diff options
| author | Johnny Willemsen <jwillemsen@remedy.nl> | 2017-08-31 08:39:28 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-31 08:39:28 +0200 |
| commit | 764d3a74cf80e3a3d439347fbaaf9077b0f93d42 (patch) | |
| tree | e75d99cf5a0ebacab791df94f773bffdfa3e7f5d /TAO | |
| parent | dc58459e8b75d06bbe49e048647b0d0993ff2d49 (diff) | |
| parent | ff78e6235f5103312bef1de2b30798a707f8817b (diff) | |
| download | ATCD-764d3a74cf80e3a3d439347fbaaf9077b0f93d42.tar.gz | |
Merge pull request #494 from jwillemsen/jwi-openssl110support
Add support for OpenSSL 1.1
Diffstat (limited to 'TAO')
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp | 2 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h | 12 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp | 42 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl | 6 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h | 12 | ||||
| -rw-r--r-- | TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h | 12 | ||||
| -rw-r--r-- | TAO/orbsvcs/tests/Security/MT_SSLIOP/README | 4 | ||||
| -rw-r--r-- | TAO/orbsvcs/tests/Security/cert/README | 2 |
8 files changed, 47 insertions, 45 deletions
diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp index fa555ada8bd..39a18003446 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.cpp @@ -20,7 +20,7 @@ TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::copy (::EVP_PKEY const & key) // trait. This allows us to maintain exception safety. TAO::SSLIOP::EVP_PKEY_var p = ::EVP_PKEY_new (); - switch (::EVP_PKEY_type (pkey->type)) + switch (::EVP_PKEY_type (::EVP_PKEY_id(pkey))) { case EVP_PKEY_RSA: { diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h index 036520af6dc..b3e99fdb0a1 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_EVP_PKEY.h @@ -34,10 +34,6 @@ namespace TAO template <> struct OpenSSL_traits< ::EVP_PKEY > { - /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference - /// count manipulation function. - enum { LOCK_ID = CRYPTO_LOCK_EVP_PKEY }; - /// Increase the reference count on the given OpenSSL structure. /** * @note This used to be in a function template but MSVC++ 6 @@ -47,9 +43,15 @@ namespace TAO static ::EVP_PKEY * _duplicate (::EVP_PKEY * st) { if (st != 0) + { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ::EVP_PKEY_up_ref(st); +#else CRYPTO_add (&(st->references), 1, - LOCK_ID); + CRYPTO_LOCK_EVP_PKEY); +#endif + } return st; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp index 5a8dad4fe44..6bcdeda0b88 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_Factory.cpp @@ -161,8 +161,8 @@ TAO::SSLIOP::Protocol_Factory::pem_passwd_cb (char *buf, int size, int , void *t { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP_Factory::pem_passwd_cb ") - ACE_TEXT ("cannot open file: %s\n"), + ACE_TEXT ("TAO (%P|%t) - SSLIOP_Factory::pem_passwd_cb ") + ACE_TEXT ("cannot open file: %C\n"), fname)); pem_passwd_ = ""; } @@ -179,8 +179,8 @@ TAO::SSLIOP::Protocol_Factory::pem_passwd_cb (char *buf, int size, int , void *t { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP_Factory::pem_passwd_cb ") - ACE_TEXT ("cannot read file: %s\n"), + ACE_TEXT ("TAO (%P|%t) - SSLIOP_Factory::pem_passwd_cb ") + ACE_TEXT ("cannot read file: %C\n"), fname)); pem_passwd_ = ""; } @@ -202,8 +202,8 @@ TAO::SSLIOP::Protocol_Factory::pem_passwd_cb (char *buf, int size, int , void *t { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP_Factory::pem_passwd_cb ") - ACE_TEXT ("invalid env: %s\n"), + ACE_TEXT ("TAO (%P|%t) - SSLIOP_Factory::pem_passwd_cb ") + ACE_TEXT ("invalid env: %C\n"), env)); pem_passwd_ = ""; } @@ -214,7 +214,7 @@ TAO::SSLIOP::Protocol_Factory::pem_passwd_cb (char *buf, int size, int , void *t { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) SSLIOP_Factory::pem_passwd_cb truncating ") + ACE_TEXT ("TAO (%P|%t) - SSLIOP_Factory::pem_passwd_cb truncating ") ACE_TEXT ("supplied password from len %d to %d\n"), len, size - 1)); len = size - 1; @@ -343,7 +343,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { if (TAO_debug_level > 0) ORBSVCS_ERROR ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set the session id ") + ACE_TEXT ("TAO (%P|%t) - Unable to set the session id ") ACE_TEXT ("context to \'%C\'\n"), session_id_context_)); return -1; @@ -373,7 +373,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) "ALL:eNULL") == 0) { ORBSVCS_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set eNULL ") + ACE_TEXT ("TAO (%P|%t) - Unable to set eNULL ") ACE_TEXT ("SSL cipher in SSLIOP ") ACE_TEXT ("factory.\n"))); @@ -515,7 +515,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) ACE_TEXT_ALWAYS_CHAR(argv[curarg])) == 0) { ORBSVCS_DEBUG ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set cipher ") + ACE_TEXT ("TAO (%P|%t) - Unable to set cipher ") ACE_TEXT ("list in SSLIOP ") ACE_TEXT ("factory.\n"))); @@ -570,14 +570,14 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { ++errors; ORBSVCS_ERROR ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Failed to load ") + ACE_TEXT ("TAO (%P|%t) - Failed to load ") ACE_TEXT ("more entropy from <%s>: %m\n"), path)); } else { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_DEBUG, - ACE_TEXT ("TAO (%P|%t) Loaded ") + ACE_TEXT ("TAO (%P|%t) - Loaded ") ACE_TEXT ("more entropy from <%s>\n"), path)); } @@ -595,7 +595,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) if (ssl_ctx->load_trusted_ca (ca_file.in (), ca_dir.in ()) != 0) { ORBSVCS_ERROR ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to load ") + ACE_TEXT ("TAO (%P|%t) - Unable to load ") ACE_TEXT ("CA certs from %C%C%C\n"), ((ca_file.in () != 0) ? ca_file.in () : "a file pointed to by " ACE_SSL_CERT_FILE_ENV @@ -612,7 +612,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_INFO, - ACE_TEXT ("TAO (%P|%t) SSLIOP loaded ") + ACE_TEXT ("TAO (%P|%t) - SSLIOP loaded ") ACE_TEXT ("Trusted Certificates from %C%C%C\n"), ((ca_file.in () != 0) ? ca_file.in () : "a file pointed to by " ACE_SSL_CERT_FILE_ENV @@ -649,7 +649,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) // a dh parameter file and we were unable to actually find it // and load from it. ORBSVCS_ERROR ((LM_ERROR, - ACE_TEXT ("(%P|%t) SSLIOP_Factory: ") + ACE_TEXT ("(%P|%t) - SSLIOP_Factory: ") ACE_TEXT ("unable to set ") ACE_TEXT ("DH parameters <%C>\n"), dhparams_path.in () )); @@ -659,7 +659,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_INFO, - ACE_TEXT ("(%P|%t) SSLIOP_Factory: ") + ACE_TEXT ("(%P|%t) - SSLIOP_Factory: ") ACE_TEXT ("No DH parameters found in ") ACE_TEXT ("certificate <%C>; either none ") ACE_TEXT ("are needed (RSA) or problems ") @@ -671,7 +671,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_INFO, - ACE_TEXT ("(%P|%t) SSLIOP loaded ") + ACE_TEXT ("(%P|%t) - SSLIOP loaded ") ACE_TEXT ("Diffie-Hellman params ") ACE_TEXT ("from %C\n"), dhparams_path.in ())); @@ -688,7 +688,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) certificate_type) != 0) { ORBSVCS_ERROR ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set ") + ACE_TEXT ("TAO (%P|%t) - Unable to set ") ACE_TEXT ("SSL certificate <%C> ") ACE_TEXT ("in SSLIOP factory.