diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-04-29 22:37:12 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-04-29 22:37:12 +0000 |
| commit | 08557cf22cd7c337d7430c32fb21ed29a77a8131 (patch) | |
| tree | ad9cc2e9adf7a39b99ddbe69434a3d79c7cc482b /apps | |
| parent | c4d162873f832cae400b8fee81fc826cb06d55a8 (diff) | |
Initial "opaque SSL" framework. If an application defines
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.
The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/apps.h | 2 | ||||
| -rw-r--r-- | apps/ciphers.c | 2 | ||||
| -rw-r--r-- | apps/s_client.c | 6 | ||||
| -rw-r--r-- | apps/s_server.c | 22 | ||||
| -rw-r--r-- | apps/sess_id.c | 18 |
5 files changed, 27 insertions, 23 deletions
diff --git a/apps/apps.h b/apps/apps.h index 8bd36436db..77d07dac44 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -365,6 +365,8 @@ int raw_write_stdout(const void *,int); double app_tminterval (int stop,int usertime); #endif +#define OPENSSL_NO_SSL_INTERN + #ifndef OPENSSL_NO_NEXTPROTONEG unsigned char *next_protos_parse(unsigned short *outlen, const char *in); #endif diff --git a/apps/ciphers.c b/apps/ciphers.c index 3d4c60db9e..5f2b739700 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -196,7 +196,7 @@ int MAIN(int argc, char **argv) if (Verbose) { - unsigned long id = c->id; + unsigned long id = SSL_CIPHER_get_id(c); int id0 = (int)(id >> 24); int id1 = (int)((id >> 16) & 0xffL); int id2 = (int)((id >> 8) & 0xffL); diff --git a/apps/s_client.c b/apps/s_client.c index 8a57dcfc9f..8e0e8cb35d 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1238,7 +1238,7 @@ re_start: } } #endif - if (c_Pause & 0x01) con->debug=1; + if (c_Pause & 0x01) SSL_set_debug(con, 1); if ( SSL_version(con) == DTLS1_VERSION) { @@ -1287,7 +1287,7 @@ re_start: if (c_debug) { - con->debug=1; + SSL_set_debug(con, 1); BIO_set_callback(sbio,bio_dump_callback); BIO_set_callback_arg(sbio,(char *)bio_c_out); } @@ -1972,7 +1972,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_number_read(SSL_get_rbio(s)), BIO_number_written(SSL_get_wbio(s))); } - BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, ")); + BIO_printf(bio,(SSL_cache_hit(s)?"---\nReused, ":"---\nNew, ")); c=SSL_get_current_cipher(s); BIO_printf(bio,"%s, Cipher is %s\n", SSL_CIPHER_get_version(c), diff --git a/apps/s_server.c b/apps/s_server.c index 97389cd590..9233384028 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2042,7 +2042,7 @@ static int sv_body(char *hostname, int s, unsigned char *context) if (s_debug) { - con->debug=1; + SSL_set_debug(con, 1); BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); } @@ -2380,7 +2380,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out, "\n"); } #endif - if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); + if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); @@ -2499,7 +2499,7 @@ static int www_body(char *hostname, int s, unsigned char *context) if (s_debug) { - con->debug=1; + SSL_set_debug(con, 1); BIO_set_callback(SSL_get_rbio(con),bio_dump_callback); BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out); } @@ -2585,7 +2585,7 @@ static int www_body(char *hostname, int s, unsigned char *context) goto err; } /* EVIL HACK! */ - con->state = SSL_ST_ACCEPT; + SSL_set_state(con, SSL_ST_ACCEPT); i=SSL_do_handshake(con); BIO_printf(bio_s_out, "SSL_do_handshake -> %d\n",i); if (i <= 0) @@ -2651,7 +2651,7 @@ static int www_body(char *hostname, int s, unsigned char *context) } BIO_puts(io,"\n"); } - BIO_printf(io,((con->hit) + BIO_printf(io,(SSL_cache_hit(con) ?"---\nReused, " :"---\nNew, ")); c=SSL_get_current_cipher(con); @@ -2908,7 +2908,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, typedef struct simple_ssl_session_st { unsigned char *id; - int idlen; + unsigned int idlen; unsigned char *der; int derlen; struct simple_ssl_session_st *next; @@ -2923,10 +2923,10 @@ static int add_session(SSL *ssl, SSL_SESSION *session) sess = OPENSSL_malloc(sizeof(simple_ssl_session)); - sess->idlen = session->session_id_length; + sess->idlen = SSL_SESSION_get_id_len(session); sess->derlen = i2d_SSL_SESSION(session, NULL); - sess->id = BUF_memdup(session->session_id, sess->idlen); + sess->id = BUF_memdup(SSL_SESSION_get0_id(session), sess->idlen); sess->der = OPENSSL_malloc(sess->derlen); p = sess->der; @@ -2945,7 +2945,7 @@ static SSL_SESSION *get_session(SSL *ssl, unsigned char *id, int idlen, *do_copy = 0; for (sess = first; sess; sess = sess->next) { - if (idlen == sess->idlen && !memcmp(sess->id, id, idlen)) + if (idlen == (int)sess->idlen && !memcmp(sess->id, id, idlen)) { const unsigned char *p = sess->der; BIO_printf(bio_err, "Lookup session: cache hit\n"); @@ -2959,8 +2959,8 @@ static SSL_SESSION *get_session(SSL *ssl, unsigned char *id, int idlen, static void del_session(SSL_CTX *sctx, SSL_SESSION *session) { simple_ssl_session *sess, *prev = NULL; - unsigned char *id = session->session_id; - int idlen = session->session_id_length; + const unsigned char *id = SSL_SESSION_get0_id(session); + unsigned int idlen = SSL_SESSION_get_id_len(session); for (sess = first; sess; sess = sess->next) { if (idlen == sess->idlen && !memcmp(sess->id, id, idlen)) diff --git a/apps/sess_id.c b/apps/sess_id.c index b99179f276..b16686c26d 100644 --- a/apps/sess_id.c +++ b/apps/sess_id.c @@ -90,6 +90,7 @@ int MAIN(int, char **); int MAIN(int argc, char **argv) { SSL_SESSION *x=NULL; + X509 *peer = NULL; int ret=1,i,num,badops=0; BIO *out=NULL; int informat,outformat; @@ -163,16 +164,17 @@ bad: ERR_load_crypto_strings(); x=load_sess_id(infile,informat); if (x == NULL) { goto end; } + peer = SSL_SESSION_get0_peer(x); if(context) { - x->sid_ctx_length=strlen(context); - if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH) + size_t ctx_len = strlen(context); + if(ctx_len > SSL_MAX_SID_CTX_LENGTH) { BIO_printf(bio_err,"Context too long\n"); goto end; } - memcpy(x->sid_ctx,context,x->sid_ctx_length); + SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len); } #ifdef undef @@ -231,10 +233,10 @@ bad: if (cert) { - if (x->peer == NULL) + if (peer == NULL) BIO_puts(out,"No certificate present\n"); else - X509_print(out,x->peer); + X509_print(out,peer); } } @@ -253,12 +255,12 @@ bad: goto end; } } - else if (!noout && (x->peer != NULL)) /* just print the certificate */ + else if (!noout && (peer != NULL)) /* just print the certificate */ { if (outformat == FORMAT_ASN1) - i=(int)i2d_X509_bio(out,x->peer); + i=(int)i2d_X509_bio(out,peer); else if (outformat == FORMAT_PEM) - i=PEM_write_bio_X509(out,x->peer); + i=PEM_write_bio_X509(out,peer); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; |