/[Apache-SVN]
ViewVC logotype

Revision 1908537

Jump to revision: Previous Next
Author: ylavic
Date: Sun Mar 19 21:30:47 2023 UTC (15 months, 2 weeks ago)
Changed paths: 13
Log Message: 
mod_ssl: Fix deprecation warnings with openssl-3.

* mod_ssl_openssl.h:
  Make it the first openssl to be included openssl header, selecting the
  OpenSSL api based on OPENSSL_API_COMPAT eventually.

* ssl_private.h;
  Define OPENSSL_API_COMPAT to version 1.1.1 (last one supporting EGINE_ API)
  before including mod_ssl_openssl.h to enable the ENGINE_ api (TODO: switch to
  new "providers" api before the ENGINE_ api is abandonned..).
  mod_ssl.h is now implicitely included from there.
  Fix preprocessor "#define FOO (COND)" to "#if COND #define FOO 1 #else #define FOO 0".
  Define MODSSL_HAVE_ENGINE_API iff OPENSSL_API_COMPAT < 3.0 (otherwise all the
  engine features are disabled, only "builtin" is accepted).
  Define HAVE_SRP iff OPENSSL_API_COMPAT < 3.0 (no replacement for this api
  above, so it might not be implemenentedain httpd anymore at some point..).
  Define X509_get_not{Before,After} if missing to the non deprecated version.
  New modssl_set_io_callbacks() to factorize compat code for io callbacks.
  ssl_dh_GetParamFromFile() becomes modssl_dh_from_file() for openssl < 3.0 and
  modssl_dh_pkey_from_file() for openssl >= 3.0.

* mod_ssl.c, mod_ssl_ct.c, ssl_util_stapling:
  Including "ssl_private.h" only is suited/enough now.
  
* mod_ssl_ct.c, ssl_ct_log_config:
  Use EVP api with openssl >= 3 instead of the deprecated SHA256 one.

* ssl_engine_config.c(ssl_cmd_SSLCryptoDevice):
  Disabled engines (besides NULL/"builtin"/NULL) unless MODSSL_HAVE_ENGINE_API.

* ssl_engine_init:
  New compat modssl_runtime_lib_version() to address deprecated SSLeay().
  ssl_init_Engine() does nothing unless MODSSL_HAVE_ENGINE_API.
  Simplify ssl_init_server_certs() (less #ifdef-ery) with scoped local vars.
  Compat loading DH parameters and EC curve from cert.

* ssl_engine_io.c, ssl_engine_kernel.c:
  Implement common modssl_set_io_callbacks() and use it.

* ssl_engine_pphrase(modssl_load_engine_keypair):
  Depend on MODSSL_HAVE_ENGINE_API, or return ENOTIMPL.

* ssl_util.c(modssl_is_engine_id):
  No engine supported unless MODSSL_HAVE_ENGINE_API.

* ssl_util_ssl.c(modssl_dh_pkey_from_file, modssl_ec_group_from_file):
  Compat with openssl >= 3.0.

Changed paths

Path Details
Directoryhttpd/httpd/trunk/modules/ssl/mod_ssl.c modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/mod_ssl_ct.c modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/mod_ssl_openssl.h modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/ssl_ct_log_config.c modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/ssl_engine_config.c modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/ssl_engine_init.c modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/ssl_engine_io.c modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/ssl_engine_pphrase.c modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/ssl_private.h modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/ssl_util.c modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/ssl_util_ssl.c modified , text changed
Directoryhttpd/httpd/trunk/modules/ssl/ssl_util_stapling.c modified , text changed
infrastructure at apache.org
 ViewVC Help
Powered by ViewVC 1.1.26