\n"), certificate_path.in())); @@ -699,7 +699,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_INFO, - ACE_TEXT ("TAO (%P|%t) SSLIOP loaded ") + ACE_TEXT ("TAO (%P|%t) - SSLIOP loaded ") ACE_TEXT ("SSL certificate ") ACE_TEXT ("from %C\n"), certificate_path.in())); @@ -712,7 +712,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { ORBSVCS_ERROR ((LM_ERROR, - ACE_TEXT ("TAO (%P|%t) Unable to set ") + ACE_TEXT ("TAO (%P|%t) - Unable to set ") ACE_TEXT ("SSL private key ") ACE_TEXT ("<%C> in SSLIOP factory.\n"), private_key_path.in ())); @@ -723,7 +723,7 @@ TAO::SSLIOP::Protocol_Factory::init (int argc, ACE_TCHAR* argv[]) { if (TAO_debug_level > 0) ORBSVCS_DEBUG ((LM_INFO, - ACE_TEXT ("TAO (%P|%t) SSLIOP loaded ") + ACE_TEXT ("TAO (%P|%t) - SSLIOP loaded ") ACE_TEXT ("Private Key ") ACE_TEXT ("from <%C>\n"), private_key_path.in ())); diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl index 86d26e48bbd..b14d3ae93d1 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_OpenSSL_st_T.inl @@ -15,9 +15,9 @@ TAO::SSLIOP::_duplicate (T * st) // reference count on the structure it defines, so we do it // manually. if (st != 0) - CRYPTO_add (&(st->references), - 1, - TAO::SSLIOP::OpenSSL_traits<T>::LOCK_ID); + { + TAO::SSLIOP::OpenSSL_traits<T>::_duplicate(st); + } return st; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h index b549bdcea61..edd3480a24f 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_SSL.h @@ -37,10 +37,6 @@ namespace TAO template <> struct OpenSSL_traits< ::SSL > { - /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference - /// count manipulation function. - enum { LOCK_ID = CRYPTO_LOCK_SSL }; - /// Increase the reference count on the given OpenSSL structure. /** * @note This used to be in a function template but MSVC++ 6 @@ -50,9 +46,15 @@ namespace TAO static ::SSL * _duplicate (::SSL * st) { if (st != 0) + { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ::SSL_up_ref(st); +#else CRYPTO_add (&(st->references), 1, - LOCK_ID); + CRYPTO_LOCK_SSL); +#endif + } return st; } diff --git a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h index d83aa016353..0b3250f7468 100644 --- a/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h +++ b/TAO/orbsvcs/orbsvcs/SSLIOP/SSLIOP_X509.h @@ -35,10 +35,6 @@ namespace TAO template <> struct OpenSSL_traits< ::X509 > { - /// OpenSSL lock ID for use in OpenSSL CRYPTO_add() reference - /// count manipulation function. - enum { LOCK_ID = CRYPTO_LOCK_X509 }; - /// Increase the reference count on the given OpenSSL structure. /** * @note This used to be in a function template but MSVC++ 6 @@ -48,9 +44,15 @@ namespace TAO static ::X509 * _duplicate (::X509 * st) { if (st != 0) + { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ::X509_up_ref(st); +#else CRYPTO_add (&(st->references), 1, - LOCK_ID); + CRYPTO_LOCK_X509); +#endif + } return st; } diff --git a/TAO/orbsvcs/tests/Security/MT_SSLIOP/README b/TAO/orbsvcs/tests/Security/MT_SSLIOP/README index a38d6617ada..8ea7de961f5 100644 --- a/TAO/orbsvcs/tests/Security/MT_SSLIOP/README +++ b/TAO/orbsvcs/tests/Security/MT_SSLIOP/README @@ -1,8 +1,6 @@ - - Description: - This is a simple test for a thread-pool server that can +This is a simple test for a thread-pool server that can service multithreaded clients with the same object reference. It creates a server process with a variable number of threads, multiple (multithreaded) clients can send requests to it, the diff --git a/TAO/orbsvcs/tests/Security/cert/README b/TAO/orbsvcs/tests/Security/cert/README index 3fcecfb43b5..e865cbcfa5a 100644 --- a/TAO/orbsvcs/tests/Security/cert/README +++ b/TAO/orbsvcs/tests/Security/cert/README @@ -1,5 +1,3 @@ - - This is a CA used for signing keys in the security tests. The password for the CA key is DOCGroup The following steps were used to generate the cert used to test the checkhost and password features: |