60 lines
1.7 KiB
Text
60 lines
1.7 KiB
Text
Retrieve session ID via accessors instead of reaching inside the struct.
|
|
Fix verify callback with opaque X509 structs.
|
|
Allow building against OpenSSL without SSLv2/v3 support.
|
|
|
|
Index: src/myssl_openssl.c
|
|
--- src/myssl_openssl.c.orig
|
|
+++ src/myssl_openssl.c
|
|
@@ -48,16 +48,18 @@ static int cmp_sockaddr(struct sockaddr_in *a, struct
|
|
|
|
static void dump_session_id(SSL_SESSION * s)
|
|
{
|
|
- int i;
|
|
+ const unsigned char *session_id;
|
|
+ unsigned int i, session_id_length;
|
|
if(!s)
|
|
{
|
|
DEBUG_SSL("No session ID to dump?\n");
|
|
return;
|
|
}
|
|
- DEBUG_SSL("ssl_session_id(%d) = [", s->session_id_length);
|
|
- for(i = 0; i < s->session_id_length; i++)
|
|
+ session_id = SSL_SESSION_get_id(s, &session_id_length);
|
|
+ DEBUG_SSL("ssl_session_id(%u) = [", session_id_length);
|
|
+ for(i = 0; i < session_id_length; i++)
|
|
{
|
|
- DEBUG_SSL(" %02x", s->session_id[i]);
|
|
+ DEBUG_SSL(" %02x", session_id[i]);
|
|
}
|
|
DEBUG_SSL("]\n");
|
|
return;
|
|
@@ -394,10 +396,10 @@ static int my_ssl_verify_callback(int ok, X509_STORE_C
|
|
else
|
|
ok = 0;
|
|
}
|
|
- switch (ctx->error)
|
|
+ switch (err)
|
|
{
|
|
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
|
|
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
|
|
+ X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
|
|
DEBUG_SSL("Issuer: %s\n", buf);
|
|
break;
|
|
case X509_V_ERR_CERT_NOT_YET_VALID:
|
|
@@ -543,12 +545,16 @@ bufio *my_ssl_do_connect(doc * docp, bufio * socket,
|
|
|
|
switch (cfg.ssl_version)
|
|
{
|
|
+#ifndef OPENSSL_NO_SSL2
|
|
case 2:
|
|
method = SSLv2_client_method();
|
|
break;
|
|
+#endif
|
|
+#ifndef OPENSSL_NO_SSL3
|
|
case 3:
|
|
method = SSLv3_client_method();
|
|
break;
|
|
+#endif
|
|
#ifdef WITH_SSL_TLS1
|
|
case 4:
|
|
method = TLSv1_client_method();
|