From: Guenter Knauf <fuankg@apache.org>
Date: Tue, 28 Jul 2009 02:08:32 +0000 (+0000)
Subject: backport support for OpenSSL 1.0.0 from HEAD. Based on:
X-Git-Tag: 2.2.13~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b36e9ee7695830656b0fbdeae9155d3a800abba6;p=thirdparty%2Fapache%2Fhttpd.git

backport support for OpenSSL 1.0.0 from HEAD. Based on:
http://svn.apache.org/viewvc?view=rev&revision=748396
http://svn.apache.org/viewvc?view=rev&revision=749466
http://svn.apache.org/viewvc?view=rev&revision=798274


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@798359 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 4c11208af46..f4f54df3367 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -573,7 +573,7 @@ static void ssl_init_ctx_verify(server_rec *s,
             ssl_die();
         }
 
-        SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list);
+        SSL_CTX_set_client_CA_list(ctx, ca_list);
     }
 
     /*
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 17bf9353c45..15186209fe8 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -222,7 +222,7 @@ int ssl_hook_Access(request_rec *r)
     X509_STORE *cert_store = NULL;
     X509_STORE_CTX cert_store_ctx;
     STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
-    SSL_CIPHER *cipher = NULL;
+    const SSL_CIPHER *cipher = NULL;
     int depth, verify_old, verify, n;
 
     if (ssl) {
@@ -668,7 +668,7 @@ int ssl_hook_Access(request_rec *r)
                  * sk_X509_shift-ed the peer cert out of the chain.
                  * we put it back here for the purpose of quick_renegotiation.
                  */
-                cert_stack = sk_new_null();
+                cert_stack = sk_X509_new_null();
                 sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
             }
 
diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index 4bbe375b61c..7833f14a6ee 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -628,7 +628,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
     ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
 
     if (ssl && strEQ(var, "")) {
-        SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
+        const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
         result = (cipher != NULL ? (char *)SSL_CIPHER_get_name(cipher) : NULL);
     }
     else if (strcEQ(var, "_EXPORT"))
@@ -649,7 +649,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var)
 
 static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize)
 {
-    SSL_CIPHER *cipher;
+    const SSL_CIPHER *cipher;
 
     *usekeysize = 0;
     *algkeysize = 0;
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index 1b5df13b33d..a06b65047a1 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -294,7 +294,7 @@ BOOL SSL_X509_isSGC(X509 *cert)
 #ifdef HAVE_SSL_X509V3_EXT_d2i
     X509_EXTENSION *ext;
     int ext_nid;
-    STACK *sk;
+    EXTENDED_KEY_USAGE *sk;
     BOOL is_sgc;
     int idx;
     int i;
@@ -303,9 +303,9 @@ BOOL SSL_X509_isSGC(X509 *cert)
     idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1);
     if (idx >= 0) {
         ext = X509_get_ext(cert, idx);
-        if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) {
-            for (i = 0; i < sk_num(sk); i++) {
-                ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_value(sk, i));
+        if ((sk = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i(ext)) != NULL) {
+            for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
+                ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_ASN1_OBJECT_value(sk, i));
                 if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
                     is_sgc = TRUE;
                     break;
@@ -467,7 +467,7 @@ int SSL_CTX_use_certificate_chain(
     X509 *x509;
     unsigned long err;
     int n;
-    STACK *extra_certs;
+    STACK_OF(X509) *extra_certs;
 
     if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
         return -1;
diff --git a/support/ab.c b/support/ab.c
index f855bbd3626..9626e017b8f 100644
--- a/support/ab.c
+++ b/support/ab.c
@@ -189,6 +189,12 @@ typedef STACK_OF(X509) X509_STACK_TYPE;
 
 #endif
 
+#if defined(USE_SSL) && (OPENSSL_VERSION_NUMBER >= 0x00909000)
+#define AB_SSL_METHOD_CONST const
+#else
+#define AB_SSL_METHOD_CONST
+#endif
+
 #include <math.h>
 #if APR_HAVE_CTYPE_H
 #include <ctype.h>
@@ -480,7 +486,7 @@ static void ssl_rand_seed(void)
 
 static int ssl_print_connection_info(BIO *bio, SSL *ssl)
 {
-    SSL_CIPHER *c;
+    const SSL_CIPHER *c;
     int alg_bits,bits;
 
     c = SSL_get_current_cipher(ssl);
@@ -566,7 +572,7 @@ static void ssl_proceed_handshake(struct connection *c)
             if (verbosity >= 2)
                 ssl_print_info(c);
             if (ssl_info == NULL) {
-                SSL_CIPHER *ci;
+                const SSL_CIPHER *ci;
                 X509 *cert;
                 int sk_bits, pk_bits, swork;
 
@@ -1981,7 +1987,7 @@ int main(int argc, const char * const argv[])
     const char *optarg;
     char c;
 #ifdef USE_SSL
-    SSL_METHOD *meth = SSLv23_client_method();
+    AB_SSL_METHOD_CONST SSL_METHOD *meth = SSLv23_client_method();
 #endif
 
     /* table defaults  */