diff options
-rw-r--r-- | dub.json | 25 | ||||
-rw-r--r-- | lib/d/Makefile.am | 4 | ||||
-rw-r--r-- | lib/d/src/thrift/internal/ssl.d | 19 |
3 files changed, 40 insertions, 8 deletions
@@ -9,12 +9,29 @@ "dependencies": { "libevent": { "version": "~>2.0.2" - }, - "openssl": { - "version": ">=1.1.6" } }, - "systemDependencies": "On systems with native openssl 1.0.x use dub package openssl~>1.1, on systems with native openssl 1.1.x use dub package openssl~>2.0", + "systemDependencies": "On systems with native openssl 1.0.x use dub package openssl~>1.1, on systems with native openssl 1.1.x use dub package openssl~>2.0.3 (with build bug fix: https://github.com/D-Programming-Deimos/openssl/issues/63)", + "configurations": [ + { + "name": "use_openssl_1_0", + "versions": ["use_openssl_1_0_x"], + "dependencies": { + "openssl": { + "version": "~>1.1.6" + } + } + }, + { + "name": "use_openssl_1_1", + "versions": ["use_openssl_1_1_x"], + "dependencies": { + "openssl": { + "version": "~>2.0.3" + } + } + } + ], "targetType": "library", "sourcePaths": [ "lib/d/src" diff --git a/lib/d/Makefile.am b/lib/d/Makefile.am index 4787e0a60..013721720 100644 --- a/lib/d/Makefile.am +++ b/lib/d/Makefile.am @@ -97,7 +97,7 @@ d_main_modules = $(filter-out $(d_libevent_dependent_modules) \ $(d_openssl_dependent_modules),$(d_modules)) -d_lib_flags = -w -wi -Isrc -lib +d_lib_flags = -w -wi -Isrc -lib -version=use_openssl_1_0_x all_targets = # @@ -153,7 +153,7 @@ clean-local: # # Unit tests (built both in debug and release mode). # -d_test_flags = -unittest -w -wi -I$(top_srcdir)/lib/d/src +d_test_flags = -unittest -w -wi -I$(top_srcdir)/lib/d/src -version=use_openssl_1_0_x # There just must be some way to reassign a variable without warnings in # Automake... diff --git a/lib/d/src/thrift/internal/ssl.d b/lib/d/src/thrift/internal/ssl.d index 3af54b582..29cc6d079 100644 --- a/lib/d/src/thrift/internal/ssl.d +++ b/lib/d/src/thrift/internal/ssl.d @@ -89,6 +89,20 @@ void authorize(SSL* ssl, TAccessManager accessManager, // Check subjectAltName(s), if present. auto alternatives = cast(STACK_OF!(GENERAL_NAME)*) X509_get_ext_d2i(cert, NID_subject_alt_name, null, null); + + version(use_openssl_1_0_x) { + enum _GEN_DNS = GENERAL_NAME.GEN_DNS; + enum _GEN_IPADD = GENERAL_NAME.GEN_IPADD; + } else version(use_openssl_1_1_x) { + enum _GEN_DNS = GEN_DNS; + enum _GEN_IPADD = GEN_IPADD; + } else { + static assert(false, `Must have version either use_openssl_1_0_x or use_openssl_1_1_x defined, e.g. + "subConfigurations": { + "apache-thrift": "use_openssl_1_0" + }`); + } + if (alternatives != null) { auto count = sk_GENERAL_NAME_num(alternatives); for (int i = 0; decision == Decision.SKIP && i < count; i++) { @@ -98,11 +112,12 @@ void authorize(SSL* ssl, TAccessManager accessManager, } auto data = ASN1_STRING_data(name.d.ia5); auto length = ASN1_STRING_length(name.d.ia5); + switch (name.type) { - case GENERAL_NAME.GEN_DNS: + case _GEN_DNS: decision = accessManager.verify(hostName, cast(char[])data[0 .. length]); break; - case GENERAL_NAME.GEN_IPADD: + case _GEN_IPADD: decision = accessManager.verify(peerAddress, data[0 .. length]); break; default: |