Bug 60061

Summary: OpenSSL 1.1.0 support
Product: Apache httpd-2 Reporter: Kurt Roeckx <kurt>
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal CC: b.hamichi, sf
Priority: P2    
Version: 2.4.23   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: openssl 1.1 support
Support for OpenSSL 1.1.0

Description Kurt Roeckx 2016-08-28 21:33:37 UTC
Created attachment 34180 [details]
openssl 1.1 support

Hi,

This is an initial patch to support OpenSSL 1.1.0.

This is not a complete patch yet, but I'm filing it so that others won't be doing the same.

It compiles against the 1.1.0 version.  It doesn't build with the 1.0.2 version yet.  It's also untested.
Comment 1 Kurt Roeckx 2016-08-29 20:20:36 UTC
Created attachment 34182 [details]
Support for OpenSSL 1.1.0

Here is an updated patch that is tested to build with both 1.1.0 and 1.0.2
Comment 2 Stefan Fritsch 2016-08-29 21:21:45 UTC
There is support for openssl 1.1 in trunk in the apache httpd svn repo and there is some work in progress for backporting it to 2.4 in a separate branch 

http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-openssl-1.1.0-compat/

It may make sense to compare that with your work, though.
Comment 3 Eric Covener 2016-09-10 13:20:47 UTC
*** Bug 60111 has been marked as a duplicate of this bug. ***
Comment 4 bhamichi 2016-09-10 21:21:17 UTC
Hi All,

Thanks a lot for your help, it's magic! working with these patches.

Just to note that I get some warnings, could you confirm please the following are normal and without impact (sorry, I'm new in linux):


WARNING WHEN PATCHs APPLIED ==========================

ssl_util_stapling.c: In function 'ssl_stapling_init_cert':
ssl_util_stapling.c:183:8: warning: passing argument 1 of 'OPENSSL_sk_value' from incompatible pointer type [enabled by default]
        cinf->uri = apr_pstrdup(p, sk_OPENSSL_STRING_value(aia, 0));
        ^
In file included from /usr/local/openssl/openssl-1.1.0/include/openssl/crypto.h:28:0,
                 from /usr/local/openssl/openssl-1.1.0/include/openssl/comp.h:16,
                 from /usr/local/openssl/openssl-1.1.0/include/openssl/ssl.h:47,
                 from ssl_private.h:90,
                 from ssl_util_stapling.c:31:
/usr/local/openssl/openssl-1.1.0/include/openssl/stack.h:24:7: note: expected 'const struct OPENSSL_STACK *' but argument is of type 'struct stack_st_OPENSSL_STRING *'


WARNING AFTER MAKE ==========================

v/main -I/usr/local/src/httpd-2.4.23/modules/generators -I/usr/local/src/httpd-2.4.23/modules/mappers -prefer-pic -c ssl_engine_kernel.c && touch ssl_engine_kernel.slo
ssl_engine_kernel.c: In function 'ssl_hook_Access':
ssl_engine_kernel.c:629:41: warning: initialization discards 'const' qualifier from pointer target type [enabled by default]
                     SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list, n);

ssl_util_stapling.c: In function 'ssl_stapling_init_cert':
ssl_util_stapling.c:183:8: warning: passing argument 1 of 'OPENSSL_sk_value' from incompatible pointer type [enabled by default]
        cinf->uri = apr_pstrdup(p, sk_OPENSSL_STRING_value(aia, 0));


...
...
...

        ^
In file included from /usr/local/openssl/openssl-1.1.0/include/openssl/crypto.h:28:0,
                 from /usr/local/openssl/openssl-1.1.0/include/openssl/comp.h:16,
                 from /usr/local/openssl/openssl-1.1.0/include/openssl/ssl.h:47,
                 from ssl_private.h:90,
                 from ssl_util_stapling.c:31:
/usr/local/openssl/openssl-1.1.0/include/openssl/stack.h:24:7: note: expected 'const struct OPENSSL_STACK *' but argument is of type 'struct stack_st_OPENSSL_STRING *'
 void *OPENSSL_sk_value(const OPENSSL_STACK *, int);