diff options
| author | Johnny Willemsen <jwillemsen@remedy.nl> | 2017-08-31 08:39:28 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-31 08:39:28 +0200 |
| commit | 764d3a74cf80e3a3d439347fbaaf9077b0f93d42 (patch) | |
| tree | e75d99cf5a0ebacab791df94f773bffdfa3e7f5d | |
| parent | dc58459e8b75d06bbe49e048647b0d0993ff2d49 (diff) | |
| parent | ff78e6235f5103312bef1de2b30798a707f8817b (diff) | |
| download | ATCD-764d3a74cf80e3a3d439347fbaaf9077b0f93d42.tar.gz | |
Merge pull request #494 from jwillemsen/jwi-openssl110support
Add support for OpenSSL 1.1
| -rw-r--r-- | ACE/NEWS | 2 | ||||
| -rw-r--r-- | ACE/ace/SSL/SSL_Asynch_BIO.cpp | 69 | ||||
| -rw-r--r-- | ACE/ace/SSL/SSL_Context.cpp | 49 | ||||
| -rw-r--r-- | ACE/ace/SSL/SSL_Context.h | 4 | ||||
| -rw-r--r-- | ACE/protocols/ace/INet/SSL_X509Cert.inl | 12 | ||||
| -rw-r--r-- | ACE/tests/SSL/Bug_2912_Regression_Test.cpp | 23 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp | 2 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h | 12 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp | 42 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl | 6 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h | 12 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h | 12 | ||||
| -rw-r--r-- | TAO/orbsvcs/tests/Security/MT_SSLIOP/README | 4 | ||||
| -rw-r--r-- | TAO/orbsvcs/tests/Security/cert/README | 2 |
14 files changed, 152 insertions, 99 deletions
@@ -1,6 +1,8 @@ USER VISIBLE CHANGES BETWEEN ACE-6.4.4 and ACE-6.4.5 ==================================================== +. Add support for OpenSSL 1.1 + USER VISIBLE CHANGES BETWEEN ACE-6.4.3 and ACE-6.4.4 ==================================================== diff --git a/ACE/ace/SSL/SSL_Asynch_BIO.cpp b/ACE/ace/SSL/SSL_Asynch_BIO.cpp index bd58fe2a669..6bb8aa2f677 100644 --- a/ACE/ace/SSL/SSL_Asynch_BIO.cpp +++ b/ACE/ace/SSL/SSL_Asynch_BIO.cpp @@ -41,6 +41,7 @@ extern "C" #define BIO_TYPE_ACE ( 21 | BIO_TYPE_SOURCE_SINK ) +#if OPENSSL_VERSION_NUMBER < 0x10100000L static BIO_METHOD methods_ACE = { BIO_TYPE_ACE, // BIO_TYPE_PROXY_SERVER, @@ -54,13 +55,42 @@ static BIO_METHOD methods_ACE = ACE_ASYNCH_BIO_FREE_NAME, 0 }; +# define BIO_set_init(b, val) b->init = val +# define BIO_set_data(b, val) b->ptr = val +# define BIO_set_num(b, val) b->num = val +# define BIO_set_flags(b, val) b->flags = val +# define BIO_set_shutdown(b, val) b->shutdown = val +# define BIO_get_init(b) b->init +# define BIO_get_data(b) b->ptr +# define BIO_get_shutdown(b) b->shutdown +#else +static BIO_METHOD* methods_ACE; +# define BIO_set_num(b, val) +#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ ACE_BEGIN_VERSIONED_NAMESPACE_DECL BIO * ACE_SSL_make_BIO (void * ssl_asynch_stream) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L BIO * const pBIO = BIO_new (&methods_ACE); +#else + if (!methods_ACE) + { + methods_ACE = BIO_meth_new(BIO_TYPE_ACE, "ACE_Asynch_BIO"); + if (methods_ACE) + { + BIO_meth_set_write(methods_ACE, ACE_ASYNCH_BIO_WRITE_NAME); + BIO_meth_set_read(methods_ACE, ACE_ASYNCH_BIO_READ_NAME); + BIO_meth_set_puts(methods_ACE, ACE_ASYNCH_BIO_PUTS_NAME); + BIO_meth_set_ctrl(methods_ACE, ACE_ASYNCH_BIO_CTRL_NAME); + BIO_meth_set_create(methods_ACE, ACE_ASYNCH_BIO_NEW_NAME); + BIO_meth_set_destroy(methods_ACE, ACE_ASYNCH_BIO_FREE_NAME); + } + } + BIO * const pBIO = BIO_new (methods_ACE); +#endif if (pBIO) BIO_ctrl (pBIO, @@ -107,10 +137,10 @@ ACE_END_VERSIONED_NAMESPACE_DECL int ACE_ASYNCH_BIO_NEW_NAME (BIO * pBIO) { - pBIO->init = 0; // not initialized - pBIO->num = 0; // still zero ( we can use it ) - pBIO->ptr = 0; // will be pointer to ACE_SSL_Asynch_Stream - pBIO->flags = 0; // + BIO_set_init(pBIO, 0); // not initialized + BIO_set_num(pBIO, 0); // still zero ( we can use it ) + BIO_set_data(pBIO, 0); // will be pointer to ACE_SSL_Asynch_Stream + BIO_set_flags(pBIO, 0); return 1; } @@ -118,12 +148,12 @@ ACE_ASYNCH_BIO_NEW_NAME (BIO * pBIO) int ACE_ASYNCH_BIO_FREE_NAME (BIO * pBIO) { - if (pBIO && pBIO->shutdown) + if (pBIO && BIO_get_shutdown(pBIO)) { - pBIO->ptr = 0; - pBIO->init = 0; - pBIO->num = 0; - pBIO->flags = 0; + BIO_set_data(pBIO, 0); + BIO_set_init(pBIO, 0); + BIO_set_num(pBIO, 0); + BIO_set_flags(pBIO, 0); return 1; } @@ -137,9 +167,9 @@ ACE_ASYNCH_BIO_READ_NAME (BIO * pBIO, char * buf, int len) BIO_clear_retry_flags (pBIO); ACE_SSL_Asynch_Stream * const p_stream = - static_cast<ACE_SSL_Asynch_Stream *> (pBIO->ptr); + static_cast<ACE_SSL_Asynch_Stream *> (BIO_get_data(pBIO)); - if (pBIO->init == 0 || p_stream == 0 || buf == 0 || len <= 0) + if (BIO_get_init(pBIO) == 0 || p_stream == 0 || buf == 0 || len <= 0) return -1; BIO_clear_retry_flags (pBIO); @@ -167,9 +197,9 @@ ACE_ASYNCH_BIO_WRITE_NAME (BIO * pBIO, const char * buf, int len) BIO_clear_retry_flags (pBIO); ACE_SSL_Asynch_Stream * p_stream = - static_cast<ACE_SSL_Asynch_Stream *> (pBIO->ptr); + static_cast<ACE_SSL_Asynch_Stream *> (BIO_get_data(pBIO)); - if (pBIO->init == 0 || p_stream == 0 || buf == 0 || len <= 0) + if (BIO_get_init(pBIO) == 0 || p_stream == 0 || buf == 0 || len <= 0) return -1; BIO_clear_retry_flags (pBIO); @@ -199,9 +229,9 @@ ACE_ASYNCH_BIO_CTRL_NAME (BIO * pBIO, int cmd, long num, void *ptr) switch (cmd) { case BIO_C_SET_FILE_PTR: - pBIO->shutdown = static_cast<int> (num); - pBIO->ptr = ptr; - pBIO->init = 1; + BIO_set_shutdown(pBIO, static_cast<int> (num)); + BIO_set_data(pBIO, ptr); + BIO_set_init(pBIO, 1); break; case BIO_CTRL_INFO: @@ -209,11 +239,11 @@ ACE_ASYNCH_BIO_CTRL_NAME (BIO * pBIO, int cmd, long num, void *ptr) break; case BIO_CTRL_GET_CLOSE: - ret = pBIO->shutdown; + ret = BIO_get_shutdown(pBIO); break; case BIO_CTRL_SET_CLOSE: - pBIO->shutdown = static_cast<int> (num); + BIO_set_shutdown(pBIO, static_cast<int> (num)); break; case BIO_CTRL_PENDING: @@ -244,5 +274,4 @@ ACE_ASYNCH_BIO_PUTS_NAME (BIO *pBIO, const char *str) ACE_Utils::truncate_cast<int> (n)); } -#endif /* OPENSSL_VERSION_NUMBER > 0x0090581fL && (ACE_WIN32 || - ACE_HAS_AIO_CALLS) */ +#endif /* OPENSSL_VERSION_NUMBER > 0x0090581fL && (ACE_WIN32 || ACE_HAS_AIO_CALLS) */ diff --git a/ACE/ace/SSL/SSL_Context.cpp b/ACE/ace/SSL/SSL_Context.cpp index 95cd66b3506..982c67d4210 100644 --- a/ACE/ace/SSL/SSL_Context.cpp +++ b/ACE/ace/SSL/SSL_Context.cpp @@ -39,16 +39,16 @@ namespace // @@ This should also be done with a singleton, otherwise it is not // thread safe and/or portable to some weird platforms... -#ifdef ACE_HAS_THREADS +#if