| ssl_buckets.c (253895) | ssl_buckets.c (262324) |
|---|---|
| 1/* Copyright 2002-2004 Justin Erenkrantz and Greg Stein 2 * 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * --- 449 unchanged lines hidden (view full) --- 458 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 459 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 460 failures |= SERF_SSL_CERT_SELF_SIGNED; 461 break; 462 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 463 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 464 case X509_V_ERR_CERT_UNTRUSTED: 465 case X509_V_ERR_INVALID_CA: | 1/* Copyright 2002-2004 Justin Erenkrantz and Greg Stein 2 * 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * --- 449 unchanged lines hidden (view full) --- 458 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 459 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 460 failures |= SERF_SSL_CERT_SELF_SIGNED; 461 break; 462 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: 463 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 464 case X509_V_ERR_CERT_UNTRUSTED: 465 case X509_V_ERR_INVALID_CA: |
| 466 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: |
|
| 466 failures |= SERF_SSL_CERT_UNKNOWNCA; 467 break; 468 case X509_V_ERR_CERT_REVOKED: 469 failures |= SERF_SSL_CERT_REVOKED; 470 break; 471 default: 472 failures |= SERF_SSL_CERT_UNKNOWN_FAILURE; 473 break; --- 479 unchanged lines hidden (view full) --- 953 CRYPTO_set_dynlock_lock_callback(NULL); 954 CRYPTO_set_dynlock_destroy_callback(NULL); 955 956 return APR_SUCCESS; 957} 958 959#endif 960 | 467 failures |= SERF_SSL_CERT_UNKNOWNCA; 468 break; 469 case X509_V_ERR_CERT_REVOKED: 470 failures |= SERF_SSL_CERT_REVOKED; 471 break; 472 default: 473 failures |= SERF_SSL_CERT_UNKNOWN_FAILURE; 474 break; --- 479 unchanged lines hidden (view full) --- 954 CRYPTO_set_dynlock_lock_callback(NULL); 955 CRYPTO_set_dynlock_destroy_callback(NULL); 956 957 return APR_SUCCESS; 958} 959 960#endif 961 |
| 961static apr_uint32_t have_init_ssl = 0; | 962#if !APR_VERSION_AT_LEAST(1,0,0) 963#define apr_atomic_cas32(mem, with, cmp) apr_atomic_cas(mem, with, cmp) 964#endif |
| 962 | 965 |
| 966enum ssl_init_e 967{ 968 INIT_UNINITIALIZED = 0, 969 INIT_BUSY = 1, 970 INIT_DONE = 2 971}; 972 973static volatile apr_uint32_t have_init_ssl = INIT_UNINITIALIZED; 974 |
|
| 963static void init_ssl_libraries(void) 964{ 965 apr_uint32_t val; | 975static void init_ssl_libraries(void) 976{ 977 apr_uint32_t val; |
| 966#if APR_VERSION_AT_LEAST(1,0,0) 967 val = apr_atomic_xchg32(&have_init_ssl, 1); 968#else 969 val = apr_atomic_cas(&have_init_ssl, 1, 0); 970#endif | |
| 971 | 978 |
| 979 val = apr_atomic_cas32(&have_init_ssl, INIT_BUSY, INIT_UNINITIALIZED); 980 |
|
