DH *ssl_callback_TmpDH(SSL *, int, int);
int ssl_callback_SSLVerify(int, X509_STORE_CTX *);
int ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, conn_rec *);
-int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey);
int ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
"Configuring client authentication");
if (!SSL_CTX_load_verify_locations(ctx,
- mctx->auth.ca_cert_file,
- mctx->auth.ca_cert_path))
+ MODSSL_PCHAR_CAST mctx->auth.ca_cert_file,
+ MODSSL_PCHAR_CAST mctx->auth.ca_cert_path))
{
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to configure verify locations "
"Configuring permitted SSL ciphers [%s]",
suite);
- if (!SSL_CTX_set_cipher_list(ctx, suite)) {
+ if (!SSL_CTX_set_cipher_list(ctx, MODSSL_PCHAR_CAST suite)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to configure permitted SSL ciphers");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
}
}
+#ifdef SSLC_VERSION_NUMBER
+static int ssl_init_FindCAList_X509NameCmp(char **a, char **b)
+{
+ return(X509_NAME_cmp((void*)*a, (void*)*b));
+}
+#else
static int ssl_init_FindCAList_X509NameCmp(X509_NAME **a, X509_NAME **b)
{
return(X509_NAME_cmp(*a, *b));
}
+#endif
static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list,
server_rec *s, const char *file)
int n;
STACK_OF(X509_NAME) *sk;
- sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(file);
+ sk = (STACK_OF(X509_NAME) *)
+ SSL_load_client_CA_file(MODSSL_PCHAR_CAST file);
if (!sk) {
return;
* we put it back here for the purpose of quick_renegotiation.
*/
cert_stack = sk_new_null();
- sk_X509_push(cert_stack, cert);
+ sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
}
if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
*pkey = info->x_pkey->dec_pkey; \
EVP_PKEY_reference_inc(*pkey)
-int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
+int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey)
{
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
server_rec *s = c->base_server;
*/
static server_rec *ssl_pphrase_server_rec = NULL;
+#ifdef SSLC_VERSION_NUMBER
+int ssl_pphrase_Handle_CB(char *, int, int);
+#else
int ssl_pphrase_Handle_CB(char *, int, int, void *);
+#endif
static char *pphrase_array_get(apr_array_header_t *arr, int idx)
{
return 0;
}
+#ifdef SSLC_VERSION_NUMBER
+int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify)
+{
+ void *srv = ssl_pphrase_server_rec;
+#else
int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
{
+#endif
SSLModConfigRec *mc;
server_rec *s;
apr_pool_t *p;
char *cpp;
int len = -1;
-#ifndef OPENSSL_VERSION_NUMBER
- /* make up for sslc flaw */
- srv = ssl_pphrase_server_rec;
-#endif
-
mc = myModConfig((server_rec *)srv);
/*
#define MODSSL_BIO_CB_ARG_TYPE const char
#define MODSSL_CRYPTO_CB_ARG_TYPE const char
+#define MODSSL_CLIENT_CERT_CB_ARG_TYPE X509
+#define MODSSL_PCHAR_CAST
#define modssl_X509_verify_cert X509_verify_cert
+typedef int (modssl_read_bio_cb_fn)(char*,int,int,void*);
+
#if (OPENSSL_VERSION_NUMBER < 0x00904000)
#define modssl_PEM_read_bio_X509(b, x, cb, arg) PEM_read_bio_X509(b, x, cb)
#else
#define HAVE_SSL_X509V3_EXT_d2i
-#else /* HAVE_SSLC */
+#elif defined(HAVE_SSLC)
+#include <bio.h>
+#include <ssl.h>
+#include <err.h>
+#include <x509.h>
+#include <pem.h>
+#include <evp.h>
+#include <objects.h>
#include <sslc.h>
-#if SSLC_VERSION > 0x1FFF
-#include <x509v3.h>
-#endif
-
/* sslc does not support this function, OpenSSL has since 9.5.1 */
#define RAND_status() 1
#define MODSSL_BIO_CB_ARG_TYPE char
#define MODSSL_CRYPTO_CB_ARG_TYPE char
+#define MODSSL_CLIENT_CERT_CB_ARG_TYPE void
+#define MODSSL_PCHAR_CAST (char *)
+
+typedef int (modssl_read_bio_cb_fn)(char*,int,int);
#define modssl_X509_verify_cert(c) X509_verify_cert(c, NULL)
#define PEM_F_DEF_CALLBACK PEM_F_DEF_CB
#endif
-#if SSLC_VERSION < 0x2000
+#if SSLC_VERSION_NUMBER < 0x2000
#define X509_STORE_CTX_set_depth(st, d)
#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
#define modssl_set_verify(ssl, verify, cb) \
SSL_set_verify(ssl, verify)
-#endif
+#else /* SSLC_VERSION_NUMBER >= 0x2000 */
+
+#define CRYPTO_malloc_init R_malloc_init
+
+#define EVP_cleanup()
+
+#endif /* SSLC_VERSION_NUMBER >= 0x2000 */
+
+typedef void (*modssl_popfree_fn)(char *data);
-/* BEGIN GENERATED SECTION */
-#define sk_SSL_CIPHER_free sk_free
#define sk_SSL_CIPHER_dup sk_dup
