Commit cfe3876c authored by Rainer Jung's avatar Rainer Jung
Browse files

Support for OpenSSL 1.1.0: 

- 1.1.0-pre3 was relesed
  - remove pre2 comments which no longer apply
  - one more struct has been made opaque, use
    accessor function instead

Backport of r1731012 from trunk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755843 13f79535-47bb-0310-9956-ffa450edef68
parent cbd264e7

modules/ssl/ssl_engine_kernel.c

+4 −4
Original line number Diff line number Diff line
@@ -1015,10 +1015,6 @@ int ssl_hook_Access(request_rec *r) 


            /* Need to trigger renegotiation handshake by reading.

             * Peeking 0 bytes actually works.

             * The code needs the following patches on top of OpenSSL 1.1.0pre2:

             * https://github.com/openssl/openssl/commit/311f27852a18fb9c10f0c1283b639f12eea06de2

             * https://github.com/openssl/openssl/commit/5b326dc529e19194feaef9a65fa37efbe11eaa7e

             * It is expected to work without changes with the forthcoming 1.1.0pre3.

             * See: http://marc.info/?t=145493359200002&r=1&w=2

             */

            SSL_peek(ssl, peekbuf, 0);
@@ -1532,7 +1528,11 @@ DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen) 
    SSL_set_current_cert(ssl, SSL_CERT_SET_SERVER);

#endif

    pkey = SSL_get_privatekey(ssl);

#if OPENSSL_VERSION_NUMBER < 0x10100000L

    type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;

#else

    type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;

#endif



    /*

     * OpenSSL will call us with either keylen == 512 or keylen == 1024