| 972 if (!val) { 973#if APR_HAS_THREADS 974 int i, numlocks; 975#endif 976 977#ifdef SSL_VERBOSE 978 /* Warn when compile-time and run-time version of OpenSSL differ in 979 major/minor version number. */ --- 30 unchanged lines hidden (view full) --- 1010 CRYPTO_set_locking_callback(ssl_lock); 1011 CRYPTO_set_id_callback(ssl_id); 1012 CRYPTO_set_dynlock_create_callback(ssl_dyn_create); 1013 CRYPTO_set_dynlock_lock_callback(ssl_dyn_lock); 1014 CRYPTO_set_dynlock_destroy_callback(ssl_dyn_destroy); 1015 1016 apr_pool_cleanup_register(ssl_pool, NULL, cleanup_ssl, cleanup_ssl); 1017#endif | 981 if (!val) { 982#if APR_HAS_THREADS 983 int i, numlocks; 984#endif 985 986#ifdef SSL_VERBOSE 987 /* Warn when compile-time and run-time version of OpenSSL differ in 988 major/minor version number. */ --- 30 unchanged lines hidden (view full) --- 1019 CRYPTO_set_locking_callback(ssl_lock); 1020 CRYPTO_set_id_callback(ssl_id); 1021 CRYPTO_set_dynlock_create_callback(ssl_dyn_create); 1022 CRYPTO_set_dynlock_lock_callback(ssl_dyn_lock); 1023 CRYPTO_set_dynlock_destroy_callback(ssl_dyn_destroy); 1024 1025 apr_pool_cleanup_register(ssl_pool, NULL, cleanup_ssl, cleanup_ssl); 1026#endif |
| 1027 apr_atomic_cas32(&have_init_ssl, INIT_DONE, INIT_BUSY); |
|
| 1018 } | 1028 } |
| 1029 else 1030 { 1031 /* Make sure we don't continue before the initialization in another 1032 thread has completed */ 1033 while (val != INIT_DONE) { 1034 apr_sleep(APR_USEC_PER_SEC / 1000); 1035 1036 val = apr_atomic_cas32(&have_init_ssl, 1037 INIT_UNINITIALIZED, 1038 INIT_UNINITIALIZED); 1039 } 1040 } |
|
| 1019} 1020 1021static int ssl_need_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey) 1022{ 1023 serf_ssl_context_t *ctx = SSL_get_app_data(ssl); 1024 apr_status_t status; 1025 1026 if (ctx->cached_cert) { --- 166 unchanged lines hidden (view full) --- 1193 serf_ssl_server_cert_chain_cb_t cert_chain_callback, 1194 void *data) 1195{ 1196 context->server_cert_callback = cert_callback; 1197 context->server_cert_chain_callback = cert_chain_callback; 1198 context->server_cert_userdata = data; 1199} 1200 | 1041} 1042 1043static int ssl_need_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey) 1044{ 1045 serf_ssl_context_t *ctx = SSL_get_app_data(ssl); 1046 apr_status_t status; 1047 1048 if (ctx->cached_cert) { --- 166 unchanged lines hidden (view full) --- 1215 serf_ssl_server_cert_chain_cb_t cert_chain_callback, 1216 void *data) 1217{ 1218 context->server_cert_callback = cert_callback; 1219 context->server_cert_chain_callback = cert_chain_callback; 1220 context->server_cert_userdata = data; 1221} 1222 |
| 1201static serf_ssl_context_t *ssl_init_context(void) | 1223static serf_ssl_context_t *ssl_init_context(serf_bucket_alloc_t *allocator) |
| 1202{ 1203 serf_ssl_context_t *ssl_ctx; | 1224{ 1225 serf_ssl_context_t *ssl_ctx; |
| 1204 apr_pool_t *pool; 1205 serf_bucket_alloc_t *allocator; | |
| 1206 1207 init_ssl_libraries(); 1208 | 1226 1227 init_ssl_libraries(); 1228 |
| 1209 apr_pool_create(&pool, NULL); 1210 allocator = serf_bucket_allocator_create(pool, NULL, NULL); 1211 | |
| 1212 ssl_ctx = serf_bucket_mem_alloc(allocator, sizeof(*ssl_ctx)); 1213 1214 ssl_ctx->refcount = 0; | 1229 ssl_ctx = serf_bucket_mem_alloc(allocator, sizeof(*ssl_ctx)); 1230 1231 ssl_ctx->refcount = 0; |
| 1215 ssl_ctx->pool = pool; | 1232 ssl_ctx->pool = serf_bucket_allocator_get_pool(allocator); |
| 1216 ssl_ctx->allocator = allocator; 1217 1218 ssl_ctx->ctx = SSL_CTX_new(SSLv23_client_method()); 1219 1220 SSL_CTX_set_client_cert_cb(ssl_ctx->ctx, ssl_need_client_cert); 1221 ssl_ctx->cached_cert = 0; 1222 ssl_ctx->cached_cert_pw = 0; 1223 ssl_ctx->pending_err = APR_SUCCESS; --- 40 unchanged lines hidden (view full) --- 1264 ssl_ctx->decrypt.databuf.read_baton = ssl_ctx; 1265 1266 return ssl_ctx; 1267} 1268 1269static apr_status_t ssl_free_context( 1270 serf_ssl_context_t *ssl_ctx) 1271{ | 1233 ssl_ctx->allocator = allocator; 1234 1235 ssl_ctx->ctx = SSL_CTX_new(SSLv23_client_method()); 1236 1237 SSL_CTX_set_client_cert_cb(ssl_ctx->ctx, ssl_need_client_cert); 1238 ssl_ctx->cached_cert = 0; 1239 ssl_ctx->cached_cert_pw = 0; 1240 ssl_ctx->pending_err = APR_SUCCESS; --- 40 unchanged lines hidden (view full) --- 1281 ssl_ctx->decrypt.databuf.read_baton = ssl_ctx; 1282 1283 return ssl_ctx; 1284} 1285 1286static apr_status_t ssl_free_context( 1287 serf_ssl_context_t *ssl_ctx) 1288{ |
| 1272 apr_pool_t *p; 1273 | |
| 1274 /* If never had the pending buckets, don't try to free them. */ 1275 if (ssl_ctx->decrypt.pending != NULL) { 1276 serf_bucket_destroy(ssl_ctx->decrypt.pending); 1277 } 1278 if (ssl_ctx->encrypt.pending != NULL) { 1279 serf_bucket_destroy(ssl_ctx->encrypt.pending); 1280 } 1281 1282 /* SSL_free implicitly frees the underlying BIO. */ 1283 SSL_free(ssl_ctx->ssl); 1284 SSL_CTX_free(ssl_ctx->ctx); 1285 | 1289 /* If never had the pending buckets, don't try to free them. */ 1290 if (ssl_ctx->decrypt.pending != NULL) { 1291 serf_bucket_destroy(ssl_ctx->decrypt.pending); 1292 } 1293 if (ssl_ctx->encrypt.pending != NULL) { 1294 serf_bucket_destroy(ssl_ctx->encrypt.pending); 1295 } 1296 1297 /* SSL_free implicitly frees the underlying BIO. */ 1298 SSL_free(ssl_ctx->ssl); 1299 SSL_CTX_free(ssl_ctx->ctx); 1300 |
| 1286 p = ssl_ctx->pool; 1287 | |
| 1288 serf_bucket_mem_free(ssl_ctx->allocator, ssl_ctx); | 1301 serf_bucket_mem_free(ssl_ctx->allocator, ssl_ctx); |
| 1289 apr_pool_destroy(p); | |
| 1290 1291 return APR_SUCCESS; 1292} 1293 1294static serf_bucket_t * serf_bucket_ssl_create( 1295 serf_ssl_context_t *ssl_ctx, 1296 serf_bucket_alloc_t *allocator, 1297 const serf_bucket_type_t *type) 1298{ 1299 ssl_context_t *ctx; 1300 1301 ctx = serf_bucket_mem_alloc(allocator, sizeof(*ctx)); 1302 if (!ssl_ctx) { | 1302 1303 return APR_SUCCESS; 1304} 1305 1306static serf_bucket_t * serf_bucket_ssl_create( 1307 serf_ssl_context_t *ssl_ctx, 1308 serf_bucket_alloc_t *allocator, 1309 const serf_bucket_type_t *type) 1310{ 1311 ssl_context_t *ctx; 1312 1313 ctx = serf_bucket_mem_alloc(allocator, sizeof(*ctx)); 1314 if (!ssl_ctx) { |
| 1303 ctx->ssl_ctx = ssl_init_context(); | 1315 ctx->ssl_ctx = ssl_init_context(allocator); |
| 1304 } 1305 else { 1306 ctx->ssl_ctx = ssl_ctx; 1307 } 1308 ctx->ssl_ctx->refcount++; 1309 1310 return serf_bucket_create(type, allocator, ctx); 1311} --- 464 unchanged lines hidden --- | 1316 } 1317 else { 1318 ctx->ssl_ctx = ssl_ctx; 1319 } 1320 ctx->ssl_ctx->refcount++; 1321 1322 return serf_bucket_create(type, allocator, ctx); 1323} --- 464 unchanged lines hidden --- |