-#define sk_SSL_CIPHER_num sk_num
#define sk_SSL_CIPHER_find(st, data) sk_find(st, (void *)data)
+#define sk_SSL_CIPHER_free sk_free
+#define sk_SSL_CIPHER_num sk_num
#define sk_SSL_CIPHER_value (SSL_CIPHER *)sk_value
#define sk_X509_num sk_num
#define sk_X509_push sk_push
+#define sk_X509_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free))
#define sk_X509_value (X509 *)sk_value
-#define sk_X509_INFO_value (X509_INFO *)sk_value
#define sk_X509_INFO_free sk_free
-#define sk_X509_INFO_pop_free sk_pop_free
+#define sk_X509_INFO_pop_free(st, free) sk_pop_free((STACK*)(st), (modssl_popfree_fn)(free))
#define sk_X509_INFO_num sk_num
#define sk_X509_INFO_new_null sk_new_null
+#define sk_X509_INFO_value (X509_INFO *)sk_value
+#define sk_X509_NAME_find(st, data) sk_find(st, (void *)data)
+#define sk_X509_NAME_free sk_free
+#define sk_X509_NAME_new sk_new
#define sk_X509_NAME_num sk_num
#define sk_X509_NAME_push(st, data) sk_push(st, (void *)data)
#define sk_X509_NAME_value (X509_NAME *)sk_value
-#define sk_X509_NAME_free sk_free
-#define sk_X509_NAME_new sk_new
-#define sk_X509_NAME_find(st, data) sk_find(st, (void *)data)
#define sk_X509_NAME_ENTRY_num sk_num
#define sk_X509_NAME_ENTRY_value (X509_NAME_ENTRY *)sk_value
#define sk_X509_NAME_set_cmp_func sk_set_cmp_func
#define sk_X509_REVOKED_num sk_num
#define sk_X509_REVOKED_value (X509_REVOKED *)sk_value
-#define sk_X509_pop_free sk_pop_free
-/* END GENERATED SECTION */
-#endif /* OPENSSL_VERSION_NUMBER */
+#else /* ! HAVE_OPENSSL && ! HAVE_SSLC */
+
+#error "Unrecognized SSL Toolkit!"
+
+#endif /* ! HAVE_OPENSSL && ! HAVE_SSLC */
#ifndef modssl_set_verify
#define modssl_set_verify(ssl, verify, cb) \
static apr_thread_mutex_t **lock_cs;
static int lock_num_locks;
+#ifdef SSLC_VERSION_NUMBER
+#if SSLC_VERSION_NUMBER >= 0x2000
+static int ssl_util_thr_lock(int mode, int type,
+ const char *file, int line)
+#else
+static void ssl_util_thr_lock(int mode, int type,
+ const char *file, int line)
+#endif
+#else
static void ssl_util_thr_lock(int mode, int type,
const char *file, int line)
+#endif
{
if (type < lock_num_locks) {
if (mode & CRYPTO_LOCK) {
else {
apr_thread_mutex_unlock(lock_cs[type]);
}
+#ifdef HAVE_SSLC
+#if SSLC_VERSION_NUMBER > 0x2000
+ return 1;
+ }
+ else {
+ return -1;
+#endif
+#endif
}
}
** _________________________________________________________________
*/
-X509 *SSL_read_X509(char* filename, X509 **x509, int (*cb)(char*,int,int,void*))
+X509 *SSL_read_X509(char* filename, X509 **x509, modssl_read_bio_cb_fn *cb)
{
X509 *rc;
BIO *bioS;
}
#endif
-EVP_PKEY *SSL_read_PrivateKey(char* filename, EVP_PKEY **key, int (*cb)(char*,int,int,void*), void *s)
+EVP_PKEY *SSL_read_PrivateKey(char* filename, EVP_PKEY **key, modssl_read_bio_cb_fn *cb, void *s)
{
EVP_PKEY *rc;
BIO *bioS;
return FALSE;
}
- if (BIO_read_filename(in, filename) <= 0) {
+ if (BIO_read_filename(in, MODSSL_PCHAR_CAST filename) <= 0) {
BIO_free(in);
return FALSE;
}
* should be sent to the peer in the SSL Certificate message.
*/
int SSL_CTX_use_certificate_chain(
- SSL_CTX *ctx, char *file, int skipfirst, int (*cb)(char*,int,int,void*))
+ SSL_CTX *ctx, char *file, int skipfirst, modssl_read_bio_cb_fn *cb)
{
BIO *bio;
X509 *x509;
void SSL_init_app_data2_idx(void);
void *SSL_get_app_data2(SSL *);
void SSL_set_app_data2(SSL *, void *);
-X509 *SSL_read_X509(char *, X509 **, int (*)(char*,int,int,void*));
-EVP_PKEY *SSL_read_PrivateKey(char *, EVP_PKEY **, int (*)(char*,int,int,void*), void *);
+X509 *SSL_read_X509(char *, X509 **, modssl_read_bio_cb_fn *);
+EVP_PKEY *SSL_read_PrivateKey(char *, EVP_PKEY **, modssl_read_bio_cb_fn *, void *);
int SSL_smart_shutdown(SSL *ssl);
X509_STORE *SSL_X509_STORE_create(char *, char *);
int SSL_X509_STORE_lookup(X509_STORE *, int, X509_NAME *, X509_OBJECT *);
BOOL SSL_X509_getCN(apr_pool_t *, X509 *, char **);
BOOL SSL_X509_INFO_load_file(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
BOOL SSL_X509_INFO_load_path(apr_pool_t *, STACK_OF(X509_INFO) *, const char *);
-int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, int (*)(char*,int,int,void*));
+int SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, modssl_read_bio_cb_fn *);
char *SSL_SESSION_id2sz(unsigned char *, int, char *, int);
/* util functions for OpenSSL+sslc compat */
projects / thirdparty / apache / httpd.git / commitdiff
