[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 80/163: openssl: assume engine support in 1.0.1 or
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 80/163: openssl: assume engine support in 1.0.1 or later |
Date: |
Sun, 05 Aug 2018 12:36:46 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 38203f1585da53e07e54e37c7d5da4d72f509a2e
Author: Daniel Stenberg <address@hidden>
AuthorDate: Fri Jun 8 16:36:47 2018 +0200
openssl: assume engine support in 1.0.1 or later
Previously it was checked for in configure/cmake, but that would then
leave other build systems built without engine support.
While engine support probably existed prior to 1.0.1, I decided to play
safe. If someone experience a problem with this, we can widen the
version check.
Fixes #2641
Closes #2644
---
CMakeLists.txt | 1 -
configure.ac | 8 --------
lib/urldata.h | 2 +-
lib/vtls/openssl.c | 25 ++++++++++++++-----------
4 files changed, 15 insertions(+), 21 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index e8cdcc555..7d7d76cd8 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -356,7 +356,6 @@ if(CMAKE_USE_OPENSSL)
include_directories(${OPENSSL_INCLUDE_DIR})
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
- check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)
check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H)
check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H)
check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H)
diff --git a/configure.ac b/configure.ac
index fa5dc84f5..a9fd3d103 100755
--- a/configure.ac
+++ b/configure.ac
@@ -1756,14 +1756,6 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
fi
if test X"$OPENSSL_ENABLED" = X"1"; then
- dnl If the ENGINE library seems to be around, check for the OpenSSL engine
- dnl stuff, it is kind of "separated" from the main SSL check
- AC_CHECK_FUNC(ENGINE_init,
- [
- AC_CHECK_HEADERS(openssl/engine.h)
- AC_CHECK_FUNCS( ENGINE_load_builtin_engines )
- ])
-
dnl These can only exist if OpenSSL exists
dnl Older versions of Cyassl (some time before 2.9.4) don't have
dnl SSL_get_shutdown (but this check won't actually detect it there
diff --git a/lib/urldata.h b/lib/urldata.h
index 86295b681..51970b7ac 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1267,7 +1267,7 @@ struct UrlState {
void *resolver; /* resolver state, if it is used in the URL state -
ares_channel f.e. */
-#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
+#if defined(USE_OPENSSL)
/* void instead of ENGINE to avoid bleeding OpenSSL into this header */
void *engine;
#endif /* USE_OPENSSL */
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 4a5f37060..4b2e54bf0 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -50,9 +50,6 @@
#include "hostcheck.h"
#include "curl_printf.h"
#include <openssl/ssl.h>
-#ifdef HAVE_OPENSSL_ENGINE_H
-#include <openssl/engine.h>
-#endif
#include <openssl/rand.h>
#include <openssl/x509v3.h>
#ifndef OPENSSL_NO_DSA
@@ -72,6 +69,12 @@
#include <openssl/ocsp.h>
#endif
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L) && /* 1.0.1 or later */ \
+ !defined(OPENSSL_NO_ENGINE)
+#define USE_OPENSSL_ENGINE
+#include <openssl/engine.h>
+#endif
+
#include "warnless.h"
#include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
@@ -83,7 +86,7 @@
#error "OPENSSL_VERSION_NUMBER not defined"
#endif
-#if defined(HAVE_OPENSSL_ENGINE_H)
+#ifdef USE_OPENSSL_ENGINE
#include <openssl/ui.h>
#endif
@@ -515,7 +518,7 @@ static int do_file_type(const char *type)
return -1;
}
-#if defined(HAVE_OPENSSL_ENGINE_H)
+#ifdef USE_OPENSSL_ENGINE
/*
* Supply default password to the engine user interface conversation.
