The patch below reverts the prior commit to eliminate SSL_set_state().

  Some additional work or research is required in order to pass the
  perl-framework regressions, but I don't have the cycles and don't
  care to leave the broken code in cvs HEAD.

REVERTING: wrowe 2003/05/19 08:13:19

  Modified:    modules/ssl config.m4 ssl_engine_io.c ssl_engine_kernel.c
                        ssl_toolkit_compat.h
  Log:
    Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin
    rehandshaking the SSL connection, vis-a-vis ApacheSSL.

  Revision  Changes    Path
  1.15      +0 -1      httpd-2.0/modules/ssl/config.m4
  1.108     +1 -1      httpd-2.0/modules/ssl/ssl_engine_io.c
  1.93      +1 -1      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  1.34      +0 -6      httpd-2.0/modules/ssl/ssl_toolkit_compat.h

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@100004 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/config.m4 b/config.m4
index 01d7b0b7470b16fc47f0b332ea32dc01af5556e5..16ea75b28331412fe34e353706d34933d5df6dc4 100644 (file)
--- a/config.m4
+++ b/config.m4
@@ -77,6 +77,7 @@ ssl_util_table.lo dnl
 dnl #  hook module into the Autoconf mechanism (--enable-ssl option)
 APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [
     APACHE_CHECK_SSL_TOOLKIT
+    AC_CHECK_FUNCS(SSL_set_state)
     AC_CHECK_FUNCS(SSL_set_cert_store)
     AC_CHECK_FUNCS(ENGINE_init)
 ])

diff --git a/ssl_engine_io.c b/ssl_engine_io.c
index 26ca18f1f5fc9da1579fd7755969e402b3e7246f..1760b534d3b2a3086c5b40bf55767ff0f5e05c6a 100644 (file)
--- a/ssl_engine_io.c
+++ b/ssl_engine_io.c
@@ -1257,7 +1257,11 @@ static apr_status_t ssl_io_filter_Upgrade(ap_filter_t *f,
     sslconn = myConnConfig(f->c);
     ssl = sslconn->ssl;
 
-    SSL_renegotiate(ssl);
+    /* XXX: Should replace SSL_set_state with SSL_renegotiate(ssl);
+     * However, this causes failures in perl-framework currently, 
+     * perhaps pre-test if we have already negotiated?
+     */
+    SSL_set_state(ssl, SSL_ST_ACCEPT);
     SSL_do_handshake(ssl);
 
     if (SSL_get_state(ssl) != SSL_ST_OK) {

diff --git a/ssl_engine_kernel.c b/ssl_engine_kernel.c
index 29e4de2d0c73c7b129b96b3dcac0d6115a2a0db7..3d2c7de421bb370e93e5e0cc9e4b5943402497f7 100644 (file)
--- a/ssl_engine_kernel.c
+++ b/ssl_engine_kernel.c
@@ -712,7 +712,11 @@ int ssl_hook_Access(request_rec *r)
             ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
                          "Awaiting re-negotiation handshake");
 
-            SSL_renegotiate(ssl);
+            /* XXX: Should replace SSL_set_state with SSL_renegotiate(ssl);
+             * However, this causes failures in perl-framework currently, 
+             * perhaps pre-test if we have already negotiated?
+             */
+            SSL_set_state(ssl, SSL_ST_ACCEPT);
             SSL_do_handshake(ssl);
 
             if (SSL_get_state(ssl) != SSL_ST_OK) {

diff --git a/ssl_toolkit_compat.h b/ssl_toolkit_compat.h
index 0be9ba065b4509bf16cd5bd797a6f1b1207f9640..cba8de88d36284f21210e48febd778e30810797b 100644 (file)
--- a/ssl_toolkit_compat.h
+++ b/ssl_toolkit_compat.h
@@ -103,6 +103,8 @@
 #define SSL_get_state(ssl) SSL_state(ssl)
 #endif
 
+#define SSL_set_state(ssl,val) (ssl)->state = val
+
 #define MODSSL_BIO_CB_ARG_TYPE const char
 #define MODSSL_CRYPTO_CB_ARG_TYPE const char
 #if (OPENSSL_VERSION_NUMBER < 0x00907000)
@@ -181,6 +183,10 @@ typedef int (modssl_read_bio_cb_fn)(char*,int,int);
 #define modssl_PEM_read_bio_PrivateKey(b, k, cb, arg) \
    PEM_read_bio_PrivateKey(b, k, cb)
 
+#ifndef HAVE_SSL_SET_STATE
+#define SSL_set_state(ssl, state) /* XXX: should throw an error */
+#endif
+
 #define modssl_set_cipher_list(ssl, l) \
    SSL_set_cipher_list(ssl, (char *)l)