9c77d6721f
In the tree, libevhtp is used only for Seafile. This is the most recent version that Haiwen lists as working. Updated threads patch for OpenSSL 1.1. Removed Maintainer as he is inactive. Simplified Makefile a little bit and reorganized for consistency between packages. Fixed compilation with uClibc-ng. Signed-off-by: Rosen Penev <rosenp@gmail.com>
132 lines
5.1 KiB
Diff
132 lines
5.1 KiB
Diff
--- a/evhtp.c
|
|
+++ b/evhtp.c
|
|
@@ -1817,16 +1817,15 @@ _evhtp_ssl_thread_lock(int mode, int typ
|
|
#endif
|
|
static void
|
|
_evhtp_ssl_delete_scache_ent(evhtp_ssl_ctx_t * ctx, evhtp_ssl_sess_t * sess) {
|
|
- evhtp_t * htp;
|
|
- evhtp_ssl_cfg_t * cfg;
|
|
- unsigned char * sid;
|
|
- unsigned int slen;
|
|
+ evhtp_t * htp;
|
|
+ evhtp_ssl_cfg_t * cfg;
|
|
+ evhtp_ssl_data_t * sid;
|
|
+ unsigned int slen;
|
|
|
|
htp = (evhtp_t *)SSL_CTX_get_app_data(ctx);
|
|
cfg = htp->ssl_cfg;
|
|
|
|
- sid = sess->session_id;
|
|
- slen = sess->session_id_length;
|
|
+ sid = (evhtp_ssl_data_t *)SSL_SESSION_get_id(sess, &slen);
|
|
|
|
if (cfg->scache_del) {
|
|
(cfg->scache_del)(htp, sid, slen);
|
|
@@ -1837,14 +1836,17 @@ static int
|
|
_evhtp_ssl_add_scache_ent(evhtp_ssl_t * ssl, evhtp_ssl_sess_t * sess) {
|
|
evhtp_connection_t * connection;
|
|
evhtp_ssl_cfg_t * cfg;
|
|
- unsigned char * sid;
|
|
+ evhtp_ssl_data_t * sid;
|
|
int slen;
|
|
|
|
connection = (evhtp_connection_t *)SSL_get_app_data(ssl);
|
|
- cfg = connection->htp->ssl_cfg;
|
|
+ if (connection->htp == NULL)
|
|
+ {
|
|
+ return 0; /* We cannot get the ssl_cfg */
|
|
+ }
|
|
|
|
- sid = sess->session_id;
|
|
- slen = sess->session_id_length;
|
|
+ cfg = connection->htp->ssl_cfg;
|
|
+ sid = (evhtp_ssl_data_t *)SSL_SESSION_get_id(sess, &slen);
|
|
|
|
SSL_set_timeout(sess, cfg->scache_timeout);
|
|
|
|
@@ -1856,7 +1858,7 @@ _evhtp_ssl_add_scache_ent(evhtp_ssl_t *
|
|
}
|
|
|
|
static evhtp_ssl_sess_t *
|
|
-_evhtp_ssl_get_scache_ent(evhtp_ssl_t * ssl, unsigned char * sid, int sid_len, int * copy) {
|
|
+_evhtp_ssl_get_scache_ent(evhtp_ssl_t * ssl, evhtp_ssl_data_t * sid, int sid_len, int * copy) {
|
|
evhtp_connection_t * connection;
|
|
evhtp_ssl_cfg_t * cfg;
|
|
evhtp_ssl_sess_t * sess;
|
|
@@ -1898,12 +1900,12 @@ _evhtp_ssl_servername(evhtp_ssl_t * ssl,
|
|
connection->vhost_via_sni = 1;
|
|
|
|
SSL_set_SSL_CTX(ssl, evhtp_vhost->ssl_ctx);
|
|
- SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx));
|
|
+ SSL_set_options(ssl, SSL_CTX_get_options(SSL_get_SSL_CTX(ssl)));
|
|
|
|
if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
|
|
(SSL_num_renegotiations(ssl) == 0)) {
|
|
- SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),
|
|
- SSL_CTX_get_verify_callback(ssl->ctx));
|
|
+ SSL_set_verify(ssl, SSL_CTX_get_verify_mode(SSL_get_SSL_CTX(ssl)),
|
|
