Lines 1-124
Link Here
|
1 |
From 628e3ca9fe7a1bed1ce2308e2df4a1a4ecd1dfe7 Mon Sep 17 00:00:00 2001 |
1 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp.orig 2019-10-05 03:09:25 UTC |
2 |
From: Christopher Kohlhoff <chris@kohlhoff.com> |
|
|
3 |
Date: Fri, 20 Mar 2015 08:46:51 +1100 |
4 |
Subject: [PATCH] ERR_remove_state is deprecated, use ERR_remove_thread_state |
5 |
instead. |
6 |
|
7 |
--- |
8 |
asio/include/asio/ssl/detail/impl/openssl_init.ipp | 4 ++++ |
9 |
1 file changed, 4 insertions(+) |
10 |
|
11 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
12 |
index 2c40d40..da66fc1 100644 |
13 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
14 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
15 |
@@ -63,7 +63,11 @@ public: |
16 |
::CRYPTO_set_id_callback(0); |
17 |
::CRYPTO_set_locking_callback(0); |
18 |
::ERR_free_strings(); |
19 |
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) |
20 |
+ ::ERR_remove_thread_state(NULL); |
21 |
+#else // (OPENSSL_VERSION_NUMBER >= 0x10000000L) |
22 |
::ERR_remove_state(0); |
23 |
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10000000L) |
24 |
::EVP_cleanup(); |
25 |
::CRYPTO_cleanup_all_ex_data(); |
26 |
::CONF_modules_unload(1); |
27 |
From aa21de0944b4327f998fe161dde5ddaaf38cec5c Mon Sep 17 00:00:00 2001 |
28 |
From: Christopher Kohlhoff <chris@kohlhoff.com> |
29 |
Date: Sat, 21 Mar 2015 20:52:42 +1100 |
30 |
Subject: [PATCH] Remove redundant pointer check in SSL engine. |
31 |
|
32 |
--- |
33 |
asio/include/asio/ssl/detail/impl/engine.ipp | 2 +- |
34 |
1 file changed, 1 insertion(+), 1 deletion(-) |
35 |
|
36 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp |
37 |
index 5504411..2e4a39d 100644 |
38 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp |
39 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp |
2 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp |
40 |
@@ -206,7 +206,7 @@ const asio::error_code& engine::map_error_code( |
3 |
@@ -205,8 +205,10 @@ const asio::error_code& engine::map_error_code( |
41 |
|
4 |
|
42 |
// SSL v2 doesn't provide a protocol-level shutdown, so an eof on the |
5 |
// SSL v2 doesn't provide a protocol-level shutdown, so an eof on the |
43 |
// underlying transport is passed through. |
6 |
// underlying transport is passed through. |
44 |
- if (ssl_ && ssl_->version == SSL2_VERSION) |
7 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
45 |
+ if (ssl_->version == SSL2_VERSION) |
8 |
if (ssl_->version == SSL2_VERSION) |
46 |
return ec; |
9 |
return ec; |
|
|
10 |
+#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) |
47 |
|
11 |
|
48 |
// Otherwise, the peer should have negotiated a proper shutdown. |
12 |
// Otherwise, the peer should have negotiated a proper shutdown. |
49 |
From 6c70257e20ef159c581298b54838361bb54bfce4 Mon Sep 17 00:00:00 2001 |
|
|
50 |
From: Christopher Kohlhoff <chris@kohlhoff.com> |
51 |
Date: Thu, 1 Oct 2015 08:44:30 +1000 |
52 |
Subject: [PATCH] Use SSL_CTX_clear_chain_certs, if available. |
53 |
|
54 |
--- |
55 |
asio/include/asio/ssl/impl/context.ipp | 4 ++++ |
56 |
1 file changed, 4 insertions(+) |
57 |
|
58 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp |
59 |
index 08705e7..77da84e 100644 |
60 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp |
61 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp |
62 |
@@ -539,11 +539,15 @@ asio::error_code context::use_certificate_chain( |
63 |
return ec; |
64 |
} |
65 |
|
66 |
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) |
67 |
+ ::SSL_CTX_clear_chain_certs(handle_); |
68 |
