *id;
             unsigned int idlen;
 
 #ifdef OPENSSL_NO_SSL_INTERN
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 42c04612dc..7b4c117c1f 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -166,6 +166,13 @@
 #endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
 #endif /* if !defined(OPENSSL_NO_OCSP) && defined(SSL_CTX_set_tlsext_status_cb) */
 
+/* session id constness */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define IDCONST
+#else
+#define IDCONST const
+#endif
+
 /* TLS session tickets */
 #if defined(SSL_CTX_set_tlsext_ticket_key_cb)
 #define HAVE_TLS_SESSION_TICKETS
@@ -803,7 +810,7 @@ int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
 int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
 int          ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
 int          ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
-SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
+SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, IDCONST unsigned char *, int, int *);
 void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
 void         ssl_callback_Info(const SSL *, int, int);
 #ifdef HAVE_TLSEXT
@@ -824,10 +831,10 @@ int ssl_callback_alpn_select(SSL *ssl, const unsigned char **out,
 apr_status_t ssl_scache_init(server_rec *, apr_pool_t *);
 void         ssl_scache_status_register(apr_pool_t *p);
 void         ssl_scache_kill(server_rec *);
-BOOL         ssl_scache_store(server_rec *, UCHAR *, int,
+BOOL         ssl_scache_store(server_rec *, IDCONST UCHAR *, int,
                               apr_time_t, SSL_SESSION *, apr_pool_t *);
-SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int, apr_pool_t *);
-void         ssl_scache_remove(server_rec *, UCHAR *, int,
+SSL_SESSION *ssl_scache_retrieve(server_rec *, IDCONST UCHAR *, int, apr_pool_t *);
+void         ssl_scache_remove(server_rec *, IDCONST UCHAR *, int,
                                apr_pool_t *);
 
 /** OCSP Stapling Support */
diff --git a/modules/ssl/ssl_scache.c b/modules/ssl/ssl_scache.c
index 70d18772e0..7b4a2036e9 100644
--- a/modules/ssl/ssl_scache.c
+++ b/modules/ssl/ssl_scache.c
@@ -110,7 +110,7 @@ void ssl_scache_kill(server_rec *s)
 
 }
 
-BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen,
+BOOL ssl_scache_store(server_rec *s, IDCONST UCHAR *id, int idlen,
                       apr_time_t expiry, SSL_SESSION *sess,
                       apr_pool_t *p)
 {
@@ -144,7 +144,7 @@ BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen,
     return rv == APR_SUCCESS ? TRUE : FALSE;
 }
 
-SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen,
+SSL_SESSION *ssl_scache_retrieve(server_rec *s, IDCONST UCHAR *id, int idlen,
                                  apr_pool_t *p)
 {
     SSLModConfigRec *mc = myModConfig(s);
@@ -173,7 +173,7 @@ SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen,
     return d2i_SSL_SESSION(NULL, &ptr, destlen);
 }
 
-void ssl_scache_remove(server_rec *s, UCHAR *id, int idlen,
+void ssl_scache_remove(server_rec *s, IDCONST UCHAR *id, int idlen,
                        apr_pool_t *p)
 {
     SSLModConfigRec *mc = myModConfig(s);
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index a7607c7349..980759210d 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -488,7 +488,7 @@ EC_GROUP *ssl_ec_GetParamFromFile(const char *file)
 **  _________________________________________________________________
 */
 
-char *modssl_SSL_SESSION_id2sz(unsigned char *id, int idlen,
+char *modssl_SSL_SESSION_id2sz(IDCONST unsigned char *id, int idlen,
                                char *str, int strsize)
 {
     if (idlen > SSL_MAX_SSL_SESSION_ID_LENGTH)
diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h
index ec00d9f4da..4f18f916b4 100644
--- a/modules/ssl/ssl_util_ssl.h
+++ b/modules/ssl/ssl_util_ssl.h
@@ -71,7 +71,7 @@ char       *modssl_X509_NAME_ENTRY_to_string(apr_pool_t *p, X509_NAME_ENTRY *xsn
 char       *modssl_X509_NAME_to_string(apr_pool_t *, X509_NAME *, int);
 BOOL        modssl_X509_getSAN(apr_pool_t *, X509 *, int, const char *, int, apr_array_header_t **);
 BOOL        modssl_X509_match_name(apr_pool_t *, X509 *, const char *, BOOL, server_rec *);
-char       *modssl_SSL_SESSION_id2sz(unsigned char *, int, char *, int);
+char       *modssl_SSL_SESSION_id2sz(IDCONST unsigned char *, int, char *, int);
 
 #endif /* __SSL_UTIL_SSL_H__ */
 /** @} */