aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2016-05-05 15:47:58 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-05-14 20:00:57 +0900
commit4b9b16cc2f652e199af0e14eb5bf9b85edef6da4 (patch)
treed5c8865c27d8b59192e359399468e8fc557fe140
parentfe41d4091a9ea9c5d823cda52205e1daab316aaf (diff)
downloadruby-4b9b16cc2f652e199af0e14eb5bf9b85edef6da4.tar.gz
ext/openssl: SSL_state() is removed
SSL_state() is removed, and the replacement, SSL_get_state(), never returns SSL_ST_ACCEPT. I think it is used to distinguish if the SSL is a server or not, so replacing it with SSL_is_server(). And add some `const`s.
-rw-r--r--ext/openssl/extconf.rb1
-rw-r--r--ext/openssl/openssl_missing.h4
-rw-r--r--ext/openssl/ossl_ssl.c16
3 files changed, 14 insertions, 7 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index c0d1e841d6..c49cef4657 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -102,6 +102,7 @@ have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTH
# added in 1.0.2
have_func("CRYPTO_memcmp")
have_func("X509_REVOKED_dup")
+have_func("SSL_is_server")
have_func("SSL_CTX_set_alpn_select_cb")
OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 7081fc1fe4..e7ec792626 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -35,6 +35,10 @@ int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * vol
(d2i_of_void *)d2i_X509_REVOKED, (char *)(rev))
#endif
+#if !defined(HAVE_SSL_IS_SERVER)
+# define SSL_is_server(s) ((s)->server)
+#endif
+
/* added in 1.1.0 */
#if !defined(HAVE_X509_STORE_GET_EX_DATA)
# define X509_STORE_get_ex_data(x, idx) \
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 4377f4045f..8870251815 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -331,7 +331,11 @@ ossl_call_session_get_cb(VALUE ary)
/* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */
static SSL_SESSION *
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy)
+#else
ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy)
+#endif
{
VALUE ary, ssl_obj, ret_obj;
SSL_SESSION *sess;
@@ -640,15 +644,13 @@ ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, c
#endif
#endif /* HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB || HAVE_SSL_CTX_SET_ALPN_SELECT_CB */
-/* This function may serve as the entry point to support further
- * callbacks. */
+/* This function may serve as the entry point to support further callbacks. */
static void
ssl_info_cb(const SSL *ssl, int where, int val)
{
- int state = SSL_state(ssl);
+ int is_server = SSL_is_server((SSL *)ssl);
- if ((where & SSL_CB_HANDSHAKE_START) &&
- (state & SSL_ST_ACCEPT)) {
+ if (is_server && (where & SSL_CB_HANDSHAKE_START)) {
ssl_renegotiation_cb(ssl);
}
}
@@ -860,7 +862,7 @@ ossl_sslctx_setup(VALUE self)
}
static VALUE
-ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher)
+ossl_ssl_cipher_to_ary(const SSL_CIPHER *cipher)
{
VALUE ary;
int bits, alg_bits;
@@ -886,7 +888,7 @@ ossl_sslctx_get_ciphers(VALUE self)
{
SSL_CTX *ctx;
STACK_OF(SSL_CIPHER) *ciphers;
- SSL_CIPHER *cipher;
+ const SSL_CIPHER *cipher;
VALUE ary;
int i, num;