#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES

#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES

    ENGINE_cleanup();

    ENGINE_cleanup();

#endif

#endif

    SSL_COMP_free_compression_methods();

    SSL_COMP_free_compression_methods();

#endif

#endif

    /* Usually needed per thread, but this parent process is single-threaded */

    /* Usually needed per thread, but this parent process is single-threaded */

#if OPENSSL_VERSION_NUMBER >= 0x1000000fL

#if OPENSSL_VERSION_NUMBER >= 0x1000000fL

    ERR_remove_thread_state(NULL);

    ERR_remove_thread_state(NULL);

#else

#else

    /* Some OpenSSL internals are allocated per-thread, make sure they

    /* Some OpenSSL internals are allocated per-thread, make sure they

     * are associated to the/our same thread-id until cleaned up.

     * are associated to the/our same thread-id until cleaned up.

     */

     */

    ssl_util_thread_id_setup(pconf);

    ssl_util_thread_id_setup(pconf);

#endif

#endif

    /* We must register the library in full, to ensure our configuration

    /* We must register the library in full, to ensure our configuration

     * code can successfully test the SSL environment.

     * code can successfully test the SSL environment.

     */

     */

    CRYPTO_malloc_init();

    CRYPTO_malloc_init();

#else

#else

    OPENSSL_malloc_init();

    OPENSSL_malloc_init();

#define KEYTYPES "RSA or DSA"

#define KEYTYPES "RSA or DSA"

#endif

#endif

/* OpenSSL Pre-1.1.0 compatibility */

/* OpenSSL Pre-1.1.0 compatibility */

/* Taken from OpenSSL 1.1.0 snapshot 20160410 */

/* Taken from OpenSSL 1.1.0 snapshot 20160410 */

static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)

static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)

#endif

#endif

    }

    }

    ssl_util_thread_setup(p);

    ssl_util_thread_setup(p);

#endif

#endif

    modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */

    modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */

    init_dh_params();

    init_dh_params();

    init_bio_methods();

    init_bio_methods();

#endif

#endif

     * or configure NIST P-256 (required to enable ECDHE for earlier versions)

     * or configure NIST P-256 (required to enable ECDHE for earlier versions)

     * ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList

     * ECDH is always enabled in 1.1.0 unless excluded from SSLCipherList

     */

     */

    else {

    else {

#if defined(SSL_CTX_set_ecdh_auto)

#if defined(SSL_CTX_set_ecdh_auto)

        SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);

        SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);

    }

    }

    free_bio_methods();

    free_bio_methods();

#endif

#endif

    free_dh_params();

    free_dh_params();

{

{

    BIO_set_shutdown(bio, 1);

    BIO_set_shutdown(bio, 1);

    BIO_set_init(bio, 1);

    BIO_set_init(bio, 1);

    /* No setter method for OpenSSL 1.1.0 available,

    /* No setter method for OpenSSL 1.1.0 available,

     * but I can't find any functional use of the

     * but I can't find any functional use of the

     * "num" field there either.

     * "num" field there either.

    return -1;

    return -1;

}

}

static BIO_METHOD bio_filter_out_method = {

static BIO_METHOD bio_filter_out_method = {

    BIO_TYPE_MEM,

    BIO_TYPE_MEM,

    filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, r, c);

    filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, r, c);

    filter_ctx->pbioRead = BIO_new(&bio_filter_in_method);

    filter_ctx->pbioRead = BIO_new(&bio_filter_in_method);

#else

#else

    filter_ctx->pbioRead = BIO_new(bio_filter_in_method);

    filter_ctx->pbioRead = BIO_new(bio_filter_in_method);

    filter_ctx->pOutputFilter   = ap_add_output_filter(ssl_io_filter,

    filter_ctx->pOutputFilter   = ap_add_output_filter(ssl_io_filter,

                                                       filter_ctx, r, c);

                                                       filter_ctx, r, c);

    filter_ctx->pbioWrite       = BIO_new(&bio_filter_out_method);

    filter_ctx->pbioWrite       = BIO_new(&bio_filter_out_method);

#else

#else

    filter_ctx->pbioWrite       = BIO_new(bio_filter_out_method);

    filter_ctx->pbioWrite       = BIO_new(bio_filter_out_method);

 * so we need to increment here to prevent them from

 * so we need to increment here to prevent them from

 * being freed.

