You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fix OpenSSL 4.0 compatibility and test that in CI.
CI: Update to test OpenSSL 4.0.0 explicitly.
CI: No longer disable deprecated-declaration warnings for OpenSSL 3.4 -Werror build.
* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Change name to
const X509_NAME *.
(ssl_callback_proxy_cert): Change ca_name, issuer, and ca_issuer to
const X509_NAME *.
* modules/ssl/ssl_engine_log.c (ssl_log_cert_error): Change cert
parameter to const X509 *. Use X509_get0_serialNumber,
X509_get0_notBefore, and X509_get0_notAfter instead of non-const
variants.
(ssl_log_xerror, ssl_log_cxerror, ssl_log_rxerror): Change cert
parameter to const X509 *.
* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): Change
xsname parameter to const X509_NAME *.
(ssl_var_lookup_ssl_cert_dn_oneline): Change xsname parameter to
const X509_NAME *.
(ssl_var_lookup_ssl_cert): Change xsname to const X509_NAME *.
(ssl_var_lookup_ssl_cert_rfc4523_cea): Change issuer to const
X509_NAME *.
* modules/ssl/ssl_private.h (ssl_log_xerror, ssl_log_cxerror,
ssl_log_rxerror): Update declarations to use const X509 *.
* modules/ssl/ssl_util_ssl.c (modssl_X509_NAME_to_string): Change dn
parameter to const X509_NAME *.
(getIDs): Change subj to const X509_NAME *.
* modules/ssl/ssl_util_ssl.h (modssl_X509_NAME_to_string): Update
declaration to use const X509_NAME *.
* support/ab.c (ssl_print_cert_info): Change dn to const X509_NAME *.
mod_ssl: use ASN1_STRING accessor API in dump_extn_value:
* modules/ssl/ssl_engine_vars.c (dump_extn_value): Use
ASN1_STRING_get0_data() and ASN1_STRING_length() rather than
directly dereferencing the ASN1_OCTET_STRING structure, which is
opaque in OpenSSL 4.0.
* modules/ssl/ssl_private.h: Add compat macros for
ASN1_STRING_get0_data and ASN1_STRING_length for pre-1.1 API.
mod_ssl: constify ASN1_TIME pointers, use X509_get0_not{Before,After}:
* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_valid,
ssl_var_lookup_ssl_cert_remain): Constify ASN1_TIME * parameter.
(ssl_var_lookup_ssl_cert): Use X509_get0_notBefore() and
X509_get0_notAfter() which return const pointers.
(ssl_var_lookup_ssl_cert_remain): Use ASN1_TIME_check() directly
rather than INVALID_ASN1_TIME macro which dereferences the
ASN1_TIME structure.
(dump_extn_value): Constify ASN1_OCTET_STRING * parameter.
* modules/ssl/ssl_private.h: Add compat macros for
X509_get0_before and X509_get0_after for pre-1.1 API.
mod_ssl: constify X509_NAME_ENTRY and X509_EXTENSION pointers:
* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn,
extract_dn): Constify X509_NAME_ENTRY * variables, constify
X509_NAME * parameter of extract_dn, drop unnecessary casts
on X509_NAME_ENTRY_get_object() calls.
(ssl_ext_list): Use MODSSL_X509_EXT_CONST for X509_EXTENSION *
since X509_EXTENSION accessors are only constified in OpenSSL 4.
* modules/ssl/ssl_util_ssl.c, modules/ssl/ssl_util_ssl.h
(modssl_X509_NAME_ENTRY_to_string): Constify X509_NAME_ENTRY *
parameter.
* modules/ssl/ssl_private.h: Add MODSSL_X509_EXT_CONST, defined
as const for OpenSSL 4+ and empty otherwise.
* modules/ssl/ssl_util_ssl.c (asn1_string_convert): Constify
ASN1_STRING * argument.
* modules/ssl/ssl_engine_ocsp.c (extract_responder_uri): Use
modssl_ASN1_STRING_convert instead of directly accessing ASN1_STRING
data pointer.
* modules/ssl/ssl_util_ssl.c (modssl_ASN1_STRING_convert): Rename from
asn1_string_convert and export function.
(asn1_string_to_utf8): Update to use modssl_ASN1_STRING_convert.
(modssl_X509_NAME_ENTRY_to_string): Update to use
modssl_ASN1_STRING_convert.
* modules/ssl/ssl_util_ssl.h (modssl_ASN1_STRING_convert): Declare new
function.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Github: closes#609
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1933586 13f79535-47bb-0310-9956-ffa450edef68
0 commit comments