From 628e3ca9fe7a1bed1ce2308e2df4a1a4ecd1dfe7 Mon Sep 17 00:00:00 2001 From: Christopher Kohlhoff Date: Fri, 20 Mar 2015 08:46:51 +1100 Subject: [PATCH] ERR_remove_state is deprecated, use ERR_remove_thread_state instead. --- asio/include/asio/ssl/detail/impl/openssl_init.ipp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/asio/include/asio/ssl/detail/impl/openssl_init.ipp b/asio/include/asio/ssl/detail/impl/openssl_init.ipp index 2c40d40..da66fc1 100644 --- a/asio/include/asio/ssl/detail/impl/openssl_init.ipp +++ b/asio/include/asio/ssl/detail/impl/openssl_init.ipp @@ -63,7 +63,11 @@ public: ::CRYPTO_set_id_callback(0); ::CRYPTO_set_locking_callback(0); ::ERR_free_strings(); +#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) + ::ERR_remove_thread_state(NULL); +#else // (OPENSSL_VERSION_NUMBER >= 0x10000000L) ::ERR_remove_state(0); +#endif // (OPENSSL_VERSION_NUMBER >= 0x10000000L) ::EVP_cleanup(); ::CRYPTO_cleanup_all_ex_data(); ::CONF_modules_unload(1); From aa21de0944b4327f998fe161dde5ddaaf38cec5c Mon Sep 17 00:00:00 2001 From: Christopher Kohlhoff Date: Sat, 21 Mar 2015 20:52:42 +1100 Subject: [PATCH] Remove redundant pointer check in SSL engine. --- asio/include/asio/ssl/detail/impl/engine.ipp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asio/include/asio/ssl/detail/impl/engine.ipp b/asio/include/asio/ssl/detail/impl/engine.ipp index 5504411..2e4a39d 100644 --- a/asio/include/asio/ssl/detail/impl/engine.ipp +++ b/asio/include/asio/ssl/detail/impl/engine.ipp @@ -206,7 +206,7 @@ const asio::error_code& engine::map_error_code( // SSL v2 doesn't provide a protocol-level shutdown, so an eof on the // underlying transport is passed through. - if (ssl_ && ssl_->version == SSL2_VERSION) + if (ssl_->version == SSL2_VERSION) return ec; // Otherwise, the peer should have negotiated a proper shutdown. From 6c70257e20ef159c581298b54838361bb54bfce4 Mon Sep 17 00:00:00 2001 From: Christopher Kohlhoff Date: Thu, 1 Oct 2015 08:44:30 +1000 Subject: [PATCH] Use SSL_CTX_clear_chain_certs, if available. --- asio/include/asio/ssl/impl/context.ipp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/asio/include/asio/ssl/impl/context.ipp b/asio/include/asio/ssl/impl/context.ipp index 08705e7..77da84e 100644 --- a/asio/include/asio/ssl/impl/context.ipp +++ b/asio/include/asio/ssl/impl/context.ipp @@ -539,11 +539,15 @@ asio::error_code context::use_certificate_chain( return ec; } +#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) + ::SSL_CTX_clear_chain_certs(handle_); +#else if (handle_->extra_certs) { ::sk_X509_pop_free(handle_->extra_certs, X509_free); handle_->extra_certs = 0; } +#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0, handle_->default_passwd_callback, From 92bfc623e6a71353dd2c783f4c9fef5591ac550d Mon Sep 17 00:00:00 2001 From: Christopher Kohlhoff Date: Thu, 19 Nov 2015 10:24:56 +1100 Subject: [PATCH] Add new error category and constant for ssl::error::stream_truncated. This error replaces uses of SSL_R_SHORT_READ, and indicates that the SSL stream has been shut down abruptly. (I.e. the underlying socket has been closed without performing an SSL-layer shutdown.) --- asio/include/asio/ssl/detail/impl/engine.ipp | 8 ++----- asio/include/asio/ssl/error.hpp | 34 ++++++++++++++++++++++++++++ asio/include/asio/ssl/impl/error.ipp | 33 ++++++++++++++++++++++++++- 3 files changed, 68 insertions(+), 7 deletions(-) diff --git a/asio/include/asio/ssl/detail/impl/engine.ipp b/asio/include/asio/ssl/detail/impl/engine.ipp index b59cf18..9abe010 100644 --- a/asio/include/asio/ssl/detail/impl/engine.ipp +++ b/asio/include/asio/ssl/detail/impl/engine.ipp @@ -195,9 +195,7 @@ const asio::error_code& engine::map_error_code( // If there's data yet to be read, it's an error. if (BIO_wpending(ext_bio_)) { - ec = asio::error_code( - ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ), - asio::error::get_ssl_category()); + ec = asio::ssl::error::stream_truncated; return ec; } @@ -209,9 +207,7 @@ const asio::error_code& engine::map_error_code( // Otherwise, the peer should have negotiated a proper shutdown. if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0) { - ec = asio::error