diff options
| author | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-06-05 12:46:05 +0000 |
|---|---|---|
| committer | rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-06-05 12:46:05 +0000 |
| commit | e478bb7d79773651fe4339e930aa936c8ae98066 (patch) | |
| tree | ee456018af9212a5a21ef52d47413802690d6947 /ext/openssl/ossl_ssl.c | |
| parent | 9199bec9e85efdcead79cfb19f867e87bb9f48b9 (diff) | |
openssl: support OpenSSL 1.1.0's new multi-threading API
* ext/openssl/extconf.rb: Check absence of CRYPTO_lock() to see if the
OpenSSL has the new threading API. In OpenSSL <= 1.0.2, an application
had to set locking callbacks to use OpenSSL in a multi-threaded
environment. OpenSSL 1.1.0 now finds pthreads or Windows threads so we
don't need to do something special.
[ruby-core:75225] [Feature #12324]
Also check existence of *_up_ref(). Some structures in OpenSSL have
a reference counter. We used to increment it with CRYPTO_add() which
is a part of the old API.
* ext/openssl/openssl_missing.h: Implement *_up_ref() if missing.
* ext/openssl/ossl.c: Don't set locking callbacks if unneeded.
* ext/openssl/ossl_pkey.c, ext/openssl/ossl_ssl.c,
ext/openssl/ossl_x509cert.c, ext/openssl/ossl_x509crl.c,
ext/openssl/ossl_x509store.c: Use *_up_ref() instead of CRYPTO_add().
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55283 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/ossl_ssl.c')
| -rw-r--r-- | ext/openssl/ossl_ssl.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index 0f5313bd75..cfb64d2cec 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -128,8 +128,10 @@ static void ossl_sslctx_free(void *ptr) { SSL_CTX *ctx = ptr; +#if !defined(HAVE_X509_STORE_UP_REF) if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1) ctx->cert_store = NULL; +#endif SSL_CTX_free(ctx); } @@ -397,7 +399,7 @@ ossl_sslctx_session_new_cb(SSL *ssl, SSL_SESSION *sess) return 1; ssl_obj = (VALUE)ptr; sess_obj = rb_obj_alloc(cSSLSession); - CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_up_ref(sess); DATA_PTR(sess_obj) = sess; ary = rb_ary_new2(2); @@ -446,7 +448,7 @@ ossl_sslctx_session_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess) return; sslctx_obj = (VALUE)ptr; sess_obj = rb_obj_alloc(cSSLSession); - CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION); + SSL_SESSION_up_ref(sess); DATA_PTR(sess_obj) = sess; ary = rb_ary_new2(2); @@ -708,7 +710,6 @@ ossl_sslctx_setup(VALUE self) { SSL_CTX *ctx; X509 *cert = NULL, *client_ca = NULL; - X509_STORE *store; EVP_PKEY *key = NULL; char *ca_path = NULL, *ca_file = NULL; int verify_mode; @@ -743,16 +744,20 @@ ossl_sslctx_setup(VALUE self) #endif /* OPENSSL_NO_EC */ val = ossl_sslctx_get_cert_store(self); - if(!NIL_P(val)){ + if (!NIL_P(val)) { + X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */ + SSL_CTX_set_cert_store(ctx, store); +#if !defined(HAVE_X509_STORE_UP_REF) /* * WORKAROUND: * X509_STORE can count references, but * X509_STORE_free() doesn't care it. * So we won't increment it but mark it by ex_data. */ - store = GetX509StorePtr(val); /* NO NEED TO DUP */ - SSL_CTX_set_cert_store(ctx, store); - SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void*)1); + SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void *)1); +#else /* Fixed in OpenSSL 1.0.2; bff9ce4db38b (master), 5b4b9ce976fc (1.0.2) */ + X509_STORE_up_ref(store); +#endif } val = ossl_sslctx_get_extra_cert(self); |