+#else |
69 |
if (handle_->extra_certs) |
70 |
{ |
71 |
::sk_X509_pop_free(handle_->extra_certs, X509_free); |
72 |
handle_->extra_certs = 0; |
73 |
} |
74 |
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) |
75 |
|
76 |
while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0, |
77 |
handle_->default_passwd_callback, |
78 |
From 92bfc623e6a71353dd2c783f4c9fef5591ac550d Mon Sep 17 00:00:00 2001 |
79 |
From: Christopher Kohlhoff <chris@kohlhoff.com> |
80 |
Date: Thu, 19 Nov 2015 10:24:56 +1100 |
81 |
Subject: [PATCH] Add new error category and constant for |
82 |
ssl::error::stream_truncated. |
83 |
|
84 |
This error replaces uses of SSL_R_SHORT_READ, and indicates that the |
85 |
SSL stream has been shut down abruptly. (I.e. the underlying socket |
86 |
has been closed without performing an SSL-layer shutdown.) |
87 |
--- |
88 |
asio/include/asio/ssl/detail/impl/engine.ipp | 8 ++----- |
89 |
asio/include/asio/ssl/error.hpp | 34 ++++++++++++++++++++++++++++ |
90 |
asio/include/asio/ssl/impl/error.ipp | 33 ++++++++++++++++++++++++++- |
91 |
3 files changed, 68 insertions(+), 7 deletions(-) |
92 |
|
93 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp |
94 |
index b59cf18..9abe010 100644 |
95 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp |
96 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp |
97 |
@@ -195,9 +195,7 @@ const asio::error_code& engine::map_error_code( |
98 |
// If there's data yet to be read, it's an error. |
99 |
if (BIO_wpending(ext_bio_)) |
100 |
{ |
101 |
- ec = asio::error_code( |
102 |
- ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ), |
103 |
- asio::error::get_ssl_category()); |
104 |
+ ec = asio::ssl::error::stream_truncated; |
105 |
return ec; |
106 |
} |
107 |
|
108 |
@@ -209,9 +207,7 @@ const asio::error_code& engine::map_error_code( |
109 |
// Otherwise, the peer should have negotiated a proper shutdown. |
110 |
if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0) |
13 |
if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0) |
|
|
14 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp.orig 2019-10-05 03:09:25 UTC |
15 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
16 |
@@ -35,11 +35,11 @@ class openssl_init_base::do_init |
17 |
public: |
18 |
do_init() |
111 |
{ |
19 |
{ |
112 |
- ec = asio::error_code( |
20 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
113 |
- ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ), |
21 |
::SSL_library_init(); |
114 |
- asio::error::get_ssl_category()); |
22 |
::SSL_load_error_strings(); |
115 |
+ ec = asio::ssl::error::stream_truncated; |
23 |
::OpenSSL_add_all_algorithms(); |
116 |
} |
|
|
117 |
|
24 |
|
118 |
return ec; |
25 |
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
119 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/error.hpp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/error.hpp |
26 |
mutexes_.resize(::CRYPTO_num_locks()); |
120 |
index 1385d2a..f044f59 100644 |
27 |
for (size_t i = 0; i < mutexes_.size(); ++i) |
121 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/error.hpp |
28 |
mutexes_[i].reset(new asio::detail::mutex); |
|
|
29 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/openssl_types.hpp.orig 2019-09-04 17:33:32 UTC |
30 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/openssl_types.hpp |
31 |
@@ -21,7 +21,9 @@ |
32 |
#if !defined(OPENSSL_NO_ENGINE) |
33 |
# include <openssl/engine.h> |
34 |
#endif // !defined(OPENSSL_NO_ENGINE) |
35 |
+#include <openssl/dh.h> |
36 |
#include <openssl/err.h> |
37 |
+#include <openssl/rsa.h> |