+ SSL_CTX_get_verify_callback(SSL_get_SSL_CTX(ssl)));
|
|
}
|
|
|
|
return SSL_TLSEXT_ERR_OK;
|
|
@@ -3197,15 +3199,21 @@ evhtp_ssl_init(evhtp_t * htp, evhtp_ssl_
|
|
return -1;
|
|
}
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
SSL_library_init();
|
|
SSL_load_error_strings();
|
|
+#endif
|
|
RAND_poll();
|
|
|
|
STACK_OF(SSL_COMP) * comp_methods = SSL_COMP_get_compression_methods();
|
|
sk_SSL_COMP_zero(comp_methods);
|
|
|
|
htp->ssl_cfg = cfg;
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
htp->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
|
|
+#else
|
|
+ htp->ssl_ctx = SSL_CTX_new(TLS_server_method());
|
|
+#endif
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
|
SSL_CTX_set_options(htp->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
|
|
@@ -3242,7 +3250,11 @@ evhtp_ssl_init(evhtp_t * htp, evhtp_ssl_
|
|
SSL_CTX_set_verify(htp->ssl_ctx, cfg->verify_peer, cfg->x509_verify_cb);
|
|
|
|
if (cfg->x509_chk_issued_cb != NULL) {
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
htp->ssl_ctx->cert_store->check_issued = cfg->x509_chk_issued_cb;
|
|
+#else
|
|
+ X509_STORE_set_check_issued(SSL_CTX_get_cert_store(htp->ssl_ctx), cfg->x509_chk_issued_cb);
|
|
+#endif
|
|
}
|
|
|
|
if (cfg->verify_depth) {
|
|
--- a/evhtp.h
|
|
+++ b/evhtp.h
|
|
@@ -34,6 +34,11 @@ typedef SSL evhtp_
|
|
typedef SSL_CTX evhtp_ssl_ctx_t;
|
|
typedef X509 evhtp_x509_t;
|
|
typedef X509_STORE_CTX evhtp_x509_store_ctx_t;
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+typedef unsigned char evhtp_ssl_data_t;
|
|
+#else
|
|
+typedef const unsigned char evhtp_ssl_data_t;
|
|
+#endif
|
|
#else
|
|
typedef void evhtp_ssl_sess_t;
|
|
typedef void evhtp_ssl_t;
|
|
@@ -157,9 +162,9 @@ typedef int (*evhtp_headers_iterator)(ev
|
|
typedef int (*evhtp_ssl_verify_cb)(int pre_verify, evhtp_x509_store_ctx_t * ctx);
|
|
typedef int (*evhtp_ssl_chk_issued_cb)(evhtp_x509_store_ctx_t * ctx, evhtp_x509_t * x, evhtp_x509_t * issuer);
|
|
|
|
-typedef int (*evhtp_ssl_scache_add)(evhtp_connection_t * connection, unsigned char * sid, int sid_len, evhtp_ssl_sess_t * sess);
|
|
-typedef void (*evhtp_ssl_scache_del)(evhtp_t * htp, unsigned char * sid, int sid_len);
|
|
-typedef evhtp_ssl_sess_t * (*evhtp_ssl_scache_get)(evhtp_connection_t * connection, unsigned char * sid, int sid_len);
|
|
+typedef int (*evhtp_ssl_scache_add)(evhtp_connection_t * connection, evhtp_ssl_data_t * sid, int sid_len, evhtp_ssl_sess_t * sess);
|
|
+typedef void (*evhtp_ssl_scache_del)(evhtp_t * htp, evhtp_ssl_data_t * sid, int sid_len);
|
|
+typedef evhtp_ssl_sess_t * (*evhtp_ssl_scache_get)(evhtp_connection_t * connection, evhtp_ssl_data_t * sid, int sid_len);
|
|
typedef void * (*evhtp_ssl_scache_init)(evhtp_t *);
|
|
|
|
#define EVHTP_VERSION "1.2.0"
|