ASF Bugzilla – Attachment 36665 Details for
Bug 60962
httpd-2.4.25: build fails against openssl-1.1 that lacks deprecated features
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to compile with openssl 1.1.1 built with no-deprecated
no_deprecated_openssl_1_1_1.patch (text/plain), 7.18 KB, created by
Michael Schlenker
on 2019-07-17 15:48:01 UTC
(
hide
)
Description:
Patch to compile with openssl 1.1.1 built with no-deprecated
Filename:
MIME Type:
Creator:
Michael Schlenker
Created:
2019-07-17 15:48:01 UTC
Size:
7.18 KB
patch
obsolete
>Index: modules/ssl/mod_ssl.c >=================================================================== >--- modules/ssl/mod_ssl.c (Revision 1863221) >+++ modules/ssl/mod_ssl.c (Arbeitskopie) >@@ -331,7 +331,8 @@ > /* > * Try to kill the internals of the SSL library. > */ >- /* Corresponds to OBJ_create()s */ >+#if OPENSSL_API_COMPAT < 0x10100000L >+ /* Corresponds to OBJ_create()s */ > OBJ_cleanup(); > /* Corresponds to OPENSSL_load_builtin_modules() */ > CONF_modules_free(); >@@ -340,6 +341,8 @@ > #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES > ENGINE_cleanup(); > #endif >+#endif >+ > #if OPENSSL_VERSION_NUMBER >= 0x1000200fL > #ifndef OPENSSL_NO_COMP > SSL_COMP_free_compression_methods(); >@@ -355,6 +358,7 @@ > #endif > #endif > >+#if OPENSSL_API_COMPAT < 0x10100000L > /* Don't call ERR_free_strings in earlier versions, ERR_load_*_strings only > * actually loaded the error strings once per process due to static > * variable abuse in OpenSSL. */ >@@ -361,6 +365,7 @@ > #if (OPENSSL_VERSION_NUMBER >= 0x00090805f) > ERR_free_strings(); > #endif >+#endif > > /* Also don't call CRYPTO_cleanup_all_ex_data when linked statically here; > * any registered ex_data indices may have been cached in static variables >@@ -368,7 +373,9 @@ > * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which > * could result in a per-connection memory leak (!). */ > if (!modssl_running_statically) { >+#if OPENSSL_API_COMPAT < 0x10100000L > CRYPTO_cleanup_all_ex_data(); >+#endif > } > > /* >@@ -400,6 +407,8 @@ > #else > OPENSSL_malloc_init(); > #endif >+ >+#if OPENSSL_API_COMPAT < 0x10100000L > ERR_load_crypto_strings(); > SSL_load_error_strings(); > SSL_library_init(); >@@ -408,7 +417,18 @@ > #endif > OpenSSL_add_all_algorithms(); > OPENSSL_load_builtin_modules(); >+#else >+ /* use the modern init code */ >+ OPENSSL_init_crypto( >+ OPENSSL_INIT_LOAD_CRYPTO_STRINGS >+ | OPENSSL_INIT_ADD_ALL_DIGESTS >+ | OPENSSL_INIT_ADD_ALL_CIPHERS >+ | OPENSSL_INIT_ENGINE_ALL_BUILTIN, >+ NULL >+ ); >+#endif > >+ > if (OBJ_txt2nid("id-on-dnsSRV") == NID_undef) { > (void)OBJ_create("1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", > "SRVName otherName form"); >Index: modules/ssl/ssl_engine_init.c >=================================================================== >--- modules/ssl/ssl_engine_init.c (Revision 1863221) >+++ modules/ssl/ssl_engine_init.c (Arbeitskopie) >@@ -204,7 +204,11 @@ > apr_status_t rv; > apr_array_header_t *pphrases; > >+#if MODSSL_USE_OPENSSL_PRE_1_1_API > if (SSLeay() < MODSSL_LIBRARY_VERSION) { >+#else >+ if (OpenSSL_version_num() < MODSSL_LIBRARY_VERSION) { >+#endif > ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882) > "Init: this version of mod_ssl was compiled against " > "a newer library (%s, version currently loaded is %s)" >Index: modules/ssl/ssl_engine_io.c >=================================================================== >--- modules/ssl/ssl_engine_io.c (Revision 1863221) >+++ modules/ssl/ssl_engine_io.c (Arbeitskopie) >@@ -1255,9 +1255,17 @@ > if (dc->proxy->ssl_check_peer_expire != FALSE) { > if (!cert > || (X509_cmp_current_time( >+#if MODSSL_USE_OPENSSL_PRE_1_1_API > X509_get_notBefore(cert)) >= 0) >+#else >+ X509_get0_notBefore(cert)) >= 0) >+#endif > || (X509_cmp_current_time( >+#if MODSSL_USE_OPENSSL_PRE_1_1_API > X509_get_notAfter(cert)) <= 0)) { >+#else >+ X509_get0_notAfter(cert)) <= 0)) { >+#endif > proxy_ssl_check_peer_ok = FALSE; > ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02004) > "SSL Proxy: Peer certificate is expired"); >Index: modules/ssl/ssl_engine_log.c >=================================================================== >--- modules/ssl/ssl_engine_log.c (Revision 1863221) >+++ modules/ssl/ssl_engine_log.c (Arbeitskopie) >@@ -163,11 +163,17 @@ > BIO_puts(bio, "(ERROR)"); > > BIO_puts(bio, " / notbefore: "); >+#if MODSSL_USE_OPENSSL_PRE_1_1_API > ASN1_TIME_print(bio, X509_get_notBefore(cert)); > > BIO_puts(bio, " / notafter: "); > ASN1_TIME_print(bio, X509_get_notAfter(cert)); >+#else >+ ASN1_TIME_print(bio, X509_get0_notBefore(cert)); > >+ BIO_puts(bio, " / notafter: "); >+ ASN1_TIME_print(bio, X509_get0_notAfter(cert)); >+#endif > BIO_puts(bio, "]"); > > n = BIO_read(bio, buf + msglen, sizeof buf - msglen - 1); >Index: modules/ssl/ssl_engine_vars.c >=================================================================== >--- modules/ssl/ssl_engine_vars.c (Revision 1863221) >+++ modules/ssl/ssl_engine_vars.c (Arbeitskopie) >@@ -494,6 +494,7 @@ > else if (strcEQ(var, "M_SERIAL")) { > result = ssl_var_lookup_ssl_cert_serial(p, xs); > } >+#if MODSSL_USE_OPENSSL_PRE_1_1_API > else if (strcEQ(var, "V_START")) { > result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs)); > } >@@ -504,6 +505,18 @@ > result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs)); > resdup = FALSE; > } >+#else >+ else if (strcEQ(var, "V_START")) { >+ result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notBefore(xs)); >+ } >+ else if (strcEQ(var, "V_END")) { >+ result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notAfter(xs)); >+ } >+ else if (strcEQ(var, "V_REMAIN")) { >+ result = ssl_var_lookup_ssl_cert_remain(p, X509_get0_notAfter(xs)); >+ resdup = FALSE; >+ } >+#endif > else if (*var && strcEQ(var+1, "_DN")) { > if (*var == 'S') > xsname = X509_get_subject_name(xs); >Index: modules/ssl/ssl_private.h >=================================================================== >--- modules/ssl/ssl_private.h (Revision 1863221) >+++ modules/ssl/ssl_private.h (Arbeitskopie) >@@ -88,6 +88,7 @@ > #define OPENSSL_NO_SSL_INTERN > #endif > #include <openssl/ssl.h> >+#include <openssl/dh.h> > #include <openssl/err.h> > #include <openssl/x509.h> > #include <openssl/pem.h> >Index: support/ab.c >=================================================================== >--- support/ab.c (Revision 1863221) >+++ support/ab.c (Arbeitskopie) >@@ -652,11 +652,19 @@ > > BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1); > BIO_printf(bio,"Valid from: "); >+#if OPENSSL_VERSION_NUMBER < 0x10100000L > ASN1_UTCTIME_print(bio, X509_get_notBefore(cert)); >+#else >+ ASN1_UTCTIME_print(bio, X509_get0_notBefore(cert)); >+#endif > BIO_printf(bio,"\n"); > > BIO_printf(bio,"Valid to : "); >+#if OPENSSL_VERSION_NUMBER < 0x10100000L > ASN1_UTCTIME_print(bio, X509_get_notAfter(cert)); >+#else >+ ASN1_UTCTIME_print(bio, X509_get0_notAfter(cert)); >+#endif > BIO_printf(bio,"\n"); > > pk = X509_get_pubkey(cert); >@@ -2634,8 +2642,12 @@ > CRYPTO_malloc_init(); > #endif > #endif >+#if OPENSSL_VERSION_NUMBER < 0x10100000L > SSL_load_error_strings(); > SSL_library_init(); >+#else >+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); >+#endif > bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); > bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=36665">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 60962
: 36665