38 |
#include <openssl/x509v3.h> |
39 |
#include "asio/detail/socket_types.hpp" |
40 |
|
41 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/error.hpp.orig 2019-09-04 17:33:32 UTC |
122 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/error.hpp |
42 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/error.hpp |
123 |
@@ -25,6 +25,7 @@ namespace error { |
43 |
@@ -25,6 +25,7 @@ namespace error { |
124 |
|
44 |
|
Lines 128-134
Link Here
|
128 |
}; |
48 |
}; |
129 |
|
49 |
|
130 |
extern ASIO_DECL |
50 |
extern ASIO_DECL |
131 |
@@ -34,6 +35,23 @@ static const asio::error_category& ssl_category |
51 |
@@ -34,6 +35,23 @@ ASIO_USED_VARIABLE static const asio::error_category& |
132 |
= asio::error::get_ssl_category(); |
52 |
= asio::error::get_ssl_category(); |
133 |
|
53 |
|
134 |
} // namespace error |
54 |
} // namespace error |
Lines 152-158
Link Here
|
152 |
} // namespace asio |
72 |
} // namespace asio |
153 |
|
73 |
|
154 |
#if defined(ASIO_HAS_STD_SYSTEM_ERROR) |
74 |
#if defined(ASIO_HAS_STD_SYSTEM_ERROR) |
155 |
@@ -44,6 +62,11 @@ template<> struct is_error_code_enum<asio::error::ssl_errors> |
75 |
@@ -44,6 +62,11 @@ template<> struct is_error_code_enum<asio::error::ssl_ |
156 |
static const bool value = true; |
76 |
static const bool value = true; |
157 |
}; |
77 |
}; |
158 |
|
78 |
|
Lines 182-358
Link Here
|
182 |
} // namespace asio |
102 |
} // namespace asio |
183 |
|
103 |
|
184 |
#include "asio/detail/pop_options.hpp" |
104 |
#include "asio/detail/pop_options.hpp" |
185 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/error.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/error.ipp |
105 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp.orig 2019-10-05 03:09:25 UTC |
186 |
index 9e76039..8c20e81 100644 |
|
|
187 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/error.ipp |
188 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/error.ipp |
189 |
@@ -23,7 +23,6 @@ |
190 |
|
191 |
namespace asio { |
192 |
namespace error { |
193 |
- |
194 |
namespace detail { |
195 |
|
196 |
class ssl_category : public asio::error_category |
197 |
@@ -50,6 +49,38 @@ const asio::error_category& get_ssl_category() |
198 |
} |
199 |
|
200 |
} // namespace error |
201 |
+namespace ssl { |
202 |
+namespace error { |
203 |
+namespace detail { |
204 |
+ |
205 |
+class stream_category : public asio::error_category |
206 |
+{ |
207 |
+public: |
208 |
+ const char* name() const ASIO_ERROR_CATEGORY_NOEXCEPT |
209 |
+ { |
210 |
+ return "asio.ssl.stream"; |
211 |
+ } |
212 |
+ |
213 |
+ std::string message(int value) const |
214 |
+ { |
215 |
+ switch (value) |
216 |
+ { |
217 |
+ case stream_truncated: return "stream truncated"; |
218 |
+ default: return "asio.ssl.stream error"; |
219 |
+ } |
220 |
+ } |
221 |
+}; |
222 |
+ |
223 |
+} // namespace detail |
224 |
+ |
225 |
+const asio::error_category& get_stream_category() |
226 |
+{ |
227 |
+ static detail::stream_category instance; |
228 |
+ return instance; |
229 |
+} |
230 |
+ |
231 |
+} // namespace error |
232 |
+} // namespace ssl |
233 |
} // namespace asio |
234 |
|
235 |
#include "asio/detail/pop_options.hpp" |
236 |
From 5fa80539834c10406611bb02c20cdba2a9171f4a Mon Sep 17 00:00:00 2001 |
237 |
From: Christopher Kohlhoff <chris@kohlhoff.com> |
238 |
Date: Thu, 19 Nov 2015 10:25:42 +1100 |
239 |
Subject: [PATCH] BoringSSL does not provide CONF_modules_unload. |
240 |
|
241 |
--- |
242 |
asio/include/asio/ssl/detail/impl/openssl_init.ipp | 2 ++ |
243 |
1 file changed, 2 insertions(+) |
244 |
|
245 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
