From: Guenter Knauf <fuankg@apache.org>
Date: Tue, 28 Jul 2009 12:50:46 +0000 (+0000)
Subject: reverted changes from r798359 to previous r798358 ->
X-Git-Tag: 2.2.13~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a3df42f9e51360e37154e10c0955fa96d62e604b;p=thirdparty%2Fapache%2Fhttpd.git

reverted changes from r798359 to previous r798358 ->
backport support for OpenSSL 1.0.0 from HEAD. Based on:
http://svn.apache.org/viewvc?view=rev&revision=748396
http://svn.apache.org/viewvc?view=rev&revision=749466
http://svn.apache.org/viewvc?view=rev&revision=798274


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@798508 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index f4f54df3367..4c11208af46 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -573,7 +573,7 @@ static void ssl_init_ctx_verify(server_rec *s,
             ssl_die();
         }
 
-        SSL_CTX_set_client_CA_list(ctx, ca_list);
+        SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list);
     }
 
     /*
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 15186209fe8..17bf9353c45 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -222,7 +222,7 @@ int ssl_hook_Access(request_rec *r)
     X509_STORE *cert_store = NULL;
     X509_STORE_CTX cert_store_ctx;
     STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
-    const SSL_CIPHER *cipher = NULL;
+    SSL_CIPHER *cipher = NULL;
     int depth, verify_old, verify, n;
 
     if (ssl) {
@@ -668,7 +668,7 @@ int ssl_hook_Access(request_rec *r)
                  * sk_X509_shift-ed the peer cert out of the chain.
                  * we put it back here for the purpose of quick_renegotiation.
                  */
-                cert_stack = sk_X509_new_null();
+                cert_stack = sk_new_null();
                 sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
             }
 
diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index 7833f14a6ee..4bbe375b61c 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -628,7 +628,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
     ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
 
     if (ssl && strEQ(var, "")) {
-        const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
+        SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
         result = (cipher != NULL ? (char *)SSL_CIPHER_get_name(cipher) : NULL);
     }
     else if (strcEQ(var, "_EXPORT"))
@@ -649,7 +649,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
 
 static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize)
 {
-    const SSL_CIPHER *cipher;
+    SSL_CIPHER *cipher;
 
     *usekeysize = 0;
     *algkeysize = 0;
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index a06b65047a1..1b5df13b33d 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -294,7 +294,7 @@ BOOL SSL_X509_isSGC(X509 *cert)
 #ifdef HAVE_SSL_X509V3_EXT_d2i
     X509_EXTENSION *ext;
     int ext_nid;
-    EXTENDED_KEY_USAGE *sk;
+    STACK *sk;
     BOOL is_sgc;
     int idx;
     int i;
@@ -303,9 +303,9 @@ BOOL SSL_X509_isSGC(X509 *cert)
     idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1);
     if (idx >= 0) {
         ext = X509_get_ext(cert, idx);
-        if ((sk = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i(ext)) != NULL) {
-            for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
-                ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_ASN1_OBJECT_value(sk, i));
+        if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) {
+            for (i = 0; i < sk_num(sk); i++) {
+                ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_value(sk, i));
                 if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
                     is_sgc = TRUE;
                     break;
@@ -467,7 +467,7 @@ int SSL_CTX_use_certificate_chain(
     X509 *x509;
     unsigned long err;
     int n;
-    STACK_OF(X509) *extra_certs;
+    STACK *extra_certs;
 
     if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
         return -1;
diff --git a/support/ab.c b/support/ab.c
index 9626e017b8f..f855bbd3626 100644
--- a/support/ab.c
+++ b/support/ab.c
@@ -189,12 +189,6 @@ typedef STACK_OF(X509) X509_STACK_TYPE;
 
 #endif
 
-#if defined(USE_SSL) && (OPENSSL_VERSION_NUMBER >= 0x00909000)
-#define AB_SSL_METHOD_CONST const
-#else
-#define AB_SSL_METHOD_CONST
-#endif
-
 #include <math.h>
 #if APR_HAVE_CTYPE_H
 #include <ctype.h>
@@ -486,7 +480,7 @@ static void ssl_rand_seed(void)
 
 static int ssl_print_connection_info(BIO *bio, SSL *ssl)
 {
-    const SSL_CIPHER *c;
+    SSL_CIPHER *c;
     int alg_bits,bits;
 
     c = SSL_get_current_cipher(ssl);
@@ -572,7 +566,7 @@ static void ssl_proceed_handshake(struct connection *c)
             if (verbosity >= 2)
                 ssl_print_info(c);
             if (ssl_info == NULL) {
-                const SSL_CIPHER *ci;
+                SSL_CIPHER *ci;
                 X509 *cert;
                 int sk_bits, pk_bits, swork;
 
@@ -1987,7 +1981,7 @@ int main(int argc, const char * const argv[])
     const char *optarg;
     char c;
 #ifdef USE_SSL
-    AB_SSL_METHOD_CONST SSL_METHOD *meth = SSLv23_client_method();
+    SSL_METHOD *meth = SSLv23_client_method();
 #endif
 
     /* table defaults  */