This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
commit b6952740dd64fa8ea7edd1764d4b14661527a0eb
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed May 25 16:15:02 2022 +0100
Minimum OpenSSl version is 3.0.0 is keylog callback is always available
---
native/include/ssl_private.h | 6 ------
native/src/ssl.c | 8 --------
native/src/sslcontext.c | 2 --
3 files changed, 16 deletions(-)
diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index fc0f6ba9b..4d99ece20 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -242,10 +242,6 @@ extern ENGINE *tcn_ssl_engine;
#define TLS_server_method SSLv23_server_method
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L ||
defined(LIBRESSL_VERSION_NUMBER) */
-#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
-#define HAVE_KEYLOG_CALLBACK
-#endif
-
#define MAX_ALPN_PROTO_SIZE 65535
#define SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOL 1
@@ -392,9 +388,7 @@ int SSL_CTX_use_certificate_chain(SSL_CTX *, const
char *, int);
int SSL_callback_SSL_verify(int, X509_STORE_CTX *);
int SSL_rand_seed(const char *file);
int SSL_callback_alpn_select_proto(SSL *, const unsigned char **,
unsigned char *, const unsigned char *, unsigned int, void *);
-#ifdef HAVE_KEYLOG_CALLBACK
void SSL_callback_add_keylog(SSL_CTX *);
-#endif
#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
&& ! (defined(WIN32) || defined(WIN64))
unsigned long SSL_ERR_get(void);
diff --git a/native/src/ssl.c b/native/src/ssl.c
index c48cb4247..fa8209cbe 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -29,7 +29,6 @@ extern apr_pool_t *tcn_global_pool;
ENGINE *tcn_ssl_engine = NULL;
tcn_pass_cb_t tcn_password_callback;
-#ifdef HAVE_KEYLOG_CALLBACK
static BIO *key_log_file = NULL;
static void ssl_keylog_callback(const SSL *ssl, const char *line)
@@ -39,7 +38,6 @@ static void ssl_keylog_callback(const SSL *ssl, const char
*line)
BIO_puts(key_log_file, "\n");
}
}
-#endif
/* From netty-tcnative */
static jclass byteArrayClass;
@@ -293,14 +291,12 @@ static void free_dh_params(void)
}
}
-#ifdef HAVE_KEYLOG_CALLBACK
void SSL_callback_add_keylog(SSL_CTX *ctx)
{
if (key_log_file) {
SSL_CTX_set_keylog_callback(ctx, ssl_keylog_callback);
}
}
-#endif
/* Hand out the same DH structure though once generated as we leak
* memory otherwise and freeing the structure up after use would be
@@ -401,12 +397,10 @@ static apr_status_t ssl_init_cleanup(void *data)
#endif
#endif
-#ifdef HAVE_KEYLOG_CALLBACK
if (key_log_file) {
BIO_free(key_log_file);
key_log_file = NULL;
}
-#endif
/* Don't call ERR_free_strings here; ERR_load_*_strings only
* actually load the error strings once per process due to static
@@ -863,7 +857,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS,
jstring engine)
sClazz = (*e)->FindClass(e, "java/lang/String");
stringClass = (jclass) (*e)->NewGlobalRef(e, sClazz);
-#ifdef HAVE_KEYLOG_CALLBACK
if (!key_log_file) {
char *key_log_file_name = getenv("SSLKEYLOGFILE");
if (key_log_file_name) {
@@ -877,7 +870,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS,
jstring engine)
}
}
}
-#endif
return (jint)APR_SUCCESS;
}
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index b69b4480f..80a252021 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -325,9 +325,7 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, make)(TCN_STDARGS,
jlong pool,
goto init_failed;
}
-#ifdef HAVE_KEYLOG_CALLBACK
SSL_callback_add_keylog(ctx);
-#endif
c->protocol = protocol;
c->mode = mode;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