246 |
index da66fc1..2a70bf5 100644 |
247 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
248 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
249 |
@@ -70,7 +70,9 @@ public: |
250 |
#endif // (OPENSSL_VERSION_NUMBER >= 0x10000000L) |
251 |
::EVP_cleanup(); |
252 |
::CRYPTO_cleanup_all_ex_data(); |
253 |
+#if !defined(OPENSSL_IS_BORINGSSL) |
254 |
::CONF_modules_unload(1); |
255 |
+#endif // !defined(OPENSSL_IS_BORINGSSL) |
256 |
#if !defined(OPENSSL_NO_ENGINE) |
257 |
::ENGINE_cleanup(); |
258 |
#endif // !defined(OPENSSL_NO_ENGINE) |
259 |
From 062b19c97bb85f4625b46f93ee19b234948ff235 Mon Sep 17 00:00:00 2001 |
260 |
From: Marcel Raad <raad@teamviewer.com> |
261 |
Date: Fri, 1 Apr 2016 10:46:17 +0200 |
262 |
Subject: [PATCH] Add compatibility with OpenSSL 1.1 - SSLv2 has been |
263 |
completely removed from OpenSSL, even without OPENSSL_NO_SSL2 - there is a |
264 |
new threading API without locking callbacks - struct SSL_CTX has been made |
265 |
opaque and must be used via accessor functions - some cleanup functions have |
266 |
been removed |
267 |
|
268 |
--- |
269 |
asio/include/asio/ssl/detail/impl/engine.ipp | 2 + |
270 |
asio/include/asio/ssl/detail/impl/openssl_init.ipp | 20 ++++-- |
271 |
asio/include/asio/ssl/impl/context.ipp | 71 +++++++++++++++++----- |
272 |
3 files changed, 72 insertions(+), 21 deletions(-) |
273 |
|
274 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp |
275 |
index fa5d4b0..22b7cdd 100644 |
276 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp |
277 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/engine.ipp |
278 |
@@ -201,8 +201,10 @@ const asio::error_code& engine::map_error_code( |
279 |
|
280 |
// SSL v2 doesn't provide a protocol-level shutdown, so an eof on the |
281 |
// underlying transport is passed through. |
282 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
283 |
if (ssl_->version == SSL2_VERSION) |
284 |
return ec; |
285 |
+#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) |
286 |
|
287 |
// Otherwise, the peer should have negotiated a proper shutdown. |
288 |
if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0) |
289 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
290 |
index 700b678..62a49cd 100644 |
291 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
292 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
293 |
@@ -39,11 +39,13 @@ public: |
294 |
::SSL_load_error_strings(); |
295 |
::OpenSSL_add_all_algorithms(); |
296 |
|
297 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
298 |
mutexes_.resize(::CRYPTO_num_locks()); |
299 |
for (size_t i = 0; i < mutexes_.size(); ++i) |
300 |
mutexes_[i].reset(new asio::detail::mutex); |
301 |
::CRYPTO_set_locking_callback(&do_init::openssl_locking_func); |
302 |
::CRYPTO_set_id_callback(&do_init::openssl_id_func); |
303 |
+#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) |
304 |
|
305 |
#if !defined(SSL_OP_NO_COMPRESSION) \ |
306 |
&& (OPENSSL_VERSION_NUMBER >= 0x00908000L) |
307 |
@@ -60,22 +62,26 @@ public: |
308 |
#endif // !defined(SSL_OP_NO_COMPRESSION) |
309 |
// && (OPENSSL_VERSION_NUMBER >= 0x00908000L) |
310 |
|
311 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
312 |
::CRYPTO_set_id_callback(0); |
313 |
::CRYPTO_set_locking_callback(0); |
314 |
::ERR_free_strings(); |
315 |
-#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) |
316 |
- ::ERR_remove_thread_state(NULL); |
317 |
-#else // (OPENSSL_VERSION_NUMBER >= 0x10000000L) |
318 |
- ::ERR_remove_state(0); |
319 |
-#endif // (OPENSSL_VERSION_NUMBER >= 0x10000000L) |
