Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
1aeb3da8
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
1aeb3da8
编写于
19年前
作者:
B
Bodo Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fixes for TLS server_name extension
Submitted by: Peter Sylvester
上级
e8e5b46e
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
43 addition
and
55 deletion
+43
-55
CHANGES
CHANGES
+7
-4
apps/s_client.c
apps/s_client.c
+1
-1
apps/s_server.c
apps/s_server.c
+4
-5
ssl/s3_lib.c
ssl/s3_lib.c
+0
-13
ssl/ssl.h
ssl/ssl.h
+4
-2
ssl/ssl_lib.c
ssl/ssl_lib.c
+7
-0
ssl/ssl_sess.c
ssl/ssl_sess.c
+20
-14
ssl/tls1.h
ssl/tls1.h
+0
-16
未找到文件。
CHANGES
浏览文件 @
1aeb3da8
...
...
@@ -4,9 +4,13 @@
Changes between 0.9.8a and 0.9.9 [xx XXX xxxx]
*) Add support for TLS extensions, specifically for the HostName extension
so far. The SSL_SESSION, SSL_CTX, and SSL data structures now have new
members for HostName support.
*) Add initial support for TLS extensions, specifically for the server_name
extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
have new members for a host name. The SSL data structure has an
additional member SSL_CTX *initial_ctx so that new sessions can be
stored in that context to allow for session resumption, even after the
SSL has been switched to a new SSL_CTX in reaction to a client's
server_name extension.
New functions (subject to change):
...
...
@@ -21,7 +25,6 @@
SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
- SSL_CTX_set_tlsext_servername_arg()
SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_hostname()
SSL_CTRL_GET_TLSEXT_HOSTNAME [similar to SSL_get_servername()]
SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE
- SSL_set_tlsext_servername_done()
...
...
This diff is collapsed.
Click to expand it.
apps/s_client.c
浏览文件 @
1aeb3da8
...
...
@@ -245,7 +245,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
else
BIO_printf
(
bio_err
,
"Can't use SSL_get_servername
\n
"
);
return
SSL_ERROR_NONE
;
return
1
;
}
#endif
...
...
This diff is collapsed.
Click to expand it.
apps/s_server.c
浏览文件 @
1aeb3da8
...
...
@@ -540,24 +540,24 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
{
tlsextctx
*
p
=
(
tlsextctx
*
)
arg
;
const
char
*
servername
=
SSL_get_servername
(
s
,
TLSEXT_NAMETYPE_host_name
);
if
(
servername
)
if
(
servername
&&
p
->
biodebug
)
BIO_printf
(
p
->
biodebug
,
"Hostname in TLS extension:
\"
%s
\"\n
"
,
servername
);
if
(
!
p
->
servername
)
{
SSL_set_tlsext_servername_done
(
s
,
2
);
return
SSL_ERROR_NONE
;
return
1
;
}
if
(
servername
)
{
if
(
strcmp
(
servername
,
p
->
servername
))
return
TLS1_AD_UNRECOGNIZED_NAME
;
return
0
;
if
(
ctx2
)
SSL_set_SSL_CTX
(
s
,
ctx2
);
SSL_set_tlsext_servername_done
(
s
,
1
);
}
return
SSL_ERROR_NONE
;
return
1
;
}
#endif
...
...
@@ -845,7 +845,6 @@ int MAIN(int argc, char *argv[])
{
if
(
--
argc
<
1
)
goto
bad
;
tlsextcbp
.
servername
=
*
(
++
argv
);
/* meth=TLSv1_server_method(); */
}
else
if
(
strcmp
(
*
argv
,
"-cert2"
)
==
0
)
{
...
...
This diff is collapsed.
Click to expand it.
ssl/s3_lib.c
浏览文件 @
1aeb3da8
...
...
@@ -1644,19 +1644,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
break
;
#endif
/* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_TLSEXT
case
SSL_CTRL_GET_TLSEXT_HOSTNAME
:
if
(
larg
!=
TLSEXT_NAMETYPE_host_name
)
{
SSLerr
(
SSL_F_SSL3_CTRL
,
SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE
);
return
(
0
);
}
/* XXX cf. SSL_get_servername() (ssl_lib.c) */
if
(
s
->
session
&&
s
->
session
->
tlsext_hostname
)
*
((
char
**
)
parg
)
=
s
->
session
->
tlsext_hostname
;
else
*
((
char
**
)
parg
)
=
s
->
tlsext_hostname
;
ret
=
1
;
break
;
case
SSL_CTRL_SET_TLSEXT_HOSTNAME
:
if
(
larg
==
TLSEXT_NAMETYPE_host_name
)
{
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl.h
浏览文件 @
1aeb3da8
...
