ref: 13a6a454c3c017d06ba185a9a2b7b3433310f8ca
parent: d21816d61f9fced70b6cdeee0c4325b621f03c37
author: Timothy B. Terriberry <tterribe@xiph.org>
date: Wed Jul 6 05:36:16 EDT 2016
Add support for OpenSSL 1.1.x. The API and ABI is not backwards-compatible. This is based on the prerelease version 1.1.0-pre5. It should continue to work with older versions of OpenSSL. Thanks to Ron Lee and the Debian project for reporting the build errors and testing the patch.
--- a/src/http.c
+++ b/src/http.c
@@ -1517,10 +1517,17 @@
return ret;
}
+# if OPENSSL_VERSION_NUMBER<0x10100000L
+# define BIO_set_data(_b,_ptr) ((_b)->ptr=(_ptr))
+# define BIO_set_init(_b,_init) ((_b)->init=(_init))
+# endif
+
static int op_bio_retry_new(BIO *_b){- _b->init=1;
+ BIO_set_init(_b,1);
+# if OPENSSL_VERSION_NUMBER<0x10100000L
_b->num=0;
- _b->ptr=NULL;
+# endif
+ BIO_set_data(_b,NULL);
return 1;
}
@@ -1528,6 +1535,7 @@
return _b!=NULL;
}
+# if OPENSSL_VERSION_NUMBER<0x10100000L
/*This is not const because OpenSSL doesn't allow it, even though it won't
write to it.*/
static BIO_METHOD op_bio_retry_method={@@ -1542,11 +1550,15 @@
op_bio_retry_free,
NULL
};
+# endif
/*Establish a CONNECT tunnel and pipeline the start of the TLS handshake for
proxying https URL requests.*/
static int op_http_conn_establish_tunnel(OpusHTTPStream *_stream,
OpusHTTPConn *_conn,op_sock _fd,SSL *_ssl_conn,BIO *_ssl_bio){+# if OPENSSL_VERSION_NUMBER>=0x10100000L
+ BIO_METHOD *bio_retry_method;
+# endif
BIO *retry_bio;
char *status_code;
char *next;
@@ -1557,13 +1569,32 @@
ret=op_http_conn_write_fully(_conn,
_stream->proxy_connect.buf,_stream->proxy_connect.nbuf);
if(OP_UNLIKELY(ret<0))return ret;
+# if OPENSSL_VERSION_NUMBER>=0x10100000L
+ bio_retry_method=BIO_meth_new(BIO_TYPE_NULL,"retry");
+ if(bio_retry_method==NULL)return OP_EFAULT;
+ BIO_meth_set_write(bio_retry_method,op_bio_retry_write);
+ BIO_meth_set_read(bio_retry_method,op_bio_retry_read);
+ BIO_meth_set_puts(bio_retry_method,op_bio_retry_puts);
+ BIO_meth_set_ctrl(bio_retry_method,op_bio_retry_ctrl);
+ BIO_meth_set_create(bio_retry_method,op_bio_retry_new);
+ BIO_meth_set_destroy(bio_retry_method,op_bio_retry_free);
+ retry_bio=BIO_new(bio_retry_method);
+ if(OP_UNLIKELY(retry_bio==NULL)){+ BIO_meth_free(bio_retry_method);
+ return OP_EFAULT;
+ }
+# else
retry_bio=BIO_new(&op_bio_retry_method);
if(OP_UNLIKELY(retry_bio==NULL))return OP_EFAULT;
+# endif
SSL_set_bio(_ssl_conn,retry_bio,_ssl_bio);
SSL_set_connect_state(_ssl_conn);
/*This shouldn't succeed, since we can't read yet.*/
OP_ALWAYS_TRUE(SSL_connect(_ssl_conn)<0);
SSL_set_bio(_ssl_conn,_ssl_bio,_ssl_bio);
+# if OPENSSL_VERSION_NUMBER>=0x10100000L
+ BIO_meth_free(bio_retry_method);
+# endif
/*Only now do we disable write coalescing, to allow the CONNECT
request and the start of the TLS handshake to be combined.*/
op_sock_set_tcp_nodelay(_fd,1);
@@ -2200,7 +2231,8 @@
/*Initialize the SSL library if necessary.*/
if(OP_URL_IS_SSL(&_stream->url)&&_stream->ssl_ctx==NULL){SSL_CTX *ssl_ctx;
-# if !defined(OPENSSL_NO_LOCKING)
+# if OPENSSL_VERSION_NUMBER<0x10100000L
+# if !defined(OPENSSL_NO_LOCKING)
/*The documentation says SSL_library_init() is not reentrant.
We don't want to add our own depenencies on a threading library, and it
appears that it's safe to call OpenSSL's locking functions before the
@@ -2210,12 +2242,16 @@
calling SSL_library_init() at the same time, but there's not much we
can do about that.*/
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-# endif
+# endif
SSL_library_init();
/*Needed to get SHA2 algorithms with old OpenSSL versions.*/
OpenSSL_add_ssl_algorithms();
-# if !defined(OPENSSL_NO_LOCKING)
+# if !defined(OPENSSL_NO_LOCKING)
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+# endif
+# else
+ /*Finally, OpenSSL does this for us, but as penance, it can now fail.*/
+ if(!OPENSSL_init_ssl(0,NULL))return OP_EFAULT;
# endif
ssl_ctx=SSL_CTX_new(SSLv23_client_method());
if(ssl_ctx==NULL)return OP_EFAULT;