320 |
::EVP_cleanup(); |
321 |
::CRYPTO_cleanup_all_ex_data(); |
322 |
+#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) |
323 |
+#if (OPENSSL_VERSION_NUMBER < 0x10000000L) |
324 |
+ ::ERR_remove_state(0); |
325 |
+#elif (OPENSSL_VERSION_NUMBER < 0x10100000L) |
326 |
+ ::ERR_remove_thread_state(NULL); |
327 |
+#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) |
328 |
#if !defined(OPENSSL_IS_BORINGSSL) |
329 |
::CONF_modules_unload(1); |
330 |
#endif // !defined(OPENSSL_IS_BORINGSSL) |
331 |
-#if !defined(OPENSSL_NO_ENGINE) |
332 |
+#if !defined(OPENSSL_NO_ENGINE) \ |
333 |
+ && (OPENSSL_VERSION_NUMBER < 0x10100000L) |
334 |
::ENGINE_cleanup(); |
335 |
#endif // !defined(OPENSSL_NO_ENGINE) |
336 |
+ // && (OPENSSL_VERSION_NUMBER < 0x10100000L) |
337 |
} |
338 |
|
339 |
#if !defined(SSL_OP_NO_COMPRESSION) \ |
340 |
@@ -104,10 +110,12 @@ private: |
341 |
static void openssl_locking_func(int mode, int n, |
342 |
const char* /*file*/, int /*line*/) |
343 |
{ |
344 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
345 |
if (mode & CRYPTO_LOCK) |
346 |
instance()->mutexes_[n]->lock(); |
347 |
else |
348 |
instance()->mutexes_[n]->unlock(); |
349 |
+#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) |
350 |
} |
351 |
|
352 |
// Mutexes to be used in locking callbacks. |
353 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp |
354 |
index 02210d9..fde7709 100644 |
355 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp |
356 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp |
106 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp |
357 |
@@ -66,7 +66,8 @@ context::context(context::method m) |
107 |
@@ -66,7 +66,8 @@ context::context(context::method m) |
358 |
|
108 |
|
Lines 405-411
Link Here
|
405 |
} |
155 |
} |
406 |
|
156 |
|
407 |
if (SSL_CTX_get_app_data(handle_)) |
157 |
if (SSL_CTX_get_app_data(handle_)) |
408 |
@@ -528,10 +540,17 @@ ASIO_SYNC_OP_VOID context::use_certificate_chain( |
158 |
@@ -528,10 +540,17 @@ asio::error_code context::use_certificate_chain( |
409 |
bio_cleanup bio = { make_buffer_bio(chain) }; |
159 |
bio_cleanup bio = { make_buffer_bio(chain) }; |
410 |
if (bio.p) |
160 |
if (bio.p) |
411 |
{ |
161 |
{ |
Lines 425-431
Link Here
|
425 |
if (!cert.p) |
175 |
if (!cert.p) |
426 |
{ |
176 |
{ |
427 |
ec = asio::error_code(ERR_R_PEM_LIB, |
177 |
ec = asio::error_code(ERR_R_PEM_LIB, |
428 |
@@ -559,8 +578,8 @@ ASIO_SYNC_OP_VOID context::use_certificate_chain( |
178 |
@@ -559,8 +578,8 @@ asio::error_code context::use_certificate_chain( |
429 |
#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) |
179 |
#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) |
430 |
|
180 |
|
431 |
while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0, |
181 |
while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0, |
Lines 436-442
Link Here
|
436 |
{ |
186 |
{ |
437 |
if (!::SSL_CTX_add_extra_chain_cert(handle_, cacert)) |
187 |
if (!::SSL_CTX_add_extra_chain_cert(handle_, cacert)) |
438 |
{ |
188 |
{ |
439 |
@@ -625,6 +644,14 @@ ASIO_SYNC_OP_VOID context::use_private_key( |
189 |
@@ -625,6 +644,14 @@ asio::error_code context::use_private_key( |
440 |
{ |
190 |
{ |
441 |
::ERR_clear_error(); |
191 |
::ERR_clear_error(); |
442 |
|
192 |
|
Lines 451-457
Link Here
|
451 |
bio_cleanup bio = { make_buffer_bio(private_key) }; |
201 |
bio_cleanup bio = { make_buffer_bio(private_key) }; |
452 |
if (bio.p) |
202 |
if (bio.p) |
453 |
{ |
203 |
{ |
454 |
@@ -636,8 +663,8 @@ ASIO_SYNC_OP_VOID context::use_private_key( |
204 |
