Fix OpenSSL 4.0 compatibility and test that in CI.
CI: Update to test OpenSSL 4.0.0 explicitly.
CI: No longer disable deprecated-declaration warnings for OpenSSL 3.4 -Werror build.
* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Change name to
const X509_NAME *.
(ssl_callback_proxy_cert): Change ca_name, issuer, and ca_issuer to
const X509_NAME *.
* modules/ssl/ssl_engine_log.c (ssl_log_cert_error): Change cert
parameter to const X509 *. Use X509_get0_serialNumber,
X509_get0_notBefore, and X509_get0_notAfter instead of non-const
variants.
(ssl_log_xerror, ssl_log_cxerror, ssl_log_rxerror): Change cert
parameter to const X509 *.
* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): Change
xsname parameter to const X509_NAME *.
(ssl_var_lookup_ssl_cert_dn_oneline): Change xsname parameter to
const X509_NAME *.
(ssl_var_lookup_ssl_cert): Change xsname to const X509_NAME *.
(ssl_var_lookup_ssl_cert_rfc4523_cea): Change issuer to const
X509_NAME *.
* modules/ssl/ssl_private.h (ssl_log_xerror, ssl_log_cxerror,
ssl_log_rxerror): Update declarations to use const X509 *.
* modules/ssl/ssl_util_ssl.c (modssl_X509_NAME_to_string): Change dn
parameter to const X509_NAME *.
(getIDs): Change subj to const X509_NAME *.
* modules/ssl/ssl_util_ssl.h (modssl_X509_NAME_to_string): Update
declaration to use const X509_NAME *.
* support/ab.c (ssl_print_cert_info): Change dn to const X509_NAME *.
mod_ssl: use ASN1_STRING accessor API in dump_extn_value:
* modules/ssl/ssl_engine_vars.c (dump_extn_value): Use
ASN1_STRING_get0_data() and ASN1_STRING_length() rather than
directly dereferencing the ASN1_OCTET_STRING structure, which is
opaque in OpenSSL 4.0.
* modules/ssl/ssl_private.h: Add compat macros for
ASN1_STRING_get0_data and ASN1_STRING_length for pre-1.1 API.
mod_ssl: constify ASN1_TIME pointers, use X509_get0_not{Before,After}:
* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_valid,
ssl_var_lookup_ssl_cert_remain): Constify ASN1_TIME * parameter.
(ssl_var_lookup_ssl_cert): Use X509_get0_notBefore() and
X509_get0_notAfter() which return const pointers.
(ssl_var_lookup_ssl_cert_remain): Use ASN1_TIME_check() directly
rather than INVALID_ASN1_TIME macro which dereferences the
ASN1_TIME structure.
(dump_extn_value): Constify ASN1_OCTET_STRING * parameter.
* modules/ssl/ssl_private.h: Add compat macros for
X509_get0_before and X509_get0_after for pre-1.1 API.
mod_ssl: constify X509_NAME_ENTRY and X509_EXTENSION pointers:
* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn,
extract_dn): Constify X509_NAME_ENTRY * variables, constify
X509_NAME * parameter of extract_dn, drop unnecessary casts
on X509_NAME_ENTRY_get_object() calls.
(ssl_ext_list): Use MODSSL_X509_EXT_CONST for X509_EXTENSION *
since X509_EXTENSION accessors are only constified in OpenSSL 4.
* modules/ssl/ssl_util_ssl.c, modules/ssl/ssl_util_ssl.h
(modssl_X509_NAME_ENTRY_to_string): Constify X509_NAME_ENTRY *
parameter.
* modules/ssl/ssl_private.h: Add MODSSL_X509_EXT_CONST, defined
as const for OpenSSL 4+ and empty otherwise.
* modules/ssl/ssl_util_ssl.c (asn1_string_convert): Constify
ASN1_STRING * argument.
* modules/ssl/ssl_engine_ocsp.c (extract_responder_uri): Use
modssl_ASN1_STRING_convert instead of directly accessing ASN1_STRING
data pointer.
* modules/ssl/ssl_util_ssl.c (modssl_ASN1_STRING_convert): Rename from
asn1_string_convert and export function.
(asn1_string_to_utf8): Update to use modssl_ASN1_STRING_convert.
(modssl_X509_NAME_ENTRY_to_string): Update to use
modssl_ASN1_STRING_convert.
* modules/ssl/ssl_util_ssl.h (modssl_ASN1_STRING_convert): Declare new
function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Github: closes #609
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@
1933586 13f79535-47bb-0310-9956-
ffa450edef68
projects / thirdparty / apache / httpd.git / commit
