ab, mod_ssl: restore compatibility with OpenSSL < 0.9.7g which we broke

with r801527 (backport r819242, r819245). Reported on the list by Jie Gao.
[Guenter Knauf]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@819289 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index bac84a4961e98af3276e568eb67bbeb1b1b701e9..34b8f35d707e8bcb8287dba3d242567b980642cd 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.15
 
+  *) ab, mod_ssl: restore compatibility with OpenSSL < 0.9.7g which we broke
+     with r801527 (backport r819242, r819245). Reported on the list by Jie
+     Gao. [Guenter Knauf]
 
 Changes with Apache 2.2.14
 

diff --git a/STATUS b/STATUS
index 76eb883b2d7b9ef8ef93368c5f3524735c0239b8..2b6b4c538f1db54e13743f18876c020579cab7c5 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -87,11 +87,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
- * ab, mod_ssl: restore compatibility with OpenSSL < 0.9.7g which we broke
-   with r801527 (backport r819242, r819245). Reported on the list by Jie Gao.
-   2.2.x Patch: http://people.apache.org/~fuankg/diffs/openssl-0.9.7g-compat-2.2.x.diff
-   +1: fuankg, rpluem, minfrin
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index ab99af9efb938444d1c54360643c219b065050d5..eb136077a1213bb98206fda9fac47728637577b2 100644 (file)
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -626,7 +626,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
     ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
 
     if (ssl && strEQ(var, "")) {
-        const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
+        MODSSL_SSL_CIPHER_CONST SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
         result = (cipher != NULL ? (char *)SSL_CIPHER_get_name(cipher) : NULL);
     }
     else if (strcEQ(var, "_EXPORT"))
@@ -647,7 +647,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
 
 static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize)
 {
-    const SSL_CIPHER *cipher;
+    MODSSL_SSL_CIPHER_CONST SSL_CIPHER *cipher;
 
     *usekeysize = 0;
     *algkeysize = 0;

diff --git a/modules/ssl/ssl_toolkit_compat.h b/modules/ssl/ssl_toolkit_compat.h
index 06a22669b1323064181ec8616fcaa684befe2ce8..a841eccda7bd13a8d53614f38de6225df426eeea 100644 (file)
--- a/modules/ssl/ssl_toolkit_compat.h
+++ b/modules/ssl/ssl_toolkit_compat.h
@@ -93,8 +93,10 @@
 /** ...shifting sands of openssl... */
 #if (OPENSSL_VERSION_NUMBER >= 0x0090707f)
 # define MODSSL_D2I_SSL_SESSION_CONST    const
+# define MODSSL_SSL_CIPHER_CONST         const
 #else
 # define MODSSL_D2I_SSL_SESSION_CONST
+# define MODSSL_SSL_CIPHER_CONST
 #endif
 
 #if (OPENSSL_VERSION_NUMBER >= 0x00908000)

diff --git a/support/ab.c b/support/ab.c
index 4f7d290173de0323926e63923370b47af9cf8b54..8a12087972ac3c2b991e70dbafa0ef5285ca743d 100644 (file)
--- a/support/ab.c
+++ b/support/ab.c
@@ -189,11 +189,18 @@ typedef STACK_OF(X509) X509_STACK_TYPE;
 
 #endif
 
-#if defined(USE_SSL) && (OPENSSL_VERSION_NUMBER >= 0x00909000)
+#if defined(USE_SSL)
+#if (OPENSSL_VERSION_NUMBER >= 0x00909000)
 #define AB_SSL_METHOD_CONST const
 #else
 #define AB_SSL_METHOD_CONST
 #endif
+#if (OPENSSL_VERSION_NUMBER >= 0x0090707f)
+#define AB_SSL_CIPHER_CONST const
+#else
+#define AB_SSL_CIPHER_CONST
+#endif
+#endif
 
 #include <math.h>
 #if APR_HAVE_CTYPE_H
@@ -486,7 +493,7 @@ static void ssl_rand_seed(void)
 
 static int ssl_print_connection_info(BIO *bio, SSL *ssl)
 {
-    const SSL_CIPHER *c;
+    AB_SSL_CIPHER_CONST SSL_CIPHER *c;
     int alg_bits,bits;
 
     c = SSL_get_current_cipher(ssl);
@@ -572,7 +579,7 @@ static void ssl_proceed_handshake(struct connection *c)
             if (verbosity >= 2)
                 ssl_print_info(c);
             if (ssl_info == NULL) {
-                const SSL_CIPHER *ci;
+                AB_SSL_CIPHER_CONST SSL_CIPHER *ci;
                 X509 *cert;
                 int sk_bits, pk_bits, swork;