www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

The patch below reverts the prior commit to eliminate SSL_set_state().

Browse Source 
Some additional work or research is required in order to pass the
  perl-framework regressions, but I don't have the cycles and don't
  care to leave the broken code in cvs HEAD.

REVERTING: wrowe 2003/05/19 08:13:19

  Modified:    modules/ssl config.m4 ssl_engine_io.c ssl_engine_kernel.c
                        ssl_toolkit_compat.h
  Log:
    Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin
    rehandshaking the SSL connection, vis-a-vis ApacheSSL.

  Revision  Changes    Path
  1.15      +0 -1      httpd-2.0/modules/ssl/config.m4
  1.108     +1 -1      httpd-2.0/modules/ssl/ssl_engine_io.c
  1.93      +1 -1      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  1.34      +0 -6      httpd-2.0/modules/ssl/ssl_toolkit_compat.h


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100004 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
William A. Rowe Jr
2003-05-22 19:41:32 +00:00
parent 00ccedee3d
commit 26f1ba8050
4 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/ssl/config.m4
View File

@@ -77,6 +77,7 @@ ssl_util_table.lo dnl
dnl # hook module into the Autoconf mechanism (--enable-ssl option) dnl # hook module into the Autoconf mechanism (--enable-ssl option)
APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [ APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [
APACHE_CHECK_SSL_TOOLKIT APACHE_CHECK_SSL_TOOLKIT
AC_CHECK_FUNCS(SSL_set_state)
AC_CHECK_FUNCS(SSL_set_cert_store) AC_CHECK_FUNCS(SSL_set_cert_store)
AC_CHECK_FUNCS(ENGINE_init) AC_CHECK_FUNCS(ENGINE_init)
]) ])

6
modules/ssl/ssl_engine_io.c
View File

@@ -1257,7 +1257,11 @@ static apr_status_t ssl_io_filter_Upgrade(ap_filter_t *f,
sslconn = myConnConfig(f->c); sslconn = myConnConfig(f->c);
ssl = sslconn->ssl; ssl = sslconn->ssl;
SSL_renegotiate(ssl); /* XXX: Should replace SSL_set_state with SSL_renegotiate(ssl);
* However, this causes failures in perl-framework currently,
* perhaps pre-test if we have already negotiated?
*/
SSL_set_state(ssl, SSL_ST_ACCEPT);
SSL_do_handshake(ssl); SSL_do_handshake(ssl);
if (SSL_get_state(ssl) != SSL_ST_OK) { if (SSL_get_state(ssl) != SSL_ST_OK) {

6
modules/ssl/ssl_engine_kernel.c
View File

@@ -712,7 +712,11 @@ int ssl_hook_Access(request_rec *r)
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
"Awaiting re-negotiation handshake"); "Awaiting re-negotiation handshake");
SSL_renegotiate(ssl); /* XXX: Should replace SSL_set_state with SSL_renegotiate(ssl);
* However, this causes failures in perl-framework currently,
* perhaps pre-test if we have already negotiated?
*/
SSL_set_state(ssl, SSL_ST_ACCEPT);
SSL_do_handshake(ssl); SSL_do_handshake(ssl);
if (SSL_get_state(ssl) != SSL_ST_OK) { if (SSL_get_state(ssl) != SSL_ST_OK) {

6
modules/ssl/ssl_toolkit_compat.h
View File

@@ -103,6 +103,8 @@
#define SSL_get_state(ssl) SSL_state(ssl) #define SSL_get_state(ssl) SSL_state(ssl)
#endif #endif
#define SSL_set_state(ssl,val) (ssl)->state = val
#define MODSSL_BIO_CB_ARG_TYPE const char #define MODSSL_BIO_CB_ARG_TYPE const char
#define MODSSL_CRYPTO_CB_ARG_TYPE const char #define MODSSL_CRYPTO_CB_ARG_TYPE const char
#if (OPENSSL_VERSION_NUMBER < 0x00907000) #if (OPENSSL_VERSION_NUMBER < 0x00907000)
@@ -181,6 +183,10 @@ typedef int (modssl_read_bio_cb_fn)(char*,int,int);
#define modssl_PEM_read_bio_PrivateKey(b, k, cb, arg) \ #define modssl_PEM_read_bio_PrivateKey(b, k, cb, arg) \
PEM_read_bio_PrivateKey(b, k, cb) PEM_read_bio_PrivateKey(b, k, cb)
#ifndef HAVE_SSL_SET_STATE
#define SSL_set_state(ssl, state) /* XXX: should throw an error */
#endif
#define modssl_set_cipher_list(ssl, l) \ #define modssl_set_cipher_list(ssl, l) \
SSL_set_cipher_list(ssl, (char *)l) SSL_set_cipher_list(ssl, (char *)l)