From e171af311800e87045a390441cbdebd22e3e29f1 Mon Sep 17 00:00:00 2001
From: Sander Temme <sctemme@apache.org>
Date: Fri, 27 Feb 2009 05:16:18 +0000
Subject: [PATCH] The development trunk of OpenSSL has tightened up the type
 safety of the STACK construct and the functions that manipulate it.  Make
 httpd trunk compile against OpenSSL HEAD as well as OpenSSL 0.9.8j.  Also,
 get rid of some warnings.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@748396 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_init.c   |  2 +-
 modules/ssl/ssl_engine_kernel.c |  4 ++--
 modules/ssl/ssl_engine_vars.c   |  4 ++--
 modules/ssl/ssl_util_ssl.c      | 10 +++++-----
 support/ab.c                    |  6 +++---
 5 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 7c58e365f1..d2c60915d8 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -576,7 +576,7 @@ static void ssl_init_ctx_verify(server_rec *s,
             ssl_die();
         }
 
-        SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list);
+        SSL_CTX_set_client_CA_list(ctx, (STACK_OF(X509_NAME) *)ca_list);
     }
 
     /*
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 229fc27d3f..ab5fb0db4e 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -250,7 +250,7 @@ int ssl_hook_Access(request_rec *r)
     X509_STORE *cert_store = NULL;
     X509_STORE_CTX cert_store_ctx;
     STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
-    SSL_CIPHER *cipher = NULL;
+    const SSL_CIPHER *cipher = NULL;
     int depth, verify_old, verify, n;
 
     if (ssl) {
@@ -657,7 +657,7 @@ int ssl_hook_Access(request_rec *r)
                  * sk_X509_shift-ed the peer cert out of the chain.
                  * we put it back here for the purpose of quick_renegotiation.
                  */
-                cert_stack = sk_new_null();
+                cert_stack = sk_X509_new_null();
                 sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
             }
 
diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index 27fac9fdd5..8d64147227 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -632,7 +632,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
     ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
 
     if (ssl && strEQ(var, "")) {
-        SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
+        const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
         result = (cipher != NULL ? (char *)SSL_CIPHER_get_name(cipher) : NULL);
     }
     else if (strcEQ(var, "_EXPORT"))
@@ -653,7 +653,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
 
 static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize)
 {
-    SSL_CIPHER *cipher;
+    const SSL_CIPHER *cipher;
 
     *usekeysize = 0;
     *algkeysize = 0;
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index 1b5df13b33..a06b65047a 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -294,7 +294,7 @@ BOOL SSL_X509_isSGC(X509 *cert)
 #ifdef HAVE_SSL_X509V3_EXT_d2i
     X509_EXTENSION *ext;
     int ext_nid;
-    STACK *sk;
+    EXTENDED_KEY_USAGE *sk;
     BOOL is_sgc;
     int idx;
     int i;
@@ -303,9 +303,9 @@ BOOL SSL_X509_isSGC(X509 *cert)
     idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1);
     if (idx >= 0) {
         ext = X509_get_ext(cert, idx);
-        if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) {
-            for (i = 0; i < sk_num(sk); i++) {
-                ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_value(sk, i));
+        if ((sk = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i(ext)) != NULL) {
+            for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
+                ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_ASN1_OBJECT_value(sk, i));
                 if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
                     is_sgc = TRUE;
                     break;
@@ -467,7 +467,7 @@ int SSL_CTX_use_certificate_chain(
     X509 *x509;
     unsigned long err;
     int n;
-    STACK *extra_certs;
+    STACK_OF(X509) *extra_certs;
 
     if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
         return -1;
diff --git a/support/ab.c b/support/ab.c
index 4a35903228..94e8772479 100644
--- a/support/ab.c
+++ b/support/ab.c
@@ -480,7 +480,7 @@ static void ssl_rand_seed(void)
 
 static int ssl_print_connection_info(BIO *bio, SSL *ssl)
 {
-    SSL_CIPHER *c;
+    const SSL_CIPHER *c;
     int alg_bits,bits;
 
     c = SSL_get_current_cipher(ssl);
@@ -566,7 +566,7 @@ static void ssl_proceed_handshake(struct connection *c)
             if (verbosity >= 2)
                 ssl_print_info(c);
             if (ssl_info == NULL) {
-                SSL_CIPHER *ci;
+                const SSL_CIPHER *ci;
                 X509 *cert;
                 int sk_bits, pk_bits, swork;
 
@@ -1979,7 +1979,7 @@ int main(int argc, const char * const argv[])
     const char *optarg;
     char c;
 #ifdef USE_SSL
-    SSL_METHOD *meth = SSLv23_client_method();
+    const SSL_METHOD *meth = SSLv23_client_method();
 #endif
 
     /* table defaults  */