From: Kaspar Brand <kbrand@apache.org>
Date: Sun, 14 Aug 2011 17:37:03 +0000 (+0000)
Subject: Enforce OpenSSL 0.9.7 or later at compile time (#error out otherwise).
X-Git-Tag: 2.3.15~383
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6a6c22af529f633a554b925443f324adbad45f01;p=thirdparty%2Fapache%2Fhttpd.git

Enforce OpenSSL 0.9.7 or later at compile time (#error out otherwise).
Remove some more unneeded defines from ssl_private.h.

At runtime, warn when mod_ssl is started with an OpenSSL version
older than the one it was originally compiled against.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1157575 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index f9ae36b32ec..fd24b7b4efd 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -190,6 +190,14 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
     SSLSrvConfigRec *sc;
     server_rec *s;
 
+    if (SSLeay() < SSL_LIBRARY_VERSION) {
+        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server,
+                     "Init: this version of mod_ssl was compiled against "
+                     "a newer library (%s, version currently loaded is %s)"
+                     " - may result in undefined or erroneous behavior",
+                     SSL_LIBRARY_TEXT, SSLeay_version(SSLEAY_VERSION));
+    }
+
     /* We initialize mc->pid per-process in the child init,
      * but it should be initialized for startup before we
      * call ssl_rand_seed() below.
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index 36ea6140787..d25337710d0 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -100,6 +100,10 @@
 #include <openssl/engine.h>
 #endif
 
+#if (OPENSSL_VERSION_NUMBER < 0x0090700f)
+#error mod_ssl requires OpenSSL 0.9.7 or later
+#endif
+
 /* ...shifting sands of OpenSSL... */
 #if (OPENSSL_VERSION_NUMBER >= 0x0090707f)
 #define MODSSL_D2I_SSL_SESSION_CONST const
@@ -153,10 +157,6 @@
 #endif
 #endif
 
-#ifndef sk_STRING_pop
-#define sk_STRING_pop sk_pop
-#endif
-
 /* mod_ssl headers */
 #include "ssl_util_ssl.h"
 
@@ -241,11 +241,6 @@ ap_set_module_config(c->conn_config, &ssl_module, val)
 #define DEFAULT_OCSP_TIMEOUT 10
 #endif
 
-/**
- * Support for MM library
- */
-#define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
-
 /**
  * Define the certificate algorithm types
  */
@@ -323,10 +318,6 @@ typedef enum {
 #define SSL_VERIFY_PEER_STRICT \
      (SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
 
-#ifndef X509_V_ERR_CERT_UNTRUSTED
-#define X509_V_ERR_CERT_UNTRUSTED 27
-#endif
-
 #define ssl_verify_error_is_optional(errnum) \
    ((errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) \
     || (errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) \