From 4b9b16cc2f652e199af0e14eb5bf9b85edef6da4 Mon Sep 17 00:00:00 2001 From: Kazuki Yamaguchi Date: Thu, 5 May 2016 15:47:58 +0900 Subject: ext/openssl: SSL_state() is removed SSL_state() is removed, and the replacement, SSL_get_state(), never returns SSL_ST_ACCEPT. I think it is used to distinguish if the SSL is a server or not, so replacing it with SSL_is_server(). And add some `const`s. --- ext/openssl/extconf.rb | 1 + ext/openssl/openssl_missing.h | 4 ++++ ext/openssl/ossl_ssl.c | 16 +++++++++------- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index c0d1e841d6..c49cef4657 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -102,6 +102,7 @@ have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTH # added in 1.0.2 have_func("CRYPTO_memcmp") have_func("X509_REVOKED_dup") +have_func("SSL_is_server") have_func("SSL_CTX_set_alpn_select_cb") OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h") diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h index 7081fc1fe4..e7ec792626 100644 --- a/ext/openssl/openssl_missing.h +++ b/ext/openssl/openssl_missing.h @@ -35,6 +35,10 @@ int CRYPTO_memcmp(const volatile void * volatile in_a, const volatile void * vol (d2i_of_void *)d2i_X509_REVOKED, (char *)(rev)) #endif +#if !defined(HAVE_SSL_IS_SERVER) +# define SSL_is_server(s) ((s)->server) +#endif + /* added in 1.1.0 */ #if !defined(HAVE_X509_STORE_GET_EX_DATA) # define X509_STORE_get_ex_data(x, idx) \ diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 4377f4045f..8870251815 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -331,7 +331,11 @@ ossl_call_session_get_cb(VALUE ary) /* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */ static SSL_SESSION * +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy) +#else ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy) +#endif { VALUE ary, ssl_obj, ret_obj; SSL_SESSION *sess; @@ -640,15 +644,13 @@ ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, c #endif #endif /* HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB || HAVE_SSL_CTX_SET_ALPN_SELECT_CB */ -/* This function may serve as the entry point to support further - * callbacks. */ +/* This function may serve as the entry point to support further callbacks. */ static void ssl_info_cb(const SSL *ssl, int where, int val) { - int state = SSL_state(ssl); + int is_server = SSL_is_server((SSL *)ssl); - if ((where & SSL_CB_HANDSHAKE_START) && - (state & SSL_ST_ACCEPT)) { + if (is_server && (where & SSL_CB_HANDSHAKE_START)) { ssl_renegotiation_cb(ssl); } } @@ -860,7 +862,7 @@ ossl_sslctx_setup(VALUE self) } static VALUE -ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher) +ossl_ssl_cipher_to_ary(const SSL_CIPHER *cipher) { VALUE ary; int bits, alg_bits; @@ -886,7 +888,7 @@ ossl_sslctx_get_ciphers(VALUE self) { SSL_CTX *ctx; STACK_OF(SSL_CIPHER) *ciphers; - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; VALUE ary; int i, num; -- cgit v1.2.3