Author: kkolinko
Date: Tue Feb 10 14:40:37 2015
New Revision: 1658724
URL: http://svn.apache.org/r1658724
Log:
Replace access to OpenSSL SSL internals
by accessor function. Internals are no longer
available for OpenSSL master.
In openssl/ssl.h the macro is defined as
#define SSL_CTX_clear_extra_chain_certs(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
The implementation of SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS does NULL check and
does call sk_X509_pop_free(), so there no more need to do it here.
http://osxr.org/openssl/source/ssl/s3_lib.c#3637
Not compiled or tested, waiting for GUMP.
Modified:
tomcat/native/trunk/native/include/ssl_private.h
tomcat/native/trunk/native/src/sslutils.c
Modified: tomcat/native/trunk/native/include/ssl_private.h
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/include/ssl_private.h?rev=1658724&r1=1658723&r2=1658724&view=diff
==============================================================================
--- tomcat/native/trunk/native/include/ssl_private.h (original)
+++ tomcat/native/trunk/native/include/ssl_private.h Tue Feb 10 14:40:37 2015
@@ -298,12 +298,6 @@ typedef struct {
} tcn_ssl_conn_t;
-#define SSL_CTX_get_extra_certs(ctx) ((ctx)->extra_certs)
-#define SSL_CTX_set_extra_certs(ctx, value) \
- TCN_BEGIN_MACRO \
- (ctx)->extra_certs = (value); \
- TCN_END_MACRO
-
/*
* Additional Functions
*/
Modified: tomcat/native/trunk/native/src/sslutils.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslutils.c?rev=1658724&r1=1658723&r2=1658724&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslutils.c (original)
+++ tomcat/native/trunk/native/src/sslutils.c Tue Feb 10 14:40:37 2015
@@ -405,7 +405,6 @@ int SSL_CTX_use_certificate_chain(SSL_CT
X509 *x509;
unsigned long err;
int n;
- STACK_OF(X509) *extra_certs;
if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
return -1;
@@ -421,12 +420,10 @@ int SSL_CTX_use_certificate_chain(SSL_CT
}
X509_free(x509);
}
+
/* free a perhaps already configured extra chain */
- extra_certs = SSL_CTX_get_extra_certs(ctx);
- if (extra_certs != NULL) {
- sk_X509_pop_free(extra_certs, X509_free);
- SSL_CTX_set_extra_certs(ctx,NULL);
- }
+ SSL_CTX_clear_extra_chain_certs(ctx);
+
/* create new extra chain by loading the certs */
n = 0;
while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
