trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shinr...@apache.org
Subject trafficserver git commit: TS-3382: Add support for the CRYPTO_THREADID calls to support openssl 1.1
Date Thu, 04 Jun 2015 19:39:09 GMT
Repository: trafficserver
Updated Branches:
  refs/heads/master 3e6b4b920 -> b7d839157


TS-3382: Add support for the CRYPTO_THREADID calls to support openssl 1.1


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/b7d83915
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/b7d83915
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/b7d83915

Branch: refs/heads/master
Commit: b7d839157475be3c721f26b6a11e9c5bba393e58
Parents: 3e6b4b9
Author: shinrich <shinrich@yahoo-inc.com>
Authored: Sun Apr 12 18:08:17 2015 -0500
Committer: shinrich <shinrich@yahoo-inc.com>
Committed: Thu Jun 4 14:37:34 2015 -0500

----------------------------------------------------------------------
 iocore/net/SSLInternal.cc       |  8 ++++----
 iocore/net/SSLNetVConnection.cc |  8 +++++---
 iocore/net/SSLUtils.cc          | 22 ++++++++++++++--------
 3 files changed, 23 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b7d83915/iocore/net/SSLInternal.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLInternal.cc b/iocore/net/SSLInternal.cc
index bccf2b5..ddfa36e 100644
--- a/iocore/net/SSLInternal.cc
+++ b/iocore/net/SSLInternal.cc
@@ -35,12 +35,12 @@
 #include "P_SSLNetVConnection.h"
 
 void
-SSL_set_rbio(SSLNetVConnection *sslvc, BIO *rbio)
+SSL_set_rbio(SSL *ssl, BIO *rbio)
 {
-  if (sslvc->ssl->rbio != NULL) {
-    BIO_free(sslvc->ssl->rbio);
+  if (ssl->rbio != NULL) {
+    BIO_free(ssl->rbio);
   }
-  sslvc->ssl->rbio = rbio;
+  ssl->rbio = rbio;
 }
 
 #endif

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b7d83915/iocore/net/SSLNetVConnection.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 1be57d5..4e3eb8c 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -27,9 +27,11 @@
 #include "P_SSLUtils.h"
 #include "InkAPIInternal.h" // Added to include the ssl_hook definitions
 
+#if !TS_USE_SET_RBIO
 // Defined in SSLInternal.c, should probably make a separate include
 // file for this at some point
-void SSL_set_rbio(SSLNetVConnection *sslvc, BIO *rbio);
+void SSL_set_rbio(SSL *ssl, BIO *rbio);
+#endif
 
 #define SSL_READ_ERROR_NONE 0
 #define SSL_READ_ERROR 1
@@ -368,7 +370,7 @@ SSLNetVConnection::read_raw_data()
   // Must be reset on each read
   BIO *rbio = BIO_new_mem_buf(start, this->handShakeBioStored);
   BIO_set_mem_eof_return(rbio, -1);
-  SSL_set_rbio(this, rbio);
+  SSL_set_rbio(this->ssl, rbio);
 
   return r;
 }
@@ -525,7 +527,7 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread)
         // Must be reset on each read
         BIO *rbio = BIO_new_mem_buf(start, this->handShakeBioStored);
         BIO_set_mem_eof_return(rbio, -1);
-        SSL_set_rbio(this, rbio);
+        SSL_set_rbio(this->ssl, rbio);
       }
     }
   }

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/b7d83915/iocore/net/SSLUtils.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 12fca99..be44495 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -131,10 +131,10 @@ static InkHashTable *ssl_cipher_name_table = NULL;
  * may use pthreads and openssl without confusing us here. (TS-2271).
  */
 
-static unsigned long
-SSL_pthreads_thread_id()
+static void
+SSL_pthreads_thread_id(CRYPTO_THREADID* id)
 {
-  return (unsigned long)pthread_self();
+  CRYPTO_THREADID_set_numeric(id, (unsigned long)pthread_self());
 }
 
 static void
@@ -782,7 +782,7 @@ SSLInitializeLibrary()
     }
 
     CRYPTO_set_locking_callback(SSL_locking_callback);
-    CRYPTO_set_id_callback(SSL_pthreads_thread_id);
+    CRYPTO_THREADID_set_callback(SSL_pthreads_thread_id);
   }
 
 #ifdef SSL_CTX_set_tlsext_ticket_key_cb
@@ -1066,7 +1066,7 @@ SSLDiagnostic(const SrcLoc &loc, bool debug, SSLNetVConnection *vc,
const char *
     ats_ip_ntop(vc->get_remote_addr(), ip_buf, sizeof(ip_buf));
   }
 
-  es = CRYPTO_thread_id();
+  es = (unsigned long)pthread_self();
   while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0)
{
     if (debug) {
       if (unlikely(diags->on())) {
@@ -1220,7 +1220,7 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config
&sslMu
   ats_scoped_str completeServerCertPath;
   SSL_CTX *ctx = SSLDefaultServerContext();
   EVP_MD_CTX digest;
-  STACK_OF(X509_NAME) * ca_list;
+  STACK_OF(X509_NAME) * ca_list = NULL;
   unsigned char hash_buf[EVP_MAX_MD_SIZE];
   unsigned int hash_len = 0;
   char const *setting_cert = sslMultCertSettings.cert.get();
@@ -1409,8 +1409,14 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config
&sslMu
     SSL_CTX_set_verify_depth(ctx, params->verify_depth); // might want to make configurable
at some point.
   }
 
-  ca_list = SSL_load_client_CA_file(params->serverCACertFilename);
-  SSL_CTX_set_client_CA_list(ctx, ca_list);
+  // Set the list of CA's to send to client if we ask for a client
+  // certificate
+  if (params->serverCACertFilename) {
+    ca_list = SSL_load_client_CA_file(params->serverCACertFilename);
+    if (ca_list) {
+      SSL_CTX_set_client_CA_list(ctx, ca_list);
+    }
+  }
   EVP_MD_CTX_init(&digest);
 
   if (EVP_DigestInit_ex(&digest, evp_md_func, NULL) == 0) {


Mime
View raw message