From: William A. Rowe Jr Date: Mon, 19 May 2003 15:13:19 +0000 (+0000) Subject: Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9f65765d5de45ae975e248b27f0a70df750f607;p=thirdparty%2Fapache%2Fhttpd.git Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin rehandshaking the SSL connection, vis-a-vis ApacheSSL. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99921 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/config.m4 b/config.m4 index 16ea75b2833..01d7b0b7470 100644 --- a/config.m4 +++ b/config.m4 @@ -77,7 +77,6 @@ ssl_util_table.lo dnl dnl # hook module into the Autoconf mechanism (--enable-ssl option) APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [ APACHE_CHECK_SSL_TOOLKIT - AC_CHECK_FUNCS(SSL_set_state) AC_CHECK_FUNCS(SSL_set_cert_store) AC_CHECK_FUNCS(ENGINE_init) ]) diff --git a/ssl_engine_io.c b/ssl_engine_io.c index 9f9c5449c48..26ca18f1f5f 100644 --- a/ssl_engine_io.c +++ b/ssl_engine_io.c @@ -1257,7 +1257,7 @@ static apr_status_t ssl_io_filter_Upgrade(ap_filter_t *f, sslconn = myConnConfig(f->c); ssl = sslconn->ssl; - SSL_set_state(ssl, SSL_ST_ACCEPT); + SSL_renegotiate(ssl); SSL_do_handshake(ssl); if (SSL_get_state(ssl) != SSL_ST_OK) { diff --git a/ssl_engine_kernel.c b/ssl_engine_kernel.c index 246bda1a142..29e4de2d0c7 100644 --- a/ssl_engine_kernel.c +++ b/ssl_engine_kernel.c @@ -712,7 +712,7 @@ int ssl_hook_Access(request_rec *r) ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "Awaiting re-negotiation handshake"); - SSL_set_state(ssl, SSL_ST_ACCEPT); + SSL_renegotiate(ssl); SSL_do_handshake(ssl); if (SSL_get_state(ssl) != SSL_ST_OK) { diff --git a/ssl_toolkit_compat.h b/ssl_toolkit_compat.h index cba8de88d36..0be9ba065b4 100644 --- a/ssl_toolkit_compat.h +++ b/ssl_toolkit_compat.h @@ -103,8 +103,6 @@ #define SSL_get_state(ssl) SSL_state(ssl) #endif -#define SSL_set_state(ssl,val) (ssl)->state = val - #define MODSSL_BIO_CB_ARG_TYPE const char #define MODSSL_CRYPTO_CB_ARG_TYPE const char #if (OPENSSL_VERSION_NUMBER < 0x00907000) @@ -183,10 +181,6 @@ typedef int (modssl_read_bio_cb_fn)(char*,int,int); #define modssl_PEM_read_bio_PrivateKey(b, k, cb, arg) \ PEM_read_bio_PrivateKey(b, k, cb) -#ifndef HAVE_SSL_SET_STATE -#define SSL_set_state(ssl, state) /* XXX: should throw an error */ -#endif - #define modssl_set_cipher_list(ssl, l) \ SSL_set_cipher_list(ssl, (char *)l)