aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-04-24 02:10:42 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-04-27 23:07:42 +0900
commitaee4e753b50fda71c5ea5672ac845060f5e6aa09 (patch)
tree835c17d61d647bbbbef51e04277eaa424fa34d6e
parent7e17fed37fb0da9e610156efe2b51ea182a21aa5 (diff)
downloadruby-aee4e753b50fda71c5ea5672ac845060f5e6aa09.tar.gz
ext/openssl: use SSL_is_server() to check if the SSL is server or not
The state returned by SSL_get_state() doesn't become SSL_ST_ACCEPT anymore in OpenSSL 1.1.0.
-rw-r--r--ext/openssl/extconf.rb1
-rw-r--r--ext/openssl/openssl_missing.h4
-rw-r--r--ext/openssl/ossl_ssl.c5
3 files changed, 7 insertions, 3 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 7758694..9dbb4d4 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -104,6 +104,7 @@ have_func("CRYPTO_memcmp")
have_func("EC_curve_nist2nid")
have_func("X509_REVOKED_dup")
have_func("X509_STORE_CTX_get0_store")
+have_func("SSL_is_server");
have_func("SSL_CTX_set_alpn_select_cb")
have_func_like("SSL_CTX_set1_curves_list", "openssl/ssl.h")
have_func_like("SSL_CTX_set_ecdh_auto", "openssl/ssl.h")
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 55f3ada..a23f7d8 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -70,6 +70,10 @@ int EC_curve_nist2nid(const char *str);
# define X509_STORE_CTX_get0_store(x) ((x)->ctx)
#endif
+#if !defined(HAVE_SSL_IS_SERVER)
+# define SSL_is_server(s) ((s)->server)
+#endif
+
/*** added in 1.1.0 ***/
#if !defined(HAVE_BN_GENCB_NEW)
# define BN_GENCB_new() ((BN_GENCB *)OPENSSL_malloc(sizeof(BN_GENCB)))
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 4f21537..cfde8d7 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -654,10 +654,9 @@ ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, c
static void
ssl_info_cb(const SSL *ssl, int where, int val)
{
- int state = SSL_get_state(ssl);
+ int is_server = SSL_is_server((SSL *)ssl);
- if ((where & SSL_CB_HANDSHAKE_START) &&
- (state & SSL_ST_ACCEPT)) {
+ if (is_server && (where & SSL_CB_HANDSHAKE_START)) {
ssl_renegotiation_cb(ssl);
}
}