From 95f79e87b601c4eb7b692508edb0db02932bb77e Mon Sep 17 00:00:00 2001 From: "William A. Rowe Jr" Date: Wed, 21 Mar 2007 01:55:29 +0000 Subject: [PATCH] *) adds compile-time/run time SSL-C version support *) simplify a ton of overly-verbose legacy code *) split the compiled-against v.s. runtime library *) precache the results of the version string touchup git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@520701 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 7 ++++++ modules/ssl/ssl_engine_init.c | 37 +++++++---------------------- modules/ssl/ssl_engine_vars.c | 44 +++++++++++++++++++++-------------- modules/ssl/ssl_util_ssl.h | 13 +++++++++++ 4 files changed, 55 insertions(+), 46 deletions(-) diff --git a/CHANGES b/CHANGES index accfc12997..5b5d7cc662 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,13 @@ Changes with Apache 2.3.0 [Remove entries to the current 2.0 and 2.2 section below, when backported] + *) mod_ssl: Version reporting update; displays 'compiled against' + Apache and build-time SSL Library versions at loglevel [info], + while reporting the run-time SSL Library version in the server + info tags. Helps to identify a mod_ssl built against one flavor + of OpenSSL but running against another (also adds SSL-C version + number reporting.) [William Rowe] + *) core: Change etag generation to produce identical results on 32-bit and 64-bit platforms. PR 40064. [Joe Orton] diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index a090d54bca..dedc2e0c74 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -34,42 +34,21 @@ ** _________________________________________________________________ */ -static char *ssl_add_version_component(apr_pool_t *p, - server_rec *s, - char *name) -{ - char *val = ssl_var_lookup(p, s, NULL, NULL, name); - - if (val && *val) { - ap_add_version_component(p, val); - } - - return val; -} - -static char *version_components[] = { - "SSL_VERSION_PRODUCT", - "SSL_VERSION_INTERFACE", - "SSL_VERSION_LIBRARY", - NULL -}; static void ssl_add_version_components(apr_pool_t *p, server_rec *s) { - char *vals[sizeof(version_components)/sizeof(char *)]; - int i; + char *modver = ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_INTERFACE"); + char *libver = ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_LIBRARY"); + char *incver = ssl_var_lookup(p, s, NULL, NULL, + "SSL_VERSION_LIBRARY_INTERFACE"); - for (i=0; version_components[i]; i++) { - vals[i] = ssl_add_version_component(p, s, - version_components[i]); - } + ap_add_version_component(p, modver); + ap_add_version_component(p, libver); ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, - "Server: %s, Interface: %s, Library: %s", - AP_SERVER_BASEVERSION, - vals[1], /* SSL_VERSION_INTERFACE */ - vals[2]); /* SSL_VERSION_LIBRARY */ + "%s compiled against Server: %s, Library: %s", + modver, AP_SERVER_BASEVERSION, incver); } diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index 9617f6d6b2..773918c3ed 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -635,31 +635,41 @@ static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algke static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var) { + static char interface[] = "mod_ssl/" MOD_SSL_VERSION; + static char library_interface[] = SSL_LIBRARY_TEXT; + static char *library = NULL; char *result; - char *cp, *cp2; - - result = NULL; - - if (strEQ(var, "PRODUCT")) { -#if defined(SSL_PRODUCT_NAME) && defined(SSL_PRODUCT_VERSION) - result = apr_psprintf(p, "%s/%s", SSL_PRODUCT_NAME, SSL_PRODUCT_VERSION); -#else - result = NULL; -#endif - } - else if (strEQ(var, "INTERFACE")) { - result = apr_psprintf(p, "mod_ssl/%s", MOD_SSL_VERSION); - } - else if (strEQ(var, "LIBRARY")) { - result = apr_pstrdup(p, SSLeay_version(SSLEAY_VERSION)); - if ((cp = strchr(result, ' ')) != NULL) { + + if (!library) { + char *cp, *cp2; + library = apr_pstrdup(p, SSL_LIBRARY_DYNTEXT); + if ((cp = strchr(library, ' ')) != NULL) { *cp = '/'; if ((cp2 = strchr(cp, ' ')) != NULL) *cp2 = NUL; } + if ((cp = strchr(library_interface, ' ')) != NULL) { + *cp = '/'; + if ((cp2 = strchr(cp, ' ')) != NULL) + *cp2 = NUL; + } + } + + if (strEQ(var, "INTERFACE")) { + result = apr_pstrdup(p, interface); + } + else if (strEQ(var, "LIBRARY_INTERFACE")) { + result = apr_pstrdup(p, library_interface); + } + else if (strEQ(var, "LIBRARY")) { + result = apr_pstrdup(p, library); + } + else { + result = NULL; } return result; } + apr_array_header_t *ssl_ext_list(apr_pool_t *p, conn_rec *c, int peer, const char *extension) diff --git a/modules/ssl/ssl_util_ssl.h b/modules/ssl/ssl_util_ssl.h index 3ce86417be..04bcbdc278 100644 --- a/modules/ssl/ssl_util_ssl.h +++ b/modules/ssl/ssl_util_ssl.h @@ -37,14 +37,27 @@ /** * Determine SSL library version number */ +#define SSL_NIBBLE(x,n) ((x >> (n * 4)) & 0xF) + #ifdef OPENSSL_VERSION_NUMBER #define SSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER #define SSL_LIBRARY_NAME "OpenSSL" #define SSL_LIBRARY_TEXT OPENSSL_VERSION_TEXT +#define SSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION) +#elif defined(SSLC_VERSION_NUMBER) +#define SSL_LIBRARY_VERSION SSLC_VERSION_NUMBER +#define SSL_LIBRARY_NAME "SSL-C" +#define SSL_LIBRARY_TEXT { 'S', 'S', 'L', '-', 'C', ' ', \ + '0' + SSL_NIBBLE(SSLC_VERSION_NUMBER,3), '.', \ + '0' + SSL_NIBBLE(SSLC_VERSION_NUMBER,2), '.', \ + '0' + SSL_NIBBLE(SSLC_VERSION_NUMBER,1), '.', \ + '0' + SSL_NIBBLE(SSLC_VERSION_NUMBER,0), 0 } +#define SSL_LIBRARY_DYNTEXT SSLC_library_info(SSLC_INFO_VERSION) #elif !defined(SSL_LIBRARY_VERSION) #define SSL_LIBRARY_VERSION 0x0000 #define SSL_LIBRARY_NAME "OtherSSL" #define SSL_LIBRARY_TEXT "OtherSSL 0.0.0 00 XXX 0000" +#define SSL_LIBRARY_DYNTEXT "OtherSSL 0.0.0 00 XXX 0000" #endif /** -- 2.40.0