@@ -636,8 +663,8 @@ asio::error_code context::use_private_key( |
455 |
break; |
205 |
break; |
456 |
case context_base::pem: |
206 |
case context_base::pem: |
457 |
evp_private_key.p = ::PEM_read_bio_PrivateKey( |
207 |
evp_private_key.p = ::PEM_read_bio_PrivateKey( |
Lines 462-468
Link Here
|
462 |
break; |
212 |
break; |
463 |
default: |
213 |
default: |
464 |
{ |
214 |
{ |
465 |
@@ -684,6 +711,14 @@ ASIO_SYNC_OP_VOID context::use_rsa_private_key( |
215 |
@@ -684,6 +711,14 @@ asio::error_code context::use_rsa_private_key( |
466 |
{ |
216 |
{ |
467 |
::ERR_clear_error(); |
217 |
::ERR_clear_error(); |
468 |
|
218 |
|
Lines 477-483
Link Here
|
477 |
bio_cleanup bio = { make_buffer_bio(private_key) }; |
227 |
bio_cleanup bio = { make_buffer_bio(private_key) }; |
478 |
if (bio.p) |
228 |
if (bio.p) |
479 |
{ |
229 |
{ |
480 |
@@ -695,8 +730,8 @@ ASIO_SYNC_OP_VOID context::use_rsa_private_key( |
230 |
@@ -695,8 +730,8 @@ asio::error_code context::use_rsa_private_key( |
481 |
break; |
231 |
break; |
482 |
case context_base::pem: |
232 |
case context_base::pem: |
483 |
rsa_private_key.p = ::PEM_read_bio_RSAPrivateKey( |
233 |
rsa_private_key.p = ::PEM_read_bio_RSAPrivateKey( |
Lines 488-495
Link Here
|
488 |
break; |
238 |
break; |
489 |
default: |
239 |
default: |
490 |
{ |
240 |
{ |
491 |
@@ -915,11 +950,17 @@ int context::verify_callback_function(int preverified, X509_STORE_CTX* ctx) |
241 |
@@ -915,11 +950,17 @@ int context::verify_callback_function(int preverified, |
492 |
ASIO_SYNC_OP_VOID context::do_set_password_callback( |
242 |
asio::error_code context::do_set_password_callback( |
493 |
detail::password_callback_base* callback, asio::error_code& ec) |
243 |
detail::password_callback_base* callback, asio::error_code& ec) |
494 |
{ |
244 |
{ |
495 |
- if (handle_->default_passwd_callback_userdata) |
245 |
- if (handle_->default_passwd_callback_userdata) |
Lines 510-666
Link Here
|
510 |
|
260 |
|
511 |
SSL_CTX_set_default_passwd_cb(handle_, &context::password_callback_function); |
261 |
SSL_CTX_set_default_passwd_cb(handle_, &context::password_callback_function); |
512 |
|
262 |
|
513 |
From 69e44a4cc6eb5ba21ede409779a7b777c0eb3869 Mon Sep 17 00:00:00 2001 |
263 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/error.ipp.orig 2019-09-04 17:33:32 UTC |
514 |
From: Christopher Kohlhoff <chris@kohlhoff.com> |
264 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/error.ipp |
515 |
Date: Sun, 28 Aug 2016 10:02:08 +1000 |
265 |
@@ -23,7 +23,6 @@ |
516 |
Subject: [PATCH] Fix errors when OPENSSL_NO_DEPRECATED is defined. |
|
|
517 |
|
518 |
--- |
519 |
asio/include/asio/ssl/detail/impl/openssl_init.ipp | 23 +++++++++++----------- |
520 |
asio/include/asio/ssl/detail/openssl_types.hpp | 2 ++ |
521 |
2 files changed, 13 insertions(+), 12 deletions(-) |
522 |
|
523 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
524 |
index 62a49cd..4cc9859 100644 |
525 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
526 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
527 |
@@ -44,8 +44,10 @@ public: |
528 |
for (size_t i = 0; i < mutexes_.size(); ++i) |
529 |
mutexes_[i].reset(new asio::detail::mutex); |
530 |
::CRYPTO_set_locking_callback(&do_init::openssl_locking_func); |
531 |
- ::CRYPTO_set_id_callback(&do_init::openssl_id_func); |
532 |
#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) |
533 |
+#if (OPENSSL_VERSION_NUMBER < 0x10000000L) |
534 |
+ ::CRYPTO_set_id_callback(&do_init::openssl_id_func); |
535 |
+#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) |
536 |
|
266 |
|
537 |
#if !defined(SSL_OP_NO_COMPRESSION) \ |
