Latest revision to support multiple SSL versions
diff --git a/evhtp.c b/evhtp.c
index 843050d..fbce474 100644
--- a/evhtp.c
+++ b/evhtp.c
@@ -2754,10 +2754,6 @@
htparser_init(connection->parser, ptype);
htparser_set_userdata(connection->parser, connection);
-#ifdef EVHTP_FUTURE_USE
- TAILQ_INIT(&connection->pending);
-#endif
-
return connection;
} /* htp__connection_new_ */
@@ -2904,16 +2900,14 @@
static void
htp__ssl_delete_scache_ent_(evhtp_ssl_ctx_t * ctx, evhtp_ssl_sess_t * sess)
{
- evhtp_t * htp;
- evhtp_ssl_cfg_t * cfg;
- unsigned char * sid;
- unsigned int slen;
+ evhtp_t * htp;
+ evhtp_ssl_cfg_t * cfg;
+ evhtp_ssl_data_t * sid;
+ unsigned int slen;
- htp = (evhtp_t *)SSL_CTX_get_app_data(ctx);
- cfg = htp->ssl_cfg;
-
- sid = sess->session_id;
- slen = sess->session_id_length;
+ htp = (evhtp_t *)SSL_CTX_get_app_data(ctx);
+ cfg = htp->ssl_cfg;
+ sid = (evhtp_ssl_data_t *)SSL_SESSION_get_id(sess, &slen);
if (cfg->scache_del)
{
@@ -2926,7 +2920,7 @@
{
evhtp_connection_t * connection;
evhtp_ssl_cfg_t * cfg;
- unsigned char * sid;
+ evhtp_ssl_data_t * sid;
int slen;
connection = (evhtp_connection_t *)SSL_get_app_data(ssl);
@@ -2934,10 +2928,9 @@
{
return 0; /* We cannot get the ssl_cfg */
}
- cfg = connection->htp->ssl_cfg;
- sid = sess->session_id;
- slen = sess->session_id_length;
+ cfg = connection->htp->ssl_cfg;
+ sid = (evhtp_ssl_data_t *)SSL_SESSION_get_id(sess, &slen);
SSL_set_timeout(sess, cfg->scache_timeout);
@@ -2950,7 +2943,7 @@
}
static evhtp_ssl_sess_t *
-htp__ssl_get_scache_ent_(evhtp_ssl_t * ssl, unsigned char * sid, int sid_len, int * copy)
+htp__ssl_get_scache_ent_(evhtp_ssl_t * ssl, evhtp_ssl_data_t * sid, int sid_len, int * copy)
{
evhtp_connection_t * connection;
evhtp_ssl_cfg_t * cfg;
@@ -3004,18 +2997,20 @@
if ((evhtp_vhost = htp__request_find_vhost_(evhtp, sname)))
{
+ SSL_CTX * ctx = SSL_get_SSL_CTX(ssl);
+
connection->htp = evhtp_vhost;
HTP_FLAG_ON(connection, EVHTP_CONN_FLAG_VHOST_VIA_SNI);
SSL_set_SSL_CTX(ssl, evhtp_vhost->ssl_ctx);
- SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx));
+ SSL_set_options(ssl, SSL_CTX_get_options(ctx));
if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
(SSL_num_renegotiations(ssl) == 0))
{
- SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),
- SSL_CTX_get_verify_callback(ssl->ctx));
+ SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx),
+ SSL_CTX_get_verify_callback(ctx));
}
return SSL_TLSEXT_ERR_OK;
@@ -4763,13 +4758,8 @@
int
evhtp_ssl_init(evhtp_t * htp, evhtp_ssl_cfg_t * cfg)
{
-#ifdef EVHTP_ENABLE_FUTURE_STUFF
- evhtp_ssl_scache_init init_cb = NULL;
- evhtp_ssl_scache_add add_cb = NULL;
- evhtp_ssl_scache_get get_cb = NULL;
- evhtp_ssl_scache_del del_cb = NULL;
-#endif
- long cache_mode;
