www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

Don't use #ifdef inside macro calls

Browse Source 
The behavior is undefined according to C99 6.10.3.11 and it breaks with
xlc on AIX

PR: 52394


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1225476 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Fritsch
2011-12-29 08:57:55 +00:00
parent 066712a8cd
commit a97bec21dc
3 changed files with 25 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/log-message-tags/next-number
View File

@@ -1 +1 @@
2292 2293

38
modules/ssl/ssl_engine_init.c
View File

@@ -35,6 +35,11 @@
** _________________________________________________________________ ** _________________________________________________________________
*/ */
#ifndef OPENSSL_NO_EC
#define KEYTYPES "RSA, DSA or ECC"
#else
#define KEYTYPES "RSA or DSA"
#endif
static void ssl_add_version_components(apr_pool_t *p, static void ssl_add_version_components(apr_pool_t *p,
server_rec *s) server_rec *s)
@@ -1135,11 +1140,7 @@ static void ssl_init_server_certs(server_rec *s,
#endif #endif
)) { )) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01910) ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01910)
#ifndef OPENSSL_NO_EC "Oops, no " KEYTYPES " server certificate found "
"Oops, no RSA, DSA or ECC server certificate found "
#else
"Oops, no RSA or DSA server certificate found "
#endif
"for '%s:%d'?!", s->server_hostname, s->port); "for '%s:%d'?!", s->server_hostname, s->port);
ssl_die(); ssl_die();
} }
@@ -1160,11 +1161,7 @@ static void ssl_init_server_certs(server_rec *s,
#endif #endif
)) { )) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01911) ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01911)
#ifndef OPENSSL_NO_EC "Oops, no " KEYTYPES " server private key found?!");
"Oops, no RSA, DSA or ECC server private key found?!");
#else
"Oops, no RSA or DSA server private key found?!");
#endif
ssl_die(); ssl_die();
} }
} }
@@ -1460,21 +1457,17 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p)
klen = strlen(key); klen = strlen(key);
if ((ps = (server_rec *)apr_hash_get(table, key, klen))) { if ((ps = (server_rec *)apr_hash_get(table, key, klen))) {
ap_log_error(APLOG_MARK,
#ifdef OPENSSL_NO_TLSEXT #ifdef OPENSSL_NO_TLSEXT
APLOG_WARNING, int level = APLOG_WARNING;
const char *problem = "conflict";
#else #else
APLOG_DEBUG, int level = APLOG_DEBUG;
#endif const char *problem = "overlap";
0,
base_server,
#ifdef OPENSSL_NO_TLSEXT
"Init: SSL server IP/port conflict: "
#else
"Init: SSL server IP/port overlap: "
#endif #endif
ap_log_error(APLOG_MARK, level, 0, base_server,
"Init: SSL server IP/port %s: "
"%s (%s:%d) vs. %s (%s:%d)", "%s (%s:%d) vs. %s (%s:%d)",
ssl_util_vhostid(p, s), problem, ssl_util_vhostid(p, s),
(s->defn_name ? s->defn_name : "unknown"), (s->defn_name ? s->defn_name : "unknown"),
s->defn_line_number, s->defn_line_number,
ssl_util_vhostid(p, ps), ssl_util_vhostid(p, ps),
@@ -1488,11 +1481,12 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p)
} }
if (conflict) { if (conflict) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01917)
#ifdef OPENSSL_NO_TLSEXT #ifdef OPENSSL_NO_TLSEXT
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01917)
"Init: You should not use name-based " "Init: You should not use name-based "
"virtual hosts in conjunction with SSL!!"); "virtual hosts in conjunction with SSL!!");
#else #else
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(02292)
"Init: Name-based SSL virtual hosts only " "Init: Name-based SSL virtual hosts only "
"work for clients with TLS server name indication " "work for clients with TLS server name indication "
"support (RFC 4366)"); "support (RFC 4366)");

15
modules/ssl/ssl_engine_kernel.c
View File

@@ -745,6 +745,7 @@ int ssl_hook_Access(request_rec *r)
} }
} }
else { else {
const char *reneg_support;
request_rec *id = r->main ? r->main : r; request_rec *id = r->main ? r->main : r;
/* Additional mitigation for CVE-2009-3555: At this point, /* Additional mitigation for CVE-2009-3555: At this point,
@@ -764,17 +765,17 @@ int ssl_hook_Access(request_rec *r)
r->connection->keepalive = AP_CONN_CLOSE; r->connection->keepalive = AP_CONN_CLOSE;
} }
#if defined(SSL_get_secure_renegotiation_support)
reneg_support = SSL_get_secure_renegotiation_support(ssl) ?
"client does" : "client does not";
#else
reneg_support = "server does not";
#endif
/* Perform a full renegotiation. */ /* Perform a full renegotiation. */
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02260) ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02260)
"Performing full renegotiation: complete handshake " "Performing full renegotiation: complete handshake "
"protocol (%s support secure renegotiation)", "protocol (%s support secure renegotiation)",
#if defined(SSL_get_secure_renegotiation_support) reneg_support);
SSL_get_secure_renegotiation_support(ssl) ?
"client does" : "client does not"
#else
"server does not"
#endif
);
SSL_set_session_id_context(ssl, SSL_set_session_id_context(ssl,
(unsigned char *)&id, (unsigned char *)&id,