[tomcat-native] branch master updated: Use new OpenSSL v1.1+ initialization API

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[tomcat-native] branch master updated: Use new OpenSSL v1.1+ initialization API

mturk
This is an automated email from the ASF dual-hosted git repository.

mturk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/master by this push:
     new b8649e8  Use new OpenSSL v1.1+ initialization API
b8649e8 is described below

commit b8649e81458194d70667952d9e26df82a79c773f
Author: Mladen Turk <[hidden email]>
AuthorDate: Wed Aug 28 18:38:58 2019 +0200

    Use new OpenSSL v1.1+ initialization API
---
 native/src/ssl.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/native/src/ssl.c b/native/src/ssl.c
index 9dbdcd4..473ca49 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -371,6 +371,11 @@ static apr_status_t ssl_init_cleanup(void *data)
 #endif
     free_dh_params();
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+    /* Openssl v1.1+ handles all termination automatically. Do
+     * nothing in this case.
+     */
+#else
     /*
      * Try to kill the internals of the SSL library.
      */
@@ -393,6 +398,7 @@ static apr_status_t ssl_init_cleanup(void *data)
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     ERR_remove_thread_state(NULL);
 #endif
+#endif
 
 #ifdef HAVE_KEYLOG_CALLBACK
     if (key_log_file) {
@@ -783,7 +789,14 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine)
         TCN_FREE_CSTRING(engine);
         return (jint)APR_SUCCESS;
     }
-
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+    /* Openssl v1.1+ handles all initialisation automatically, apart
+     * from hints as to how we want to use the library.
+     *
+     * We tell openssl we want to include engine support.
+     */
+    OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+#else
     /* We must register the library in full, to ensure our configuration
      * code can successfully test the SSL environment.
      */
@@ -797,7 +810,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine)
 #endif
     OPENSSL_load_builtin_modules();
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #if ! (defined(WIN32) || defined(WIN64))
     err = apr_threadkey_private_create(&thread_exit_key, _ssl_thread_exit,
                                        tcn_global_pool);


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]