267 |
namespace asio { |
538 |
&& (OPENSSL_VERSION_NUMBER >= 0x00908000L) |
268 |
namespace error { |
539 |
@@ -62,8 +64,10 @@ public: |
|
|
540 |
#endif // !defined(SSL_OP_NO_COMPRESSION) |
541 |
// && (OPENSSL_VERSION_NUMBER >= 0x00908000L) |
542 |
|
543 |
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
544 |
+#if (OPENSSL_VERSION_NUMBER < 0x10000000L) |
545 |
::CRYPTO_set_id_callback(0); |
546 |
+#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) |
547 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
548 |
::CRYPTO_set_locking_callback(0); |
549 |
::ERR_free_strings(); |
550 |
::EVP_cleanup(); |
551 |
@@ -94,38 +98,33 @@ public: |
552 |
// && (OPENSSL_VERSION_NUMBER >= 0x00908000L) |
553 |
|
554 |
private: |
555 |
+#if (OPENSSL_VERSION_NUMBER < 0x10000000L) |
556 |
static unsigned long openssl_id_func() |
557 |
{ |
558 |
#if defined(ASIO_WINDOWS) || defined(__CYGWIN__) |
559 |
return ::GetCurrentThreadId(); |
560 |
#else // defined(ASIO_WINDOWS) || defined(__CYGWIN__) |
561 |
- void* id = instance()->thread_id_; |
562 |
- if (id == 0) |
563 |
- instance()->thread_id_ = id = &id; // Ugh. |
564 |
+ void* id = &errno; |
565 |
ASIO_ASSERT(sizeof(unsigned long) >= sizeof(void*)); |
566 |
return reinterpret_cast<unsigned long>(id); |
567 |
#endif // defined(ASIO_WINDOWS) || defined(__CYGWIN__) |
568 |
} |
569 |
+#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) |
570 |
|
571 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
572 |
static void openssl_locking_func(int mode, int n, |
573 |
const char* /*file*/, int /*line*/) |
574 |
{ |
575 |
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
576 |
if (mode & CRYPTO_LOCK) |
577 |
instance()->mutexes_[n]->lock(); |
578 |
else |
579 |
instance()->mutexes_[n]->unlock(); |
580 |
-#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) |
581 |
} |
582 |
|
583 |
// Mutexes to be used in locking callbacks. |
584 |
std::vector<asio::detail::shared_ptr< |
585 |
asio::detail::mutex> > mutexes_; |
586 |
- |
269 |
- |
587 |
-#if !defined(ASIO_WINDOWS) && !defined(__CYGWIN__) |
270 |
namespace detail { |
588 |
- // The thread identifiers to be used by openssl. |
|
|
589 |
- asio::detail::tss_ptr<void> thread_id_; |
590 |
-#endif // !defined(ASIO_WINDOWS) && !defined(__CYGWIN__) |
591 |
+#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) |
592 |
|
271 |
|
593 |
#if !defined(SSL_OP_NO_COMPRESSION) \ |
272 |
class ssl_category : public asio::error_category |
594 |
&& (OPENSSL_VERSION_NUMBER >= 0x00908000L) |
273 |
@@ -50,6 +49,38 @@ const asio::error_category& get_ssl_category() |
595 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/openssl_types.hpp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/openssl_types.hpp |
274 |
} |
596 |
index d9cfc71..eda740d 100644 |
|
|
597 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/openssl_types.hpp |
598 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/openssl_types.hpp |
599 |
@@ -21,7 +21,9 @@ |
600 |
#if !defined(OPENSSL_NO_ENGINE) |
601 |
# include <openssl/engine.h> |
602 |
#endif // !defined(OPENSSL_NO_ENGINE) |
603 |
+#include <openssl/dh.h> |
604 |
#include <openssl/err.h> |
605 |
+#include <openssl/rsa.h> |
606 |
#include <openssl/x509v3.h> |
607 |
#include "asio/detail/socket_types.hpp" |
608 |
|
275 |
|
609 |
From 2cde22623ca0fd9571d8d57c5a8965082d815e1c Mon Sep 17 00:00:00 2001 |
276 |
} // namespace error |
610 |
From: Christopher Kohlhoff <chris@kohlhoff.com> |
277 |
+namespace ssl { |
611 |
Date: Tue, 13 Sep 2016 21:59:03 +1000 |
278 |
+namespace error { |
