Commit 38123ddb authored by Rainer Jung's avatar Rainer Jung
Browse files

Support for OpenSSL 1.1.0: 

- The callback function passed to
  SSL_CTX_sess_set_get_cb() now needs the
  session id argument to be const.
  So constify the session id.

Backport of r1735883 from trunk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755850 13f79535-47bb-0310-9956-ffa450edef68
parent ac73c68e

modules/ssl/ssl_engine_kernel.c

+4 −4
Original line number Diff line number Diff line
@@ -1835,7 +1835,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey) 


static void ssl_session_log(server_rec *s,

                            const char *request,

                            unsigned char *id,

                            IDCONST unsigned char *id,

                            unsigned int idlen,

                            const char *status,

                            const char *result,
@@ -1875,7 +1875,7 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session) 
    SSLSrvConfigRec *sc = mySrvConfig(s);

    long timeout        = sc->session_cache_timeout;

    BOOL rc;

    unsigned char *id;

    IDCONST unsigned char *id;

    unsigned int idlen;



    /*
@@ -1919,7 +1919,7 @@ int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session) 
 *  of our other Apache pre-forked server processes.

 */

SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl,

                                               unsigned char *id,

                                               IDCONST unsigned char *id,

                                               int idlen, int *do_copy)

{

    /* Get Apache context back through OpenSSL context */
@@ -1958,7 +1958,7 @@ void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx, 
{

    server_rec *s;

    SSLSrvConfigRec *sc;

    unsigned char *id;

    IDCONST unsigned char *id;

    unsigned int idlen;



    /*

modules/ssl/ssl_engine_vars.c

+1 −1
Original line number Diff line number Diff line
@@ -364,7 +364,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, SSLConnRec *sslconn, 
        char buf[MODSSL_SESSION_ID_STRING_LEN];

        SSL_SESSION *pSession = SSL_get_session(ssl);

        if (pSession) {

            unsigned char *id;

            IDCONST unsigned char *id;

            unsigned int idlen;



#ifdef OPENSSL_NO_SSL_INTERN

modules/ssl/ssl_private.h

+11 −4
Original line number Diff line number Diff line
@@ -166,6 +166,13 @@ 
#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */

#endif /* if !defined(OPENSSL_NO_OCSP) && defined(SSL_CTX_set_tlsext_status_cb) */



/* session id constness */

#if OPENSSL_VERSION_NUMBER < 0x10100000L

#define IDCONST

#else

#define IDCONST const

#endif



/* TLS session tickets */

#if defined(SSL_CTX_set_tlsext_ticket_key_cb)

#define HAVE_TLS_SESSION_TICKETS
@@ -813,7 +820,7 @@ int ssl_callback_SSLVerify(int, X509_STORE_CTX *); 
int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);

int          ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey);

int          ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);

SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);

SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, IDCONST unsigned char *, int, int *);

void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);

void         ssl_callback_Info(const SSL *, int, int);

#ifdef HAVE_TLSEXT
@@ -834,10 +841,10 @@ int ssl_callback_alpn_select(SSL *ssl, const unsigned char **out, 
apr_status_t ssl_scache_init(server_rec *, apr_pool_t *);

void         ssl_scache_status_register(apr_pool_t *p);

void         ssl_scache_kill(server_rec *);

BOOL         ssl_scache_store(server_rec *, UCHAR *, int,

BOOL         ssl_scache_store(server_rec *, IDCONST UCHAR *, int,

                              apr_time_t, SSL_SESSION *, apr_pool_t *);

SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int, apr_pool_t *);

void         ssl_scache_remove(server_rec *, UCHAR *, int,

SSL_SESSION *ssl_scache_retrieve(server_rec *, IDCONST UCHAR *, int, apr_pool_t *);

void         ssl_scache_remove(server_rec *, IDCONST UCHAR *, int,

                               apr_pool_t *);



/** Proxy Support */

modules/ssl/ssl_scache.c

+3 −3
Original line number Diff line number Diff line
@@ -110,7 +110,7 @@ void ssl_scache_kill(server_rec *s) 


}



BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen,

BOOL ssl_scache_store(server_rec *s, IDCONST UCHAR *id, int idlen,

                      apr_time_t expiry, SSL_SESSION *sess,

                      apr_pool_t *p)

{
@@ -144,7 +144,7 @@ BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen, 
    return rv == APR_SUCCESS ? TRUE : FALSE;

}



SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen,

SSL_SESSION *ssl_scache_retrieve(server_rec *s, IDCONST UCHAR *id, int idlen,

                                 apr_pool_t *p)

{

    SSLModConfigRec *mc = myModConfig(s);
@@ -173,7 +173,7 @@ SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen, 
    return d2i_SSL_SESSION(NULL, &ptr, destlen);

}



void ssl_scache_remove(server_rec *s, UCHAR *id, int idlen,

void ssl_scache_remove(server_rec *s, IDCONST UCHAR *id, int idlen,

                       apr_pool_t *p)

{

    SSLModConfigRec *mc = myModConfig(s);

modules/ssl/ssl_util_ssl.c

+1 −1
Original line number Diff line number Diff line
@@ -488,7 +488,7 @@ EC_GROUP *ssl_ec_GetParamFromFile(const char *file) 
**  _________________________________________________________________

*/



char *modssl_SSL_SESSION_id2sz(unsigned char *id, int idlen,

char *modssl_SSL_SESSION_id2sz(IDCONST unsigned char *id, int idlen,

                               char *str, int strsize)

{

    if (idlen > SSL_MAX_SSL_SESSION_ID_LENGTH)