defined(ACE_HAS_THREADS) && (OPENSSL_VERSION_NUMBER < 0x10100000L) /// Array of mutexes used internally by OpenSSL when the SSL /// application is multithreaded. ACE_SSL_Context::lock_type * ssl_locks = 0; // @@ This should also be managed by a singleton. -#endif +#endif /* ACE_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L */ } -#ifdef ACE_HAS_THREADS +#if defined (ACE_HAS_THREADS) && (OPENSSL_VERSION_NUMBER < 0x10100000L) # if (defined (ACE_HAS_VERSIONED_NAMESPACE) && ACE_HAS_VERSIONED_NAMESPACE == 1) # define ACE_SSL_LOCKING_CALLBACK_NAME ACE_PREPROC_CONCATENATE(ACE_VERSIONED_NAMESPACE_NAME, _ACE_SSL_locking_callback) @@ -58,8 +58,6 @@ namespace # define ACE_SSL_THREAD_ID_NAME ACE_SSL_thread_id # endif /* ACE_HAS_VERSIONED_NAMESPACE == 1 */ - - extern "C" { void @@ -96,16 +94,16 @@ extern "C" return (unsigned long) ACE_VERSIONED_NAMESPACE_NAME::ACE_OS::thr_self (); } } -#endif /* ACE_HAS_THREADS */ +#endif /* ACE_HAS_THREADS && (OPENSSL_VERSION_NUMBER < 0x10100000L) */ // **************************************************************** ACE_BEGIN_VERSIONED_NAMESPACE_DECL -#ifdef ACE_HAS_THREADS +#if defined (ACE_HAS_THREADS) && (OPENSSL_VERSION_NUMBER < 0x10100000L) ACE_SSL_Context::lock_type * ACE_SSL_Context::locks_ = 0; -#endif /* ACE_HAS_THREADS */ +#endif /* ACE_HAS_THREADS && (OPENSSL_VERSION_NUMBER < 0x10100000L) */ ACE_SSL_Context::ACE_SSL_Context (void) : context_ (0), @@ -151,7 +149,7 @@ ACE_SSL_Context::ssl_library_init (void) { // Initialize the locking callbacks before initializing anything // else. -#ifdef ACE_HAS_THREADS +#if defined(ACE_HAS_THREADS) && (OPENSSL_VERSION_NUMBER < 0x10100000L) int const num_locks = ::CRYPTO_num_locks (); this->locks_ = new lock_type[num_locks]; @@ -163,7 +161,7 @@ ACE_SSL_Context::ssl_library_init (void) ::CRYPTO_set_id_callback (ACE_SSL_THREAD_ID_NAME); # endif /* !WIN32 */ ::CRYPTO_set_locking_callback (ACE_SSL_LOCKING_CALLBACK_NAME); -#endif /* ACE_HAS_THREADS */ +#endif /* ACE_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L */ ::SSLeay_add_ssl_algorithms (); ::SSL_load_error_strings (); @@ -211,6 +209,7 @@ ACE_SSL_Context::ssl_library_fini (void) --ssl_library_init_count; if (ssl_library_init_count == 0) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L ::ERR_free_strings (); ::EVP_cleanup (); @@ -222,7 +221,8 @@ ACE_SSL_Context::ssl_library_fini (void) delete [] this->locks_; this->locks_ = 0; -#endif /* ACE_HAS_THREADS */ +#endif /* ACE_HAS_THREADS && */ +#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ } } @@ -629,8 +629,9 @@ ACE_SSL_Context::random_seed (const char * seed) int ACE_SSL_Context::egd_file (const char * socket_file) { -#if OPENSSL_VERSION_NUMBER < 0x00905100L - // OpenSSL < 0.9.5 doesn't have EGD support. +#if OPENSSL_VERSION_NUMBER < 0x00905100L || defined (OPENSSL_NO_EGD) + // OpenSSL < 0.9.5 doesn't have EGD support. OpenSSL 1.1 and newer + // disable egd by default ACE_UNUSED_ARG (socket_file); ACE_NOTSUP_RETURN (-1); #else @@ -641,7 +642,7 @@ ACE_SSL_Context::egd_file (const char * socket_file) return 0; else return -1; -#endif /* OPENSSL_VERSION_NUMBER >= 0x00905100L */ +#endif /* OPENSSL_VERSION_NUMBER < 0x00905100L */ } int @@ -664,22 +665,22 @@ ACE_SSL_Context::seed_file (const char * seed_file, long bytes) void ACE_SSL_Context::report_error (unsigned long error_code) { - if (error_code == 0) - return; - - char error_string[256]; + if (error_code != 0) + { + char error_string[256]; // OpenSSL < 0.9.6a doesn't have ERR_error_string_n() function. #if OPENSSL_VERSION_NUMBER >= 0x0090601fL - (void) ::ERR_error_string_n (error_code, error_string, sizeof error_string); + (void) ::ERR_error_string_n (error_code, error_string, sizeof error_string); #else /* OPENSSL_VERSION_NUMBER >= 0x0090601fL */ - (void) ::ERR_error_string (error_code, error_string); + (void) ::ERR_error_string (error_code, error_string); #endif /* OPENSSL_VERSION_NUMBER >= 0x0090601fL */ - ACELIB_ERROR ((LM_ERROR, - ACE_TEXT ("ACE_SSL (%P|%t) error code: %u - %C\n"), - error_code, - error_string)); + ACELIB_ERROR ((LM_ERROR, + ACE_TEXT ("ACE_SSL (%P|%t) error code: %u - %C\n"), + error_code, + error_string)); + } } void diff --git a/ACE/ace/SSL/SSL_Context.h b/ACE/ace/SSL/SSL_Context.h index 8d02eb7172d..a9104780a8a 100644 --- a/ACE/ace/SSL/SSL_Context.h +++ b/ACE/ace/SSL/SSL_Context.h @@ -394,11 +394,11 @@ private: /// count of successful CA load attempts int have_ca_; -#ifdef ACE_HAS_THREADS +#if defined(ACE_HAS_THREADS) && (OPENSSL_VERSION_NUMBER < 0x10100000L) /// Array of mutexes used internally by OpenSSL when the SSL /// application is multithreaded. static lock_type * locks_; -#endif /* ACE_HAS_THREADS */ +#endif /* ACE_HAS_THREADS && OPENSSL_VERSION_NUMBER < 0x10100000L */ }; ACE_END_VERSIONED_NAMESPACE_DECL diff --git a/ACE/protocols/ace/INet/SSL_X509Cert.inl b/ACE/protocols/ace/INet/SSL_X509Cert.inl index d0b7905b0c4..9e7e11b1bcf 100644 --- a/ACE/protocols/ace/INet/SSL_X509Cert.inl +++ b/ACE/protocols/ace/INet/SSL_X509Cert.inl @@ -37,9 +37,15 @@ namespace ACE ::X509_free (this->ssl_cert_); if (ssl_cert != 0) - CRYPTO_add (&(ssl_cert->references), - 1, - CRYPTO_LOCK_X509); + { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ::X509_up_ref(ssl_cert); +#else + CRYPTO_add (&(ssl_cert->references), + 1, + CRYPTO_LOCK_X509); +#endif + } this->ssl_cert_ = ssl_cert; return *this; } diff --git a/ACE/tests/SSL/Bug_2912_Regression_Test.cpp b/ACE/tests/SSL/Bug_2912_Regression_Test.cpp index 0edf3544527..c713456137a 100644 --- a/ACE/tests/SSL/Bug_2912_Regression_Test.cpp +++ b/ACE/tests/SSL/Bug_2912_Regression_Test.cpp @@ -2,7 +2,7 @@ * @file Bug_2912_Regression_Test.cpp * * Reproduces the problems reported in bug 2912: - * http://deuce.doc.wustl.edu/bugzilla/show_bug.cgi?id=2912 + * http://bugzilla.dre.vanderbilt.edu/show_bug.cgi?id=2912 * * This test reproduces the following interactions: * @@ -171,10 +171,23 @@ get_dh1024 () DH *dh; if ((dh=DH_new()) == 0) return(0); - dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),0); - dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),0); - if ((dh->p == 0) || (dh->g == 0)) - { DH_free(dh); return(0); } + + BIGNUM* p = BN_bin2bn(dh1024_p,sizeof(dh1024_p),0); + BIGNUM* g = BN_bin2bn(dh1024_g,sizeof(dh1024_g),0); + + if ((p == 0) || (g == 0)) + { + DH_free(dh); + return(0); + } + +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + dh->p = p; + dh->g = g; +#else + DH_set0_pqg(dh, p, 0, g); +#endif + return(dh); } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp index fa555ada8bd..39a18003446 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp @@ -20,7 +20,7 @@ TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::copy (::EVP_PKEY const & key) // trait. This allows us to maintain exception safety. TAO::SSLIOP::EVP_PKEY_var p = ::EVP_PKEY_new (); - switch (::EVP_PKEY_type (pkey->type)) + switch (::EVP_PKEY_type (::EVP_PKEY_id(pkey))) { case EVP_PKEY_RSA: { diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h index 036520af6dc..b3e99fdb0a1 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h @@ -34,10 +34,6 @@ namespace TAO template <> struct OpenSSL_traits< ::EVP_PKEY > { - /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference - /// count manipulation function. - enum { LOCK_ID = CRYPTO_LOCK_EVP_PKEY }; - /// Increase the reference count on the given OpenSSL structure. /** * @note This used to be in a function template but MSVC++ 6 @@ -47,9 +43,15 @@ namespace TAO static ::EVP_PKEY * _duplicate (::EVP_PKEY * st) { if (st != 0) + { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ::EVP_PKEY_up_ref(st); +#else CRYPTO_add (&(st->references), 1, - LOCK_ID); + CRYPTO_LOCK_EVP_PKEY); +#endif + } return st; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp index 5a8dad4fe44..6bcdeda0b88 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp @@ -161,8 +161,8 @@ TAO::SSLIOP::Protocol_Factory::pem_passwd_cb (char *buf, int size, int , void *t { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP_Factory::pem_passwd_cb ") - ACE_TEXT ("cannot open file: %s\n"), + ACE_TEXT ("TAO (%P|%t) - SSLIOP_Factory::pem_passwd_cb ") + ACE_TEXT ("cannot open file: %C\n"), fname)); pem_passwd_ = ""; } @@ -179,8 +179,8 @@ TAO::SSLIOP::Protocol_Factory::pem_passwd_cb (char *buf, int size, int , void *t { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP_Factory::pem_passwd_cb ") - ACE_TEXT ("cannot read file: %s\n"), + ACE_TEXT ("TAO (%P|%t) - SSLIOP_Factory::pem_passwd_cb ") + ACE_TEXT ("cannot read file: %C\n"), fname)); pem_passwd_ = ""; } @@ -202,8 +202,8 @@ TAO::SSLIOP::Protocol_Factory::pem_passwd_cb (char *buf, int size, int , void *t { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP_Factory::pem_passwd_cb ") - ACE_TEXT ("invalid env: %s\n"), + ACE_TEXT ("TAO (%P|%t) - SSLIOP_Factory::pem_passwd_cb ") + ACE_TEXT ("invalid env: %C\n"), env)); pem_passwd_ = ""; } @@ -214,7 +214,7 @@ TAO::SSLIOP::Protocol_Factory::pem_passwd_cb (char *buf, int size, int , void *t { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP_Factory::pem_passwd_cb truncating ") + ACE_TEXT ("TAO (%P|%t) - SSLIOP_Factory::pem_passwd_cb truncating ") ACE_TEXT ("supplied password from len %d to %d\n"), len, size - 1)); len = size - 1; @@ -343,7 +343,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { if (TAO_debug_level > 0) ORBSVCS_ERROR ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set the session id ") + ACE_TEXT ("TAO (%P|%t) - Unable to set the session id ") ACE_TEXT ("context to \'%C\'\n"), session_id_context_)); return -1; @@ -373,7 +373,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) "ALL:eNULL") == 0) { ORBSVCS_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set eNULL ") + ACE_TEXT ("TAO (%P|%t) - Unable to set eNULL ") ACE_TEXT ("SSL cipher in SSLIOP ") ACE_TEXT ("factory.