...
@@ -993,6 +993,7 @@ struct ssl_st
1 : prepare 2, allow last ack just after in server callback.
2 : don't call servername callback, no ack in server hello
*/
SSL_CTX
*
initial_ctx
;
/* initial ctx, used to store sessions */
#endif
};
...
...
@@ -1201,11 +1202,12 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52
/* see tls.h for macros based on these */
#ifndef OPENSSL_NO_TLSEXT
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
#define SSL_CTRL_
GET_TLSEXT_HOSTNAME
56
#
define SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE 57
#define SSL_CTRL_
SET_TLSEXT_SERVERNAME_DONE
56
#
endif
#define SSL_session_reused(ssl) \
SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl_lib.c
浏览文件 @
1aeb3da8
...
...
@@ -307,6 +307,10 @@ SSL *SSL_new(SSL_CTX *ctx)
CRYPTO_add
(
&
ctx
->
references
,
1
,
CRYPTO_LOCK_SSL_CTX
);
s
->
ctx
=
ctx
;
#ifndef OPENSSL_NO_TLSEXT
CRYPTO_add
(
&
ctx
->
references
,
1
,
CRYPTO_LOCK_SSL_CTX
);
s
->
initial_ctx
=
ctx
;
#endif
s
->
verify_result
=
X509_V_OK
;
...
...
@@ -493,6 +497,9 @@ void SSL_free(SSL *s)
/* Free up if allocated */
if
(
s
->
ctx
)
SSL_CTX_free
(
s
->
ctx
);
#ifndef OPENSSL_NO_TLSEXT
if
(
s
->
initial_ctx
)
SSL_CTX_free
(
s
->
initial_ctx
);
#endif
if
(
s
->
client_CA
!=
NULL
)
sk_X509_NAME_pop_free
(
s
->
client_CA
,
X509_NAME_free
);
...
...
This diff is collapsed.
Click to expand it.
ssl/ssl_sess.c
浏览文件 @
1aeb3da8
...
...
@@ -114,6 +114,12 @@
#include <openssl/rand.h>
#include "ssl_locl.h"
#ifndef OPENSSL_NO_TLSEXT
#define session_ctx initial_ctx
#else
#define session_ctx ctx
#endif
static
void
SSL_SESSION_list_remove
(
SSL_CTX
*
ctx
,
SSL_SESSION
*
s
);
static
void
SSL_SESSION_list_add
(
SSL_CTX
*
ctx
,
SSL_SESSION
*
s
);
static
int
remove_session_lock
(
SSL_CTX
*
ctx
,
SSL_SESSION
*
c
,
int
lck
);
...
...
@@ -233,7 +239,7 @@ int ssl_get_new_session(SSL *s, int session)
if
((
ss
=
SSL_SESSION_new
())
==
NULL
)
return
(
0
);
/* If the context has a default timeout, use it */
if
(
s
->
ctx
->
session_timeout
==
0
)
if
(
s
->
session_
ctx
->
session_timeout
==
0
)
ss
->
timeout
=
SSL_get_default_timeout
(
s
);
else
ss
->
timeout
=
s
->
ctx
->
session_timeout
;
...
...
@@ -276,8 +282,8 @@ int ssl_get_new_session(SSL *s, int session)
CRYPTO_r_lock
(
CRYPTO_LOCK_SSL_CTX
);
if
(
s
->
generate_session_id
)
cb
=
s
->
generate_session_id
;
else
if
(
s
->
ctx
->
generate_session_id
)
cb
=
s
->
ctx
->
generate_session_id
;
else
if
(
s
->
session_
ctx
->
generate_session_id
)
cb
=
s
->
session_
ctx
->
generate_session_id
;
CRYPTO_r_unlock
(
CRYPTO_LOCK_SSL_CTX
);
/* Choose a session ID */
tmp
=
ss
->
session_id_length
;
...
...
