www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

mod_ssl: Fix deprecation warnings with openssl-3.

Browse Source 
* mod_ssl_openssl.h:
  Make it the first openssl to be included openssl header, selecting the
  OpenSSL api based on OPENSSL_API_COMPAT eventually.

* ssl_private.h;
  Define OPENSSL_API_COMPAT to version 1.1.1 (last one supporting EGINE_ API)
  before including mod_ssl_openssl.h to enable the ENGINE_ api (TODO: switch to
  new "providers" api before the ENGINE_ api is abandonned..).
  mod_ssl.h is now implicitely included from there.
  Fix preprocessor "#define FOO (COND)" to "#if COND #define FOO 1 #else #define FOO 0".
  Define MODSSL_HAVE_ENGINE_API iff OPENSSL_API_COMPAT < 3.0 (otherwise all the
  engine features are disabled, only "builtin" is accepted).
  Define HAVE_SRP iff OPENSSL_API_COMPAT < 3.0 (no replacement for this api
  above, so it might not be implemenentedain httpd anymore at some point..).
  Define X509_get_not{Before,After} if missing to the non deprecated version.
  New modssl_set_io_callbacks() to factorize compat code for io callbacks.
  ssl_dh_GetParamFromFile() becomes modssl_dh_from_file() for openssl < 3.0 and
  modssl_dh_pkey_from_file() for openssl >= 3.0.

* mod_ssl.c, mod_ssl_ct.c, ssl_util_stapling:
  Including "ssl_private.h" only is suited/enough now.
  
* mod_ssl_ct.c, ssl_ct_log_config:
  Use EVP api with openssl >= 3 instead of the deprecated SHA256 one.

* ssl_engine_config.c(ssl_cmd_SSLCryptoDevice):
  Disabled engines (besides NULL/"builtin"/NULL) unless MODSSL_HAVE_ENGINE_API.

* ssl_engine_init:
  New compat modssl_runtime_lib_version() to address deprecated SSLeay().
  ssl_init_Engine() does nothing unless MODSSL_HAVE_ENGINE_API.
  Simplify ssl_init_server_certs() (less #ifdef-ery) with scoped local vars.
  Compat loading DH parameters and EC curve from cert.

* ssl_engine_io.c, ssl_engine_kernel.c:
  Implement common modssl_set_io_callbacks() and use it.

* ssl_engine_pphrase(modssl_load_engine_keypair):
  Depend on MODSSL_HAVE_ENGINE_API, or return ENOTIMPL.

* ssl_util.c(modssl_is_engine_id):
  No engine supported unless MODSSL_HAVE_ENGINE_API.

* ssl_util_ssl.c(modssl_dh_pkey_from_file, modssl_ec_group_from_file):
  Compat with openssl >= 3.0.
  


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908537 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Yann Ylavic
2023-03-19 21:30:47 +00:00
parent 6fc8b4288e
commit 1e06568a28
13 changed files with 292 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/ssl/ssl_engine_kernel.c
View File

@@ -2588,6 +2588,7 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
sc->server->pks->service_unavailable : 0;
ap_update_child_status_from_server(c->sbh, SERVER_BUSY_READ, c, s);
/*
* There is one special filter callback, which is set
* very early depending on the base_server's log level.
@@ -2596,14 +2597,7 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
* we need to set that callback here.
*/
if (APLOGtrace4(s)) {
BIO *rbio = SSL_get_rbio(ssl),
*wbio = SSL_get_wbio(ssl);
BIO_set_callback(rbio, ssl_io_data_cb);
BIO_set_callback_arg(rbio, (void *)ssl);
if (wbio && wbio != rbio) {
BIO_set_callback(wbio, ssl_io_data_cb);
BIO_set_callback_arg(wbio, (void *)ssl);
}
modssl_set_io_callbacks(ssl);
}
return 1;