\n"))); @@ -515,7 +515,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) ACE_TEXT_ALWAYS_CHAR(argv[curarg])) == 0) { ORBSVCS_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set cipher ") + ACE_TEXT ("TAO (%P|%t) - Unable to set cipher ") ACE_TEXT ("list in SSLIOP ") ACE_TEXT ("factory.\n"))); @@ -570,14 +570,14 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { ++errors; ORBSVCS_ERROR ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Failed to load ") + ACE_TEXT ("TAO (%P|%t) - Failed to load ") ACE_TEXT ("more entropy from <%s>: %m\n"), path)); } else { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) Loaded ") + ACE_TEXT ("TAO (%P|%t) - Loaded ") ACE_TEXT ("more entropy from <%s>\n"), path)); } @@ -595,7 +595,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) if (ssl_ctx->load_trusted_ca (ca_file.in (), ca_dir.in ()) != 0) { ORBSVCS_ERROR ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to load ") + ACE_TEXT ("TAO (%P|%t) - Unable to load ") ACE_TEXT ("CA certs from %C%C%C\n"), ((ca_file.in () != 0) ? ca_file.in () : "a file pointed to by " ACE_SSL_CERT_FILE_ENV @@ -612,7 +612,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_INFO, - ACE_TEXT ("TAO (%P|%t) SSLIOP loaded ") + ACE_TEXT ("TAO (%P|%t) - SSLIOP loaded ") ACE_TEXT ("Trusted Certificates from %C%C%C\n"), ((ca_file.in () != 0) ? ca_file.in () : "a file pointed to by " ACE_SSL_CERT_FILE_ENV @@ -649,7 +649,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) // a dh parameter file and we were unable to actually find it // and load from it. ORBSVCS_ERROR ((LM_ERROR, - ACE_TEXT ("(%P|%t) SSLIOP_Factory: ") + ACE_TEXT ("(%P|%t) - SSLIOP_Factory: ") ACE_TEXT ("unable to set ") ACE_TEXT ("DH parameters <%C>\n"), dhparams_path.in () )); @@ -659,7 +659,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_INFO, - ACE_TEXT ("(%P|%t) SSLIOP_Factory: ") + ACE_TEXT ("(%P|%t) - SSLIOP_Factory: ") ACE_TEXT ("No DH parameters found in ") ACE_TEXT ("certificate <%C>; either none ") ACE_TEXT ("are needed (RSA) or problems ") @@ -671,7 +671,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_INFO, - ACE_TEXT ("(%P|%t) SSLIOP loaded ") + ACE_TEXT ("(%P|%t) - SSLIOP loaded ") ACE_TEXT ("Diffie-Hellman params ") ACE_TEXT ("from %C\n"), dhparams_path.in ())); @@ -688,7 +688,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) certificate_type) != 0) { ORBSVCS_ERROR ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set ") + ACE_TEXT ("TAO (%P|%t) - Unable to set ") ACE_TEXT ("SSL certificate <%C> ") ACE_TEXT ("in SSLIOP factory.\n"), certificate_path.in())); @@ -699,7 +699,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_INFO, - ACE_TEXT ("TAO (%P|%t) SSLIOP loaded ") + ACE_TEXT ("TAO (%P|%t) - SSLIOP loaded ") ACE_TEXT ("SSL certificate ") ACE_TEXT ("from %C\n"), certificate_path.in())); @@ -712,7 +712,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { ORBSVCS_ERROR ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set ") + ACE_TEXT ("TAO (%P|%t) - Unable to set ") ACE_TEXT ("SSL private key ") ACE_TEXT ("<%C> in SSLIOP factory.