612 |
Subject: [PATCH] Call SSL_COMP_free_compression_methods() on ssl cleanup. |
279 |
+namespace detail { |
613 |
|
280 |
+ |
614 |
This call is needed for OpenSSL >=1.0.2 and <1.1.0. |
281 |
+class stream_category : public asio::error_category |
615 |
--- |
282 |
+{ |
616 |
asio/include/asio/ssl/detail/impl/openssl_init.ipp | 5 +++++ |
283 |
+public: |
617 |
1 file changed, 5 insertions(+) |
284 |
+ const char* name() const ASIO_ERROR_CATEGORY_NOEXCEPT |
618 |
|
285 |
+ { |
619 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
286 |
+ return "asio.ssl.stream"; |
620 |
index 4cc9859..392eff9 100644 |
287 |
+ } |
621 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
288 |
+ |
622 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
289 |
+ std::string message(int value) const |
623 |
@@ -78,6 +78,11 @@ public: |
290 |
+ { |
624 |
#elif (OPENSSL_VERSION_NUMBER < 0x10100000L) |
291 |
+ switch (value) |
625 |
::ERR_remove_thread_state(NULL); |
292 |
+ { |
626 |
#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) |
293 |
+ case stream_truncated: return "stream truncated"; |
627 |
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) \ |
294 |
+ default: return "asio.ssl.stream error"; |
628 |
+ && (OPENSSL_VERSION_NUMBER < 0x10100000L) |
295 |
+ } |
629 |
+ ::SSL_COMP_free_compression_methods(); |
296 |
+ } |
630 |
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) |
297 |
+}; |
631 |
+ // && (OPENSSL_VERSION_NUMBER < 0x10100000L) |
298 |
+ |
632 |
#if !defined(OPENSSL_IS_BORINGSSL) |
299 |
+} // namespace detail |
633 |
::CONF_modules_unload(1); |
300 |
+ |
634 |
#endif // !defined(OPENSSL_IS_BORINGSSL) |
301 |
+const asio::error_category& get_stream_category() |
635 |
From dc2b5b9ac09326ba1e38a28b48170063ca2b1332 Mon Sep 17 00:00:00 2001 |
302 |
+{ |
636 |
From: Marcel Raad <MarcelRaad@users.noreply.github.com> |
303 |
+ static detail::stream_category instance; |
637 |
Date: Mon, 31 Oct 2016 10:32:19 +0100 |
304 |
+ return instance; |
638 |
Subject: [PATCH] Fix compilation with OpenSSL 1.1 API |
305 |
+} |
639 |
|
306 |
+ |
640 |
With OPENSSL_API_COMPAT=0x10100000L, SSL_library_init, SSL_load_error_strings, and OpenSSL_add_all_algorithms are removed. |
307 |
+} // namespace error |
641 |
With OPENSSL_API_COMPAT=0x10000000L, these are function-style macros mapping to OPENSSL_init_ssl, which is called automatically anyway. |
308 |
+} // namespace ssl |
642 |
|
309 |
} // namespace asio |
643 |
References: |
|
|
644 |
https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html |
645 |
https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html |
646 |
--- |
647 |
asio/include/asio/ssl/detail/impl/openssl_init.ipp | 2 +- |
648 |
1 file changed, 1 insertion(+), 1 deletion(-) |
649 |
|
650 |
diff --git src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
651 |
index 392eff9..5de0caa 100644 |
652 |
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
653 |
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/detail/impl/openssl_init.ipp |
654 |
@@ -35,11 +35,11 @@ class openssl_init_base::do_init |
655 |
public: |
656 |
do_init() |
657 |
{ |
658 |
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
659 |
::SSL_library_init(); |
660 |
::SSL_load_error_strings(); |
661 |
::OpenSSL_add_all_algorithms(); |
662 |
|
310 |
|
663 |
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
311 |
#include "asio/detail/pop_options.hpp" |
664 |
mutexes_.resize(::CRYPTO_num_locks()); |
|
|
665 |
for (size_t i = 0; i < mutexes_.size(); ++i) |
666 |
mutexes_[i].reset(new asio::detail::mutex); |