From: Rainer Jung <rjung@apache.org>
Date: Sun, 20 Mar 2016 13:21:46 +0000 (+0000)
Subject: Support for OpenSSL 1.1.0:
X-Git-Tag: 2.5.0-alpha~1863
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f048635f6f068fa7bfe40a48d288666583ecfede;p=apache

Support for OpenSSL 1.1.0:
- SRP_VBASE_get_by_user() is deprecated now,
  one should use SRP_VBASE_get1_by_user()
  instead. The new function returns a pointer
  owned by the callee. It must be freed after
  use.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1735877 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 0edd2d08bd..17ac01437a 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2431,17 +2431,27 @@ int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
     SRP_user_pwd *u;
 
     if (username == NULL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
         || (u = SRP_VBASE_get_by_user(mctx->srp_vbase, username)) == NULL) {
+#else
+        || (u = SRP_VBASE_get1_by_user(mctx->srp_vbase, username)) == NULL) {
+#endif
         *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
         return SSL3_AL_FATAL;
     }
 
     if (SSL_set_srp_server_param(ssl, u->N, u->g, u->s, u->v, u->info) < 0) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+        SRP_user_pwd_free(u);
+#endif
         *ad = SSL_AD_INTERNAL_ERROR;
         return SSL3_AL_FATAL;
     }
 
     /* reset all other options */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    SRP_user_pwd_free(u);
+#endif
     SSL_set_verify(ssl, SSL_VERIFY_NONE,  ssl_callback_SSLVerify);
     return SSL_ERROR_NONE;
 }