\n"), private_key_path.in ())); @@ -723,7 +723,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_INFO, - ACE_TEXT ("TAO (%P|%t) SSLIOP loaded ") + ACE_TEXT ("TAO (%P|%t) - SSLIOP loaded ") ACE_TEXT ("Private Key ") ACE_TEXT ("from <%C>\n"), private_key_path.in ())); diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl index 86d26e48bbd..b14d3ae93d1 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl @@ -15,9 +15,9 @@ TAO::SSLIOP::_duplicate (T * st) // reference count on the structure it defines, so we do it // manually. if (st != 0) - CRYPTO_add (&(st->references), - 1, - TAO::SSLIOP::OpenSSL_traits<T>::LOCK_ID); + { + TAO::SSLIOP::OpenSSL_traits<T>::_duplicate(st); + } return st; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h index b549bdcea61..edd3480a24f 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h @@ -37,10 +37,6 @@ namespace TAO template <> struct OpenSSL_traits< ::SSL > { - /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference - /// count manipulation function. - enum { LOCK_ID = CRYPTO_LOCK_SSL }; - /// Increase the reference count on the given OpenSSL structure. /** * @note This used to be in a function template but MSVC++ 6 @@ -50,9 +46,15 @@ namespace TAO static ::SSL * _duplicate (::SSL * st) { if (st != 0) + { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ::SSL_up_ref(st); +#else CRYPTO_add (&(st->references), 1, - LOCK_ID); + CRYPTO_LOCK_SSL); +#endif + } return st; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h index d83aa016353..0b3250f7468 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h @@ -35,10 +35,6 @@ namespace TAO template <> struct OpenSSL_traits< ::X509 > { - /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference - /// count manipulation function. - enum { LOCK_ID = CRYPTO_LOCK_X509 }; - /// Increase the reference count on the given OpenSSL structure. /** * @note This used to be in a function template but MSVC++ 6 @@ -48,9 +44,15 @@ namespace TAO static ::X509 * _duplicate (::X509 * st) { if (st != 0) + { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ::X509_up_ref(st); +#else CRYPTO_add (&(st->references), 1, - LOCK_ID); + CRYPTO_LOCK_X509); +#endif + } return st; } diff --git a/TAO/orbsvcs/tests/Security/MT_SSLIOP/README b/TAO/orbsvcs/tests/Security/MT_SSLIOP/README index a38d6617ada..8ea7de961f5 100644 --- a/TAO/orbsvcs/tests/Security/MT_SSLIOP/README +++ b/TAO/orbsvcs/tests/Security/MT_SSLIOP/README @@ -1,8 +1,6 @@ - - Description: - This is a simple test for a thread-pool server that can +This is a simple test for a thread-pool server that can service multithreaded clients with the same object reference. It creates a server process with a variable number of threads, multiple (multithreaded) clients can send requests to it, the diff --git a/TAO/orbsvcs/tests/Security/cert/README b/TAO/orbsvcs/tests/Security/cert/README index 3fcecfb43b5..e865cbcfa5a 100644 --- a/TAO/orbsvcs/tests/Security/cert/README +++ b/TAO/orbsvcs/tests/Security/cert/README @@ -1,5 +1,3 @@ - - This is a CA used for signing keys in the security tests. The password for the CA key is DOCGroup The following steps were used to generate the cert used to test the checkhost and password features: |