From 26f1ba8050f2be4224ffdad601d0ab3506310215 Mon Sep 17 00:00:00 2001 From: "William A. Rowe Jr" Date: Thu, 22 May 2003 19:41:32 +0000 Subject: [PATCH] The patch below reverts the prior commit to eliminate SSL_set_state(). Some additional work or research is required in order to pass the perl-framework regressions, but I don't have the cycles and don't care to leave the broken code in cvs HEAD. REVERTING: wrowe 2003/05/19 08:13:19 Modified: modules/ssl config.m4 ssl_engine_io.c ssl_engine_kernel.c ssl_toolkit_compat.h Log: Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin rehandshaking the SSL connection, vis-a-vis ApacheSSL. Revision Changes Path 1.15 +0 -1 httpd-2.0/modules/ssl/config.m4 1.108 +1 -1 httpd-2.0/modules/ssl/ssl_engine_io.c 1.93 +1 -1 httpd-2.0/modules/ssl/ssl_engine_kernel.c 1.34 +0 -6 httpd-2.0/modules/ssl/ssl_toolkit_compat.h git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100004 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/config.m4 | 1 + modules/ssl/ssl_engine_io.c | 6 +++++- modules/ssl/ssl_engine_kernel.c | 6 +++++- modules/ssl/ssl_toolkit_compat.h | 6 ++++++ 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/modules/ssl/config.m4 b/modules/ssl/config.m4 index 01d7b0b747..16ea75b283 100644 --- a/modules/ssl/config.m4 +++ b/modules/ssl/config.m4 @@ -77,6 +77,7 @@ ssl_util_table.lo dnl dnl # hook module into the Autoconf mechanism (--enable-ssl option) APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [ APACHE_CHECK_SSL_TOOLKIT + AC_CHECK_FUNCS(SSL_set_state) AC_CHECK_FUNCS(SSL_set_cert_store) AC_CHECK_FUNCS(ENGINE_init) ]) diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index 26ca18f1f5..1760b534d3 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -1257,7 +1257,11 @@ static apr_status_t ssl_io_filter_Upgrade(ap_filter_t *f, sslconn = myConnConfig(f->c); ssl = sslconn->ssl; - SSL_renegotiate(ssl); + /* XXX: Should replace SSL_set_state with SSL_renegotiate(ssl); + * However, this causes failures in perl-framework currently, + * perhaps pre-test if we have already negotiated? + */ + SSL_set_state(ssl, SSL_ST_ACCEPT); SSL_do_handshake(ssl); if (SSL_get_state(ssl) != SSL_ST_OK) { diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 29e4de2d0c..3d2c7de421 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -712,7 +712,11 @@ int ssl_hook_Access(request_rec *r) ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "Awaiting re-negotiation handshake"); - SSL_renegotiate(ssl); + /* XXX: Should replace SSL_set_state with SSL_renegotiate(ssl); + * However, this causes failures in perl-framework currently, + * perhaps pre-test if we have already negotiated? + */ + SSL_set_state(ssl, SSL_ST_ACCEPT); SSL_do_handshake(ssl); if (SSL_get_state(ssl) != SSL_ST_OK) { diff --git a/modules/ssl/ssl_toolkit_compat.h b/modules/ssl/ssl_toolkit_compat.h index 0be9ba065b..cba8de88d3 100644 --- a/modules/ssl/ssl_toolkit_compat.h +++ b/modules/ssl/ssl_toolkit_compat.h @@ -103,6 +103,8 @@ #define SSL_get_state(ssl) SSL_state(ssl) #endif +#define SSL_set_state(ssl,val) (ssl)->state = val + #define MODSSL_BIO_CB_ARG_TYPE const char #define MODSSL_CRYPTO_CB_ARG_TYPE const char #if (OPENSSL_VERSION_NUMBER < 0x00907000) @@ -181,6 +183,10 @@ typedef int (modssl_read_bio_cb_fn)(char*,int,int); #define modssl_PEM_read_bio_PrivateKey(b, k, cb, arg) \ PEM_read_bio_PrivateKey(b, k, cb) +#ifndef HAVE_SSL_SET_STATE +#define SSL_set_state(ssl, state) /* XXX: should throw an error */ +#endif + #define modssl_set_cipher_list(ssl, l) \ SSL_set_cipher_list(ssl, (char *)l) -- 2.40.0