diff options
| author | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2009-09-13 11:26:52 +0000 |
|---|---|---|
| committer | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2009-09-13 11:26:52 +0000 |
| commit | 49395ede463359704b7c60543476a8babc5b7ea0 (patch) | |
| tree | 75d0495d1fce433f9c0e736578a06cb521cfa8a5 | |
| parent | 8f4ac0bf097ccad9588e9fa4c035ae781f395a52 (diff) | |
| download | neon-49395ede463359704b7c60543476a8babc5b7ea0.tar.gz | |
Merge r1724 from trunk:
* src/ne_openssl.c: Include opensslv.h.
(SSL_SESSION_cmp): Define if not available, for OpenSSL >= 1.0.
* src/ne_socket.c (ne_sock_accept_ssl): Add debug log output if
session is resumed.
* macros/neon.m4 (NEON_SSL): Check for SSL_SESSION_cmp.
git-svn-id: http://svn.webdav.org/repos/projects/neon/branches/0.29.x@1725 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
| -rw-r--r-- | macros/neon.m4 | 2 | ||||
| -rw-r--r-- | src/ne_openssl.c | 14 | ||||
| -rw-r--r-- | src/ne_socket.c | 4 |
3 files changed, 19 insertions, 1 deletions
diff --git a/macros/neon.m4 b/macros/neon.m4 index a673027..5665362 100644 --- a/macros/neon.m4 +++ b/macros/neon.m4 @@ -917,7 +917,7 @@ yes|openssl) if test "$ne_cv_lib_ssl097" = "yes"; then AC_MSG_NOTICE([OpenSSL >= 0.9.7; EGD support not needed in neon]) NE_ENABLE_SUPPORT(SSL, [SSL support enabled, using OpenSSL (0.9.7 or later)]) - NE_CHECK_FUNCS(CRYPTO_set_idptr_callback) + NE_CHECK_FUNCS(CRYPTO_set_idptr_callback SSL_SESSION_cmp) else # Fail if OpenSSL is older than 0.9.6 NE_CHECK_OPENSSLVER(ne_cv_lib_ssl096, 0.9.6, 0x00906000L) diff --git a/src/ne_openssl.c b/src/ne_openssl.c index 5c5e3a9..54a9f39 100644 --- a/src/ne_openssl.c +++ b/src/ne_openssl.c @@ -34,6 +34,7 @@ #include <openssl/pkcs12.h> #include <openssl/x509v3.h> #include <openssl/rand.h> +#include <openssl/opensslv.h> #ifdef NE_HAVE_TS_SSL #include <stdlib.h> /* for abort() */ @@ -632,6 +633,19 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx) ne_free(ctx); } +#if !defined(HAVE_SSL_SESSION_CMP) && !defined(SSL_SESSION_cmp) \ + && defined(OPENSSL_VERSION_NUMBER) \ + && OPENSSL_VERSION_NUMBER > 0x10000000L +/* OpenSSL 1.0 removed SSL_SESSION_cmp for no apparent reason - hoping + * it is reasonable to assume that comparing the session IDs is + * sufficient. */ +static int SSL_SESSION_cmp(SSL_SESSION *a, SSL_SESSION *b) +{ + return a->session_id_length == b->session_id_length + && memcmp(a->session_id, b->session_id, a->session_id_length) == 0; +} +#endif + /* For internal use only. */ int ne__negotiate_ssl(ne_session *sess) { diff --git a/src/ne_socket.c b/src/ne_socket.c index 32bc7e7..aa4c4ed 100644 --- a/src/ne_socket.c +++ b/src/ne_socket.c @@ -1639,6 +1639,10 @@ int ne_sock_accept_ssl(ne_socket *sock, ne_ssl_context *ctx) if (ret != 1) { return error_ossl(sock, ret); } + + if (SSL_session_reused(ssl)) { + NE_DEBUG(NE_DBG_SSL, "ssl: Server reused session.\n"); + } #elif defined(HAVE_GNUTLS) gnutls_init(&ssl, GNUTLS_SERVER); gnutls_credentials_set(ssl, GNUTLS_CRD_CERTIFICATE, ctx->cred); |