@@ -347,10 +353,10 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
goto
err
;
memcpy
(
data
.
session_id
,
session_id
,
len
);
if
(
!
(
s
->
ctx
->
session_cache_mode
&
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
))
if
(
!
(
s
->
session_
ctx
->
session_cache_mode
&
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
))
{
CRYPTO_r_lock
(
CRYPTO_LOCK_SSL_CTX
);
ret
=
(
SSL_SESSION
*
)
lh_retrieve
(
s
->
ctx
->
sessions
,
&
data
);
ret
=
(
SSL_SESSION
*
)
lh_retrieve
(
s
->
session_
ctx
->
sessions
,
&
data
);
if
(
ret
!=
NULL
)
/* don't allow other threads to steal it: */
CRYPTO_add
(
&
ret
->
references
,
1
,
CRYPTO_LOCK_SSL_SESSION
);
...
...
@@ -361,13 +367,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
{
int
copy
=
1
;
s
->
ctx
->
stats
.
sess_miss
++
;
s
->
session_
ctx
->
stats
.
sess_miss
++
;
ret
=
NULL
;
if
(
s
->
ctx
->
get_session_cb
!=
NULL
&&
(
ret
=
s
->
ctx
->
get_session_cb
(
s
,
session_id
,
len
,
&
copy
))
if
(
s
->
session_
ctx
->
get_session_cb
!=
NULL
&&
(
ret
=
s
->
session_
ctx
->
get_session_cb
(
s
,
session_id
,
len
,
&
copy
))
!=
NULL
)
{
s
->
ctx
->
stats
.
sess_cb_hit
++
;
s
->
session_
ctx
->
stats
.
sess_cb_hit
++
;
/* Increment reference count now if the session callback
* asks us to do so (note that if the session structures
...
...
@@ -379,10 +385,10 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
/* Add the externally cached session to the internal
* cache as well if and only if we are supposed to. */
if
(
!
(
s
->
ctx
->
session_cache_mode
&
SSL_SESS_CACHE_NO_INTERNAL_STORE
))
if
(
!
(
s
->
session_
ctx
->
session_cache_mode
&
SSL_SESS_CACHE_NO_INTERNAL_STORE
))
/* The following should not return 1, otherwise,
* things are very strange */
SSL_CTX_add_session
(
s
->
ctx
,
ret
);
SSL_CTX_add_session
(
s
->
session_
ctx
,
ret
);
}
if
(
ret
==
NULL
)
goto
err
;
...
...
@@ -447,13 +453,13 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
if
(
ret
->
timeout
<
(
long
)(
time
(
NULL
)
-
ret
->
time
))
/* timeout */
{
s
->
ctx
->
stats
.
sess_timeout
++
;
s
->
session_
ctx
->
stats
.
sess_timeout
++
;
/* remove it from the cache */
SSL_CTX_remove_session
(
s
->
ctx
,
ret
);
SSL_CTX_remove_session
(
s
->
session_
ctx
,
ret
);
goto
err
;
}
s
->
ctx
->
stats
.
sess_hit
++
;
s
->
session_
ctx
->
stats
.
sess_hit
++
;
/* ret->time=time(NULL); */
/* rezero timeout? */
/* again, just leave the session
...
...
This diff is collapsed.
Click to expand it.
ssl/tls1.h
浏览文件 @
1aeb3da8
...
...
@@ -158,9 +158,6 @@ extern "C" {
#define TLSEXT_TYPE_trusted_ca_keys 3
#define TLSEXT_TYPE_truncated_hmac 4
#define TLSEXT_TYPE_status_request 5
#if 0
#define TLSEXT_TYPE_srp 6
#endif
/* NameType value from RFC 3546 */
#define TLSEXT_NAMETYPE_host_name 0
...
...
@@ -181,19 +178,6 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
#define SSL_set_tlsext_servername_done(s,t) \
SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_SERVERNAME_DONE,t, NULL)
#if 0
# if 0
#define SSL_get_tlsext_hostname(s,psn) \
SSL_ctrl(s,SSL_CTRL_GET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name, (void *)psn)
# else
/* XXX this looks weird for a macro, define a function instead? */
*
or
just
used
SSL_get_servername
()
directly
...
*/
#define SSL_get_tlsext_hostname(s,psn) \
(*psn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name),*psn != NULL)
# endif
#endif
#endif
...
...
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部