https://bz.apache.org/bugzilla/show_bug.cgi?id=64862
Bug ID: 64862
Summary: Improve LibreSSL support
Product: Tomcat Native
Version: 1.2.23
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Library
Assignee: dev@tomcat.apache.org
Reporter: micha...@apache.org
Target Milestone: ---
Some time ago I started analyzing ifdefs and looking up the OpenBSD repo what
version of LibreSSL supports that particular feature.
A non-exhaustive list of my findings:
> sslinfo.c:
> #if defined(LIBRESSL_VERSION_NUMBER)
> value = tcn_new_string(e, "UNKNOWN");
> #else
> nid = X509_get_signature_nid(xs);
> if (nid == NID_undef)
> value = tcn_new_string(e, "UNKNOWN");
> else
> value = tcn_new_string(e, OBJ_nid2ln(nid));
> #endif
> $ git tag --contains e1dc6f25d8
> OPENBSD_6_3_BASE
> libressl-v2.7.0
>
> #if defined(LIBRESSL_VERSION_NUMBER)
> value = tcn_new_string(e, "UNKNOWN");
> #else
> nid = X509_get_signature_nid(xs);
> if (nid == NID_undef)
> value = tcn_new_string(e, "UNKNOWN");
> else
> value = tcn_new_string(e, OBJ_nid2ln(nid));
> #endif
>
> $ git tag --contains 2191533b47
> OPENBSD_6_3_BASE
> libressl-v2.7.0
>
> ssl.c:
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> /* OpenSSL Pre-1.1.0 compatibility */
> /* Taken from OpenSSL 1.1.0 snapshot 20160410 */
> int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
> {
> /* q is optional */
> if (p == NULL || g == NULL)
> return 0;
> BN_free(dh->p);
> BN_free(dh->q);
> BN_free(dh->g);
> dh->p = p;
> dh->q = q;
> dh->g = g;
>
> if (q != NULL) {
> dh->length = BN_num_bits(q);
> }
>
> return 1;
> }
> #endif
>
> $ git tag --contains 830713debd
> OPENBSD_6_3_BASE
> libressl-v2.7.0
>
>
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> static BIO_METHOD jbs_methods = {
> BIO_TYPE_FILE,
> "Java Callback",
> jbs_write,
> jbs_read,
> jbs_puts,
> jbs_gets,
> jbs_ctrl,
> jbs_new,
> jbs_free,
> NULL
> };
> #else
> static BIO_METHOD *jbs_methods = NULL;
>
> static void init_bio_methods(void)
> {
> jbs_methods = BIO_meth_new(BIO_TYPE_FILE, "Java Callback");
> BIO_meth_set_write(jbs_methods, &jbs_write);
> BIO_meth_set_read(jbs_methods, &jbs_read);
> BIO_meth_set_puts(jbs_methods, &jbs_puts);
> BIO_meth_set_gets(jbs_methods, &jbs_gets);
> BIO_meth_set_ctrl(jbs_methods, &jbs_ctrl);
> BIO_meth_set_create(jbs_methods, &jbs_new);
> BIO_meth_set_destroy(jbs_methods, &jbs_free);
> }
>
> static void free_bio_methods(void)
> {
> BIO_meth_free(jbs_methods);
> }
> #endif
> #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> return(&jbs_methods);
> #else
> return jbs_methods;
> #endif
>
>
> 6e0e12de58
> b08b825ace
>
>
> OPENBSD_6_3_BASE
> libressl-v2.7.0
This is intended to be an umbrella ticket to collect/coordinate all ifdefs to
bring it on par with OpenSSL. Maybe others want to pick up the work I have done
so far.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
