Initial "opaque SSL" framework. If an application defines
OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.
The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.
diff --git a/apps/apps.h b/apps/apps.h
index 8bd3643..77d07da 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -365,6 +365,8 @@
double app_tminterval (int stop,int usertime);
#endif
+#define OPENSSL_NO_SSL_INTERN
+
#ifndef OPENSSL_NO_NEXTPROTONEG
unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
#endif
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 3d4c60d..5f2b739 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -196,7 +196,7 @@
if (Verbose)
{
- unsigned long id = c->id;
+ unsigned long id = SSL_CIPHER_get_id(c);
int id0 = (int)(id >> 24);
int id1 = (int)((id >> 16) & 0xffL);
int id2 = (int)((id >> 8) & 0xffL);
diff --git a/apps/s_client.c b/apps/s_client.c
index 8a57dcf..8e0e8cb 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1238,7 +1238,7 @@
}
}
#endif
- if (c_Pause & 0x01) con->debug=1;
+ if (c_Pause & 0x01) SSL_set_debug(con, 1);
if ( SSL_version(con) == DTLS1_VERSION)
{
@@ -1287,7 +1287,7 @@
if (c_debug)
{
- con->debug=1;
+ SSL_set_debug(con, 1);
BIO_set_callback(sbio,bio_dump_callback);
BIO_set_callback_arg(sbio,(char *)bio_c_out);
}
@@ -1972,7 +1972,7 @@
BIO_number_read(SSL_get_rbio(s)),
BIO_number_written(SSL_get_wbio(s)));
}
- BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
+ BIO_printf(bio,(SSL_cache_hit(s)?"---\nReused, ":"---\nNew, "));
c=SSL_get_current_cipher(s);
BIO_printf(bio,"%s, Cipher is %s\n",
SSL_CIPHER_get_version(c),
diff --git a/apps/s_server.c b/apps/s_server.c
index 97389cd..9233384 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -2042,7 +2042,7 @@
if (s_debug)
{
- con->debug=1;
+ SSL_set_debug(con, 1);
BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
}
@@ -2380,7 +2380,7 @@
BIO_printf(bio_s_out, "\n");
}
#endif
- if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
+ if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n");
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
TLS1_FLAGS_TLS_PADDING_BUG)
BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
@@ -2499,7 +2499,7 @@
if (s_debug)
{
- con->debug=1;
+ SSL_set_debug(con, 1);
BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
}
@@ -2585,7 +2585,7 @@
goto err;
}
/* EVIL HACK! */
- con->state = SSL_ST_ACCEPT;
+ SSL_set_state(con, SSL_ST_ACCEPT);
i=SSL_do_handshake(con);
BIO_printf(bio_s_out, "SSL_do_handshake -> %d\n",i);
if (i <= 0)
@@ -2651,7 +2651,7 @@
}
BIO_puts(io,"\n");
}
- BIO_printf(io,((con->hit)
+ BIO_printf(io,(SSL_cache_hit(con)
?"---\nReused, "
:"---\nNew, "));
c=SSL_get_current_cipher(con);
@@ -2908,7 +2908,7 @@
typedef struct simple_ssl_session_st
{
unsigned char *id;
- int idlen;
+ unsigned int idlen;
unsigned char *der;
int derlen;
struct simple_ssl_session_st *next;
@@ -2923,10 +2923,10 @@
sess = OPENSSL_malloc(sizeof(simple_ssl_session));
- sess->idlen = session->session_id_length;
+ sess->idlen = SSL_SESSION_get_id_len(session);
sess->derlen = i2d_SSL_SESSION(session, NULL);
- sess->id = BUF_memdup(session->session_id, sess->idlen);
+ sess->id = BUF_memdup(SSL_SESSION_get0_id(session), sess->idlen);
sess->der = OPENSSL_malloc(sess->derlen);
p = sess->der;
@@ -2945,7 +2945,7 @@
*do_copy = 0;
for (sess = first; sess; sess = sess->next)
{
- if (idlen == sess->idlen && !memcmp(sess->id, id, idlen))
+ if (idlen == (int)sess->idlen && !memcmp(sess->id, id, idlen))
{
const unsigned char *p = sess->der;
BIO_printf(bio_err, "Lookup session: cache hit\n");
@@ -2959,8 +2959,8 @@
static void del_session(SSL_CTX *sctx, SSL_SESSION *session)
{
simple_ssl_session *sess, *prev = NULL;
- unsigned char *id = session->session_id;
- int idlen = session->session_id_length;
+ const unsigned char *id = SSL_SESSION_get0_id(session);
+ unsigned int idlen = SSL_SESSION_get_id_len(session);
for (sess = first; sess; sess = sess->next)
{
if (idlen == sess->idlen && !memcmp(sess->id, id, idlen))
diff --git a/apps/sess_id.c b/apps/sess_id.c
index b99179f..b16686c 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -90,6 +90,7 @@
int MAIN(int argc, char **argv)
{
SSL_SESSION *x=NULL;
+ X509 *peer = NULL;
int ret=1,i,num,badops=0;
BIO *out=NULL;
int informat,outformat;
@@ -163,16 +164,17 @@
ERR_load_crypto_strings();
x=load_sess_id(infile,informat);
if (x == NULL) { goto end; }
+ peer = SSL_SESSION_get0_peer(x);
if(context)
{
- x->sid_ctx_length=strlen(context);
- if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
+ size_t ctx_len = strlen(context);
+ if(ctx_len > SSL_MAX_SID_CTX_LENGTH)
{
BIO_printf(bio_err,"Context too long\n");
goto end;
}
- memcpy(x->sid_ctx,context,x->sid_ctx_length);
+ SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len);
}
#ifdef undef
@@ -231,10 +233,10 @@
if (cert)
{
- if (x->peer == NULL)
+ if (peer == NULL)
BIO_puts(out,"No certificate present\n");
else
- X509_print(out,x->peer);
+ X509_print(out,peer);
}
}
@@ -253,12 +255,12 @@
goto end;
}
}
- else if (!noout && (x->peer != NULL)) /* just print the certificate */
+ else if (!noout && (peer != NULL)) /* just print the certificate */
{
if (outformat == FORMAT_ASN1)
- i=(int)i2d_X509_bio(out,x->peer);
+ i=(int)i2d_X509_bio(out,peer);
else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_X509(out,x->peer);
+ i=PEM_write_bio_X509(out,peer);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