 * being freed.

 */

 */

#define modssl_set_cert_info(info, cert, pkey) \

#define modssl_set_cert_info(info, cert, pkey) \

    *cert = info->x509; \

    *cert = info->x509; \

    CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \

    CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \

        resdup = FALSE;

        resdup = FALSE;

    }

    }

    else if (strcEQ(var, "A_SIG")) {

    else if (strcEQ(var, "A_SIG")) {

        nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm));

        nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm));

#else

#else

        const ASN1_OBJECT *paobj;

        const ASN1_OBJECT *paobj;

#define MODSSL_SSL_METHOD_CONST

#define MODSSL_SSL_METHOD_CONST

#endif

#endif

#if defined(OPENSSL_FIPS)

#if defined(OPENSSL_FIPS)

#define HAVE_FIPS

#define HAVE_FIPS

#endif

#endif

#endif

#endif

/* session id constness */

/* session id constness */

#define IDCONST

#define IDCONST

#else

#else

#define IDCONST const

#define IDCONST const

#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */

#endif /* !defined(OPENSSL_NO_TLSEXT) && defined(SSL_set_tlsext_host_name) */

#define BN_get_rfc2409_prime_768   get_rfc2409_prime_768

#define BN_get_rfc2409_prime_768   get_rfc2409_prime_768

#define BN_get_rfc2409_prime_1024  get_rfc2409_prime_1024

#define BN_get_rfc2409_prime_1024  get_rfc2409_prime_1024

#define BN_get_rfc3526_prime_1536  get_rfc3526_prime_1536

#define BN_get_rfc3526_prime_1536  get_rfc3526_prime_1536

void free_bio_methods(void);

void free_bio_methods(void);

#endif

#endif

#define X509_STORE_CTX_get0_store(x) (x->ctx)

#define X509_STORE_CTX_get0_store(x) (x->ctx)

#endif

#endif

                                 const char * const *);

                                 const char * const *);

BOOL         ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);

BOOL         ssl_util_path_check(ssl_pathcheck_t, const char *, apr_pool_t *);

#if APR_HAS_THREADS

#if APR_HAS_THREADS

void         ssl_util_thread_setup(apr_pool_t *);

void         ssl_util_thread_setup(apr_pool_t *);

#endif

#endif

void         ssl_util_thread_id_setup(apr_pool_t *);

void         ssl_util_thread_id_setup(apr_pool_t *);

}

}

#if APR_HAS_THREADS

#if APR_HAS_THREADS

/*

/*

 * To ensure thread-safetyness in OpenSSL - work in progress

 * To ensure thread-safetyness in OpenSSL - work in progress

 */

 */

#define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER

#define MODSSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER

#define MODSSL_LIBRARY_NAME    "OpenSSL"

#define MODSSL_LIBRARY_NAME    "OpenSSL"

#define MODSSL_LIBRARY_TEXT    OPENSSL_VERSION_TEXT

#define MODSSL_LIBRARY_TEXT    OPENSSL_VERSION_TEXT

#define MODSSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)

#define MODSSL_LIBRARY_DYNTEXT SSLeay_version(SSLEAY_VERSION)

#else

#else

#define MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION)

#define MODSSL_LIBRARY_DYNTEXT OpenSSL_version(OPENSSL_VERSION)

        exit(1);

        exit(1);

    }

    }

    SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);

    SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);

    SSL_CTX_set_max_proto_version(ssl_ctx, max_prot);

    SSL_CTX_set_max_proto_version(ssl_ctx, max_prot);

    SSL_CTX_set_min_proto_version(ssl_ctx, min_prot);

    SSL_CTX_set_min_proto_version(ssl_ctx, min_prot);

#endif

#endif