+ long cache_mode;
+ unsigned char c;
if (cfg == NULL || htp == NULL || cfg->pemfile == NULL)
{
@@ -4853,7 +4843,12 @@
if (cfg->x509_chk_issued_cb != NULL)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
htp->ssl_ctx->cert_store->check_issued = cfg->x509_chk_issued_cb;
+#else
+ X509_STORE_set_check_issued(SSL_CTX_get_cert_store(htp->ssl_ctx), cfg->x509_chk_issued_cb);
+#endif
+ /*SSL_CTX_set_cert_store(htp->ssl_ctx, cfg->x509_chk_issued_cb); */
}
if (cfg->verify_depth)
@@ -4865,29 +4860,6 @@
case evhtp_ssl_scache_type_disabled:
cache_mode = SSL_SESS_CACHE_OFF;
break;
-#ifdef EVHTP_ENABLE_FUTURE_STUFF
- case evhtp_ssl_scache_type_user:
- cache_mode = SSL_SESS_CACHE_SERVER |
- SSL_SESS_CACHE_NO_INTERNAL |
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
-
- init_cb = cfg->scache_init;
- add_cb = cfg->scache_add;
- get_cb = cfg->scache_get;
- del_cb = cfg->scache_del;
- break;
- case evhtp_ssl_scache_type_builtin:
- cache_mode = SSL_SESS_CACHE_SERVER |
- SSL_SESS_CACHE_NO_INTERNAL |
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
-
- init_cb = htp__ssl_builtin_init_;
- add_cb = htp__ssl_builtin_add_;
- get_cb = htp__ssl_builtin_get_;
- del_cb = htp__ssl_builtin_del_;
- break;
-#endif
- case evhtp_ssl_scache_type_internal:
default:
cache_mode = SSL_SESS_CACHE_SERVER;
break;
diff --git a/include/evhtp/evhtp.h b/include/evhtp/evhtp.h
index ae89238..e9ebde1 100644
--- a/include/evhtp/evhtp.h
+++ b/include/evhtp/evhtp.h
@@ -44,6 +44,11 @@
typedef SSL_CTX evhtp_ssl_ctx_t;
typedef X509 evhtp_x509_t;
typedef X509_STORE_CTX evhtp_x509_store_ctx_t;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+typedef unsigned char evhtp_ssl_data_t;
+#else
+typedef const unsigned char evhtp_ssl_data_t;
+#endif
#else
typedef void evhtp_ssl_sess_t;
typedef void evhtp_ssl_t;
@@ -180,9 +185,10 @@
typedef int (* evhtp_ssl_chk_issued_cb)(evhtp_x509_store_ctx_t * ctx, evhtp_x509_t * x, evhtp_x509_t * issuer);
typedef EVP_PKEY * (* evhtp_ssl_decrypt_cb)(char * privfile);
-typedef int (* evhtp_ssl_scache_add)(evhtp_connection_t * connection, unsigned char * sid, int sid_len, evhtp_ssl_sess_t * sess);
-typedef void (* evhtp_ssl_scache_del)(evhtp_t * htp, unsigned char * sid, int sid_len);
-typedef evhtp_ssl_sess_t * (* evhtp_ssl_scache_get)(evhtp_connection_t * connection, unsigned char * sid, int sid_len);
+typedef int (* evhtp_ssl_scache_add)(evhtp_connection_t * connection, evhtp_ssl_data_t * sid, int sid_len, evhtp_ssl_sess_t * sess);
+typedef void (* evhtp_ssl_scache_del)(evhtp_t * htp, evhtp_ssl_data_t * sid, int sid_len);
+typedef evhtp_ssl_sess_t * (* evhtp_ssl_scache_get)(evhtp_connection_t * connection, evhtp_ssl_data_t * sid, int sid_len);
+
typedef void * (* evhtp_ssl_scache_init)(evhtp_t *);
#endif
