svn commit: r1293144 - in /tomcat/native/branches/1.1.x/native: NMAKEmakefile include/tcn.h src/sslutils.c

Fri, 24 Feb 2012 01:26:52 -0800 

Author: mturk
Date: Fri Feb 24 09:26:28 2012
New Revision: 1293144

URL: http://svn.apache.org/viewvc?rev=1293144&view=rev
Log:
Fix few remaining issues in OCSP patch

Modified:
    tomcat/native/branches/1.1.x/native/NMAKEmakefile
    tomcat/native/branches/1.1.x/native/include/tcn.h
    tomcat/native/branches/1.1.x/native/src/sslutils.c

Modified: tomcat/native/branches/1.1.x/native/NMAKEmakefile
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/NMAKEmakefile?rev=1293144&r1=1293143&r2=1293144&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/NMAKEmakefile (original)
+++ tomcat/native/branches/1.1.x/native/NMAKEmakefile Fri Feb 24 09:26:28 2012
@@ -27,16 +27,20 @@
 
 !IF !DEFINED(APR_DECLARE_STATIC) || "$(APR_DECLARE_STATIC)" == ""
 PROJECT = libtcnative-1
-APR_LIB = libapr-1.lib
 !ELSE
-EXTRA_CFLAGS = -DAPR_DECLARE_STATIC
 PROJECT = tcnative-1
-APR_LIB = apr-1.lib
 !ENDIF
 TARGET = DLL
 
 !include <NMAKEmakefile.inc>
 
+!IF !DEFINED(APR_DECLARE_STATIC) || "$(APR_DECLARE_STATIC)" == ""
+APR_LIB = libapr-1.lib
+!ELSE
+CFLAGS = $(CFLAGS) -DAPR_DECLARE_STATIC
+APR_LIB = apr-1.lib
+!ENDIF
+
 !IF !DEFINED(SRCDIR) || "$(SRCDIR)" == ""
 SRCDIR = .
 !ENDIF

Modified: tomcat/native/branches/1.1.x/native/include/tcn.h
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/include/tcn.h?rev=1293144&r1=1293143&r2=1293144&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/include/tcn.h (original)
+++ tomcat/native/branches/1.1.x/native/include/tcn.h Fri Feb 24 09:26:28 2012
@@ -25,6 +25,7 @@
 
 #include "apr.h"
 #include "apr_general.h"
+#include "apr_lib.h"
 #include "apr_pools.h"
 #include "apr_portable.h"
 #include "apr_network_io.h"

Modified: tomcat/native/branches/1.1.x/native/src/sslutils.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslutils.c?rev=1293144&r1=1293143&r2=1293144&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslutils.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslutils.c Fri Feb 24 09:26:28 2012
@@ -30,19 +30,14 @@
 extern int WIN32_SSL_password_prompt(tcn_pass_cb_t *data);
 #endif
 
-#if defined(HAVE_SSL_OCSP) && defined(HAVE_OPENSSL_OCSP)
-#define HAS_OCSP_ENABLED 1
-#else
-#define HAS_OCSP_ENABLED 0
-#endif
-#if HAS_OCSP_ENABLED
+#ifdef HAVE_OPENSSL_OCSP
 #include <openssl/bio.h>
 #include <openssl/ocsp.h>
 /* defines with the values as seen by the asn1parse -dump openssl command */
 #define ASN1_SEQUENCE 0x30
 #define ASN1_OID      0x06
 #define ASN1_STRING   0x86
-
+#pragma message("Using OCSP")
 static int ssl_verify_OCSP(int ok, X509_STORE_CTX *ctx);
 static int ssl_ocsp_request(X509 *cert, X509 *issuer);
 #endif
@@ -662,7 +657,7 @@ int SSL_callback_SSL_verify(int ok, X509
         SSL_set_verify_result(ssl, X509_V_OK);
     }
 
-#if HAS_OCSP_ENABLED
+#ifdef HAVE_OPENSSL_OCSP
     /* First perform OCSP validation if possible */
     if (ok) {
         /* If there was an optional verification error, it's not
@@ -757,7 +752,7 @@ void SSL_callback_handshake(const SSL *s
 
 }
 
-#if HAS_OCSP_ENABLED
+#ifdef HAVE_OPENSSL_OCSP
 
 /* Function that is used to do the OCSP verification */
 static int ssl_verify_OCSP(int ok, X509_STORE_CTX *ctx)
@@ -768,7 +763,7 @@ static int ssl_verify_OCSP(int ok, X509_
     cert = X509_STORE_CTX_get_current_cert(ctx);
     /* if we can't get the issuer, we cannot perform OCSP verification */
     if (X509_STORE_CTX_get1_issuer(&issuer, ctx, cert) == 1 ) {
-        r = SSL_ocsp_request(cert, issuer);
+        r = ssl_ocsp_request(cert, issuer);
         if (r == OCSP_STATUS_REVOKED) {
             /* we set the error if we know that it is revoked */
             X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
@@ -883,7 +878,7 @@ static char **decode_OCSP_url(ASN1_OCTET
 {
     char **response = NULL;
     unsigned char *ocsp_urls;
-    int i, len, numofresponses = 0 ;
+    int len, numofresponses = 0 ;
 
     len = ASN1_STRING_length(os);
 
@@ -914,7 +909,10 @@ static int add_ocsp_cert(OCSP_REQUEST **
     id = OCSP_cert_to_id(NULL, cert, issuer);
     if (!id || !sk_OCSP_CERTID_push(ids, id))
         return 0;
-    return OCSP_request_add0_id(*req, id);
+    if (!OCSP_request_add0_id(*req, id))
+        return 0;
+    else
+        return 1;
 }
 
 
@@ -1084,7 +1082,7 @@ err:
 #define ADDLEN 512
 static OCSP_RESPONSE *ocsp_get_resp(apr_socket_t *sock)
 {
-    int buflen = 0, totalread = 0;
+    apr_size_t buflen = 0, totalread = 0;
     apr_size_t readlen;
     char *buf, tmpbuf[ADDLEN];
     apr_status_t rv = APR_SUCCESS;
@@ -1228,10 +1226,9 @@ static int process_ocsp_response(OCSP_RE
 static int ssl_ocsp_request(X509 *cert, X509 *issuer)
 {
     char **ocsp_urls = NULL;
-    int nid, i;
+    int nid;
     X509_EXTENSION *ext;
     ASN1_OCTET_STRING *os;
-
     apr_pool_t *p;
 
     apr_pool_create(&p, NULL);



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to