nghttpx: Fix compile error with openssl 1.0.1

openssl lacks SSL_CTX_get0_certificates().
2016-06-25 23:35:12 +09:00 · 2016-06-25 23:35:12 +09:00 · 3e14f0d8a5
parent f7c0d48152
commit 3e14f0d8a5
3 changed files with 47 additions and 29 deletions
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@ -1318,6 +1318,26 @@ bool upstream_tls_enabled() {
                     [](const UpstreamAddr &faddr) { return faddr.tls; });
 }
 X509 *load_certificate(const char *filename) {
  auto bio = BIO_new(BIO_s_file());
  if (!bio) {
    fprintf(stderr, "BIO_new() failed\n");
    return nullptr;
  }
  auto bio_deleter = defer(BIO_vfree, bio);
  if (!BIO_read_filename(bio, filename)) {
    fprintf(stderr, "Could not read certificate file '%s'\n", filename);
    return nullptr;
  }
  auto cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
  if (!cert) {
    fprintf(stderr, "Could not read X509 structure from file '%s'\n", filename);
    return nullptr;
  }
  return cert;
 }
 SSL_CTX *setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
                                  CertLookupTree *cert_tree
 #ifdef HAVE_NEVERBLEED
@ -1351,25 +1371,41 @@ SSL_CTX *setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
    return ssl_ctx;
  }
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
  auto cert = SSL_CTX_get0_certificate(ssl_ctx);
 #else
  auto cert = load_certificate(tlsconf.cert_file.c_str());
  auto cert_deleter = defer(X509_free, cert);
 #endif
  if (ssl::cert_lookup_tree_add_cert_from_x509(
-          cert_tree, all_ssl_ctx.size() - 1,
+          cert_tree, all_ssl_ctx.size() - 1, cert) == -1) {
          SSL_CTX_get0_certificate(ssl_ctx)) == -1) {
    LOG(FATAL) << "Failed to add default certificate.";
    DIE();
  }
  for (auto &keycert : tlsconf.subcerts) {
    auto &priv_key_file = keycert.first;
    auto &cert_file = keycert.second;
    auto ssl_ctx =
-        ssl::create_ssl_context(keycert.first.c_str(), keycert.second.c_str()
+        ssl::create_ssl_context(priv_key_file.c_str(), cert_file.c_str()
 #ifdef HAVE_NEVERBLEED
                                                           ,
                                nb
 #endif // HAVE_NEVERBLEED
                                );
    all_ssl_ctx.push_back(ssl_ctx);
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
    auto cert = SSL_CTX_get0_certificate(ssl_ctx);
 #else
    auto cert = load_certificate(cert_file.c_str());
    auto cert_deleter = defer(X509_free, cert);
 #endif
    if (ssl::cert_lookup_tree_add_cert_from_x509(
-            cert_tree, all_ssl_ctx.size() - 1,
+            cert_tree, all_ssl_ctx.size() - 1, cert) == -1) {
            SSL_CTX_get0_certificate(ssl_ctx)) == -1) {
      LOG(FATAL) << "Failed to add sub certificate.";
      DIE();
    }
--- a/src/shrpx_ssl.h
+++ b/src/shrpx_ssl.h
@ -236,6 +236,10 @@ void try_cache_tls_session(TLSSessionCache &cache, const Address &addr,
 // found associated to |addr|, nullptr will be returned.
 SSL_SESSION *reuse_tls_session(const TLSSessionCache &addr);
 // Loads certificate form file |filename|.  The caller should delete
 // the returned object using X509_free().
 X509 *load_certificate(const char *filename);
 } // namespace ssl
 } // namespace shrpx
--- a/src/shrpx_ssl_test.cc
+++ b/src/shrpx_ssl_test.cc
@ -93,28 +93,6 @@ void test_shrpx_ssl_create_lookup_tree(void) {
  }
 }
 namespace {
 X509 *load_certificate(const char *filename) {
  auto bio = BIO_new(BIO_s_file());
  if (!bio) {
    fprintf(stderr, "BIO_new() failed\n");
    return nullptr;
  }
  auto bio_deleter = defer(BIO_vfree, bio);
  if (!BIO_read_filename(bio, filename)) {
    fprintf(stderr, "Could not read certificate file '%s'\n", filename);
    return nullptr;
  }
  auto cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
  if (!cert) {
    fprintf(stderr, "Could not read X509 structure from file '%s'\n", filename);
    return nullptr;
  }
  return cert;
 }
 } // namespace
 // We use cfssl to generate key pairs.
 //
 // CA self-signed key pairs generation:
@ -141,11 +119,11 @@ void test_shrpx_ssl_cert_lookup_tree_add_cert_from_x509(void) {
  int rv;
  constexpr char nghttp2_certfile[] = NGHTTP2_SRC_DIR "/test.nghttp2.org.pem";
-  auto nghttp2_cert = load_certificate(nghttp2_certfile);
+  auto nghttp2_cert = ssl::load_certificate(nghttp2_certfile);
  auto nghttp2_cert_deleter = defer(X509_free, nghttp2_cert);
  constexpr char examples_certfile[] = NGHTTP2_SRC_DIR "/test.example.com.pem";
-  auto examples_cert = load_certificate(examples_certfile);
+  auto examples_cert = ssl::load_certificate(examples_certfile);
  auto examples_cert_deleter = defer(X509_free, examples_cert);
  ssl::CertLookupTree tree;