changelog.xml

kkolinko Tue, 10 Feb 2015 06:46:00 -0800

Author: kkolinko
Date: Tue Feb 10 14:45:19 2015
New Revision: 1658728

URL: http://svn.apache.org/r1658728
Log:
Replace access to OpenSSL SSL internals
by accessor function. Internals are no longer
available for OpenSSL master.


In openssl/ssl.h the macro is defined as
#define SSL_CTX_clear_extra_chain_certs(ctx) \
    SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)

The implementation of SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS does NULL check and
does call sk_X509_pop_free(), so there no more need to do it here.
http://osxr.org/openssl/source/ssl/s3_lib.c#3637

Not compiled or tested, waiting for GUMP.

It is merge of r1658724 from tomcat/native/trunk.

Modified:
    tomcat/native/branches/1.1.x/   (props changed)
    tomcat/native/branches/1.1.x/native/include/ssl_private.h
    tomcat/native/branches/1.1.x/native/src/sslutils.c
    tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml

Propchange: tomcat/native/branches/1.1.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Feb 10 14:45:19 2015
@@ -1,3 +1,3 @@
-/tomcat/native/trunk:815411,1342003,1342008,1342013,1342020,1342024,1394258,1394342,1424947,1424971,1430753,1437081,1438342,1439337,1441884,1441886,1442579,1442581,1445972,1507113,1532577,1532590,1539594,1555184,1559180,1588195,1607262,1607267,1607278,1607291,1607477,1648821,1650119,1658557,1658641-1658642
+/tomcat/native/trunk:815411,1342003,1342008,1342013,1342020,1342024,1394258,1394342,1424947,1424971,1430753,1437081,1438342,1439337,1441884,1441886,1442579,1442581,1445972,1507113,1532577,1532590,1539594,1555184,1559180,1588195,1607262,1607267,1607278,1607291,1607477,1648821,1650119,1658557,1658641-1658642,1658724
 /tomcat/tc7.0.x/trunk:1199985,1200164,1349932,1434887,1435769
 
/tomcat/trunk:815418,832198,1001939,1033916,1043103,1044729,1078522,1145209,1145285,1149092,1241356,1241406-1241407,1242254,1292671,1299980,1300102,1434905,1437083

Modified: tomcat/native/branches/1.1.x/native/include/ssl_private.h
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/include/ssl_private.h?rev=1658728&r1=1658727&r2=1658728&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/include/ssl_private.h (original)
+++ tomcat/native/branches/1.1.x/native/include/ssl_private.h Tue Feb 10 
14:45:19 2015
@@ -295,12 +295,6 @@ typedef struct {
 } tcn_ssl_conn_t;
 
 
-#define SSL_CTX_get_extra_certs(ctx)        ((ctx)->extra_certs)
-#define SSL_CTX_set_extra_certs(ctx, value) \
-    TCN_BEGIN_MACRO                         \
-        (ctx)->extra_certs = (value);       \
-    TCN_END_MACRO
-
 /*
  *  Additional Functions
  */

Modified: tomcat/native/branches/1.1.x/native/src/sslutils.c
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslutils.c?rev=1658728&r1=1658727&r2=1658728&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslutils.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslutils.c Tue Feb 10 14:45:19 2015
@@ -420,7 +420,6 @@ int SSL_CTX_use_certificate_chain(SSL_CT
     X509 *x509;
     unsigned long err;
     int n;
-    STACK_OF(X509) *extra_certs;
 
     if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
         return -1;
@@ -436,12 +435,10 @@ int SSL_CTX_use_certificate_chain(SSL_CT
         }
         X509_free(x509);
     }
+
     /* free a perhaps already configured extra chain */
-    extra_certs = SSL_CTX_get_extra_certs(ctx);
-    if (extra_certs != NULL) {
-        sk_X509_pop_free(extra_certs, X509_free);
-        SSL_CTX_set_extra_certs(ctx,NULL);
-    }
+    SSL_CTX_clear_extra_chain_certs(ctx);
+
     /* create new extra chain by loading the certs */
     n = 0;
     while ((x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL)) != NULL) {

Modified: tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml?rev=1658728&r1=1658727&r2=1658728&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Tue Feb 10 
14:45:19 2015
@@ -40,7 +40,7 @@
   <changelog>
     <fix>
       Fix compilation failures with master branch of OpenSSL. Replace access
-      to OpenSSL session internals by accessor function. (rjung)
+      to OpenSSL internals by accessor functions. (rjung/kkolinko)
     </fix>
   </changelog>
 </section>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1658728 - in /tomcat/native/branches/1.1.x: ./ native/include/ssl_private.h native/src/sslutils.c xdocs/miscellaneous/changelog.xml

Reply via email to