Commit b5a869bf authored by Rainer Jung's avatar Rainer Jung
Browse files

Support for OpenSSL 1.1.0: 

- ab: use new API SSL_CTX_set_max_proto_version()
  and SSL_CTX_set_min_proto_version() in
  combination with TLS_client_method() instead
  of the old deprecated methods.

Backport of r1735891 from trunk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755851 13f79535-47bb-0310-9956-ffa450edef68
parent 38123ddb

support/ab.c

+38 −2
Original line number Diff line number Diff line
@@ -2133,6 +2133,14 @@ int main(int argc, const char * const argv[]) 
    apr_getopt_t *opt;

    const char *opt_arg;

    char c;

#if OPENSSL_VERSION_NUMBER >= 0x10100000L

    int max_prot = TLS1_2_VERSION;

#ifndef OPENSSL_NO_SSL3

    int min_prot = SSL3_VERSION;

#else

    int min_prot = TLS1_VERSION;

#endif

#endif /* #if OPENSSL_VERSION_NUMBER >= 0x10100000L */

#ifdef USE_SSL

    AB_SSL_METHOD_CONST SSL_METHOD *meth = SSLv23_client_method();

#endif
@@ -2350,14 +2358,13 @@ int main(int argc, const char * const argv[]) 
                method_str[CUSTOM_METHOD] = strdup(opt_arg);

                break;

            case 'f':

#if OPENSSL_VERSION_NUMBER < 0x10100000L

                if (strncasecmp(opt_arg, "ALL", 3) == 0) {

                    meth = SSLv23_client_method();

#if OPENSSL_VERSION_NUMBER < 0x10100000L

#ifndef OPENSSL_NO_SSL2

                } else if (strncasecmp(opt_arg, "SSL2", 4) == 0) {

                    meth = SSLv2_client_method();

#endif

#endif

#ifndef OPENSSL_NO_SSL3

                } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {

                    meth = SSLv3_client_method();
@@ -2371,6 +2378,31 @@ int main(int argc, const char * const argv[]) 
                } else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {

                    meth = TLSv1_client_method();

                }

#else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */

                meth = TLS_client_method();

                if (strncasecmp(opt_arg, "ALL", 3) == 0) {

                    max_prot = TLS1_2_VERSION;

#ifndef OPENSSL_NO_SSL3

                    min_prot = SSL3_VERSION;

#else

                    min_prot = TLS1_VERSION;

#endif

#ifndef OPENSSL_NO_SSL3

                } else if (strncasecmp(opt_arg, "SSL3", 4) == 0) {

                    max_prot = SSL3_VERSION;

                    min_prot = SSL3_VERSION;

#endif

                } else if (strncasecmp(opt_arg, "TLS1.1", 6) == 0) {

                    max_prot = TLS1_1_VERSION;

                    min_prot = TLS1_1_VERSION;

                } else if (strncasecmp(opt_arg, "TLS1.2", 6) == 0) {

                    max_prot = TLS1_2_VERSION;

                    min_prot = TLS1_2_VERSION;

                } else if (strncasecmp(opt_arg, "TLS1", 4) == 0) {

                    max_prot = TLS1_VERSION;

                    min_prot = TLS1_VERSION;

                }

#endif /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */

                break;

#endif

        }
@@ -2432,6 +2464,10 @@ int main(int argc, const char * const argv[]) 
        exit(1);

    }

    SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);

#if OPENSSL_VERSION_NUMBER >= 0x10100000L

    SSL_CTX_set_max_proto_version(ssl_ctx, max_prot);

    SSL_CTX_set_min_proto_version(ssl_ctx, min_prot);

#endif

#ifdef SSL_MODE_RELEASE_BUFFERS

    /* Keep memory usage as low as possible */

    SSL_CTX_set_mode (ssl_ctx, SSL_MODE_RELEASE_BUFFERS);