diff options
| author | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-06-05 16:36:39 +0000 |
|---|---|---|
| committer | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-06-05 16:36:39 +0000 |
| commit | 7451c1468baf6b998cdc4a4697dffeac2e5a9866 (patch) | |
| tree | 85cadf9d481d929c66b743428248d601ba05d063 /ext/openssl/ossl_ssl.c | |
| parent | c7b583a7440228f408789ce9bfe2205c5762156f (diff) | |
openssl: use SSL_is_server()
* ext/openssl/extconf.rb: Check existence of SSL_is_server(). This
function was introduced in OpenSSL 1.0.2.
[ruby-core:75225] [Feature #12324]
* ext/openssl/openssl_missing.h: Implement SSL_is_server() if missing.
* ext/openssl/ossl_ssl.c (ssl_info_cb): Use SSL_is_server() to see if
the SSL is server. The state machine in OpenSSL was rewritten and
SSL_get_state() no longer returns SSL_ST_ACCEPT.
(ossl_ssl_cipher_to_ary, ossl_sslctx_session_get_cb): Add some
`const`s to suppress warning.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55289 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/ossl_ssl.c')
| -rw-r--r-- | ext/openssl/ossl_ssl.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 4aca99fb6d..5fcebb9e91 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -342,7 +342,11 @@ ossl_call_session_get_cb(VALUE ary) /* this method is currently only called for servers (in OpenSSL <= 0.9.8e) */ static SSL_SESSION * +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +ossl_sslctx_session_get_cb(SSL *ssl, const unsigned char *buf, int len, int *copy) +#else ossl_sslctx_session_get_cb(SSL *ssl, unsigned char *buf, int len, int *copy) +#endif { VALUE ary, ssl_obj, ret_obj; SSL_SESSION *sess; @@ -650,15 +654,13 @@ ssl_alpn_select_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, c #endif #endif /* HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB || HAVE_SSL_CTX_SET_ALPN_SELECT_CB */ -/* This function may serve as the entry point to support further - * callbacks. */ +/* This function may serve as the entry point to support further callbacks. */ static void ssl_info_cb(const SSL *ssl, int where, int val) { - int state = SSL_state(ssl); + int is_server = SSL_is_server((SSL *)ssl); - if ((where & SSL_CB_HANDSHAKE_START) && - (state & SSL_ST_ACCEPT)) { + if (is_server && where & SSL_CB_HANDSHAKE_START) { ssl_renegotiation_cb(ssl); } } @@ -887,7 +889,7 @@ ossl_sslctx_setup(VALUE self) } static VALUE -ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher) +ossl_ssl_cipher_to_ary(const SSL_CIPHER *cipher) { VALUE ary; int bits, alg_bits; @@ -913,7 +915,7 @@ ossl_sslctx_get_ciphers(VALUE self) { SSL_CTX *ctx; STACK_OF(SSL_CIPHER) *ciphers; - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; VALUE ary; int i, num; |