From: Rainer Jung <rjung@apache.org>
Date: Wed, 10 Aug 2016 20:27:38 +0000 (+0000)
Subject: Support for OpenSSL 1.1.0:
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=277795ef72deab0e2e61f77245a3758d1aca1c95;p=thirdparty%2Fapache%2Fhttpd.git

Support for OpenSSL 1.1.0:
- SRP_VBASE_get_by_user() is deprecated now,
  one should use SRP_VBASE_get1_by_user()
  instead. The new function returns a pointer
  owned by the callee. It must be freed after
  use.

Backport of r1735877 from trunk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat@1755846 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 7308e059c00..2f8e4a6b7c2 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2425,17 +2425,27 @@ int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
     SRP_user_pwd *u;
 
     if (username == NULL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
         || (u = SRP_VBASE_get_by_user(mctx->srp_vbase, username)) == NULL) {
+#else
+        || (u = SRP_VBASE_get1_by_user(mctx->srp_vbase, username)) == NULL) {
+#endif
         *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
         return SSL3_AL_FATAL;
     }
 
     if (SSL_set_srp_server_param(ssl, u->N, u->g, u->s, u->v, u->info) < 0) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+        SRP_user_pwd_free(u);
+#endif
         *ad = SSL_AD_INTERNAL_ERROR;
         return SSL3_AL_FATAL;
     }
 
     /* reset all other options */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    SRP_user_pwd_free(u);
+#endif
     SSL_set_verify(ssl, SSL_VERIFY_NONE,  ssl_callback_SSLVerify);
     return SSL_ERROR_NONE;
 }