* The password is passed by OpenSSL engine from ENGINE_load_private_key()
@@ -617,7 +620,7 @@ int cert_stuff(struct connectdata *conn,
}
break;
case SSL_FILETYPE_ENGINE:
-#if defined(HAVE_OPENSSL_ENGINE_H) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
+#if defined(USE_OPENSSL_ENGINE) && defined(ENGINE_CTRL_GET_CMD_FROM_NAME)
{
if(data->state.engine) {
const char *cmd_name = "LOAD_CERT_CTRL";
@@ -792,7 +795,7 @@ int cert_stuff(struct connectdata *conn,
}
break;
case SSL_FILETYPE_ENGINE:
-#ifdef HAVE_OPENSSL_ENGINE_H
+#ifdef USE_OPENSSL_ENGINE
{ /* XXXX still needs some work */
EVP_PKEY *priv_key = NULL;
if(data->state.engine) {
@@ -1099,7 +1102,7 @@ static int Curl_ossl_check_cxn(struct connectdata *conn)
static CURLcode Curl_ossl_set_engine(struct Curl_easy *data,
const char *engine)
{
-#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
+#ifdef USE_OPENSSL_ENGINE
ENGINE *e;
#if OPENSSL_VERSION_NUMBER >= 0x00909000L
@@ -1144,7 +1147,7 @@ static CURLcode Curl_ossl_set_engine(struct Curl_easy
*data,
*/
static CURLcode Curl_ossl_set_engine_default(struct Curl_easy *data)
{
-#ifdef HAVE_OPENSSL_ENGINE_H
+#ifdef USE_OPENSSL_ENGINE
if(data->state.engine) {
if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
infof(data, "set default crypto engine '%s'\n",
@@ -1167,7 +1170,7 @@ static CURLcode Curl_ossl_set_engine_default(struct
Curl_easy *data)
static struct curl_slist *Curl_ossl_engines_list(struct Curl_easy *data)
{
struct curl_slist *list = NULL;
-#if defined(USE_OPENSSL) && defined(HAVE_OPENSSL_ENGINE_H)
+#ifdef USE_OPENSSL_ENGINE
struct curl_slist *beg;
ENGINE *e;
@@ -1323,7 +1326,7 @@ static void Curl_ossl_session_free(void *ptr)
*/
static void Curl_ossl_close_all(struct Curl_easy *data)
{
-#ifdef HAVE_OPENSSL_ENGINE_H
+#ifdef USE_OPENSSL_ENGINE
if(data->state.engine) {
ENGINE_finish(data->state.engine);
ENGINE_free(data->state.engine);
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 141/163: libssh: goto DISCONNECT state on error, not SSH_SESSION_FREE, (continued)
- [GNUnet-SVN] [gnurl] 141/163: libssh: goto DISCONNECT state on error, not SSH_SESSION_FREE, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 130/163: docs: fix missed option name markups, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 156/163: post303.d: clarify that this is an RFC violation, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 139/163: KNOWN_BUGS: Borland support is dropped, AIX problem is too old, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 119/163: GOVERNANCE: linkify, changed some titles, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 82/163: test 46: make test pass after 2025, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 84/163: schannel: avoid incompatible pointer warning, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 89/163: progress: remove a set of unused defines, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 70/163: axtls: follow-up spell fix of comment, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 91/163: KNOWN_BUGS: slow connect to localhost on Windows, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 80/163: openssl: assume engine support in 1.0.1 or later,
gnunet <=
- [GNUnet-SVN] [gnurl] 136/163: DEPRECATE: include year when specifying date, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 95/163: configure: enhance ability to detect/build with static openssl, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 108/163: cmake: allow multiple SSL backends, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 86/163: runtests: support variables in <strippart>, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 107/163: url: fix dangling conn->data pointer, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 109/163: system.h: fix for gcc on 32 bit OpenServer, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 123/163: configure: remove CURL_CHECK_NI_WITHSCOPEID too, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 112/163: CURLOPT_SSL_VERIFYPEER.3: Add performance note, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 88/163: TODO: "Option to refuse usernames in URLs" done, gnunet, 2018/08/05
- [GNUnet-SVN] [gnurl] 126/163: openssl: allow TLS 1.3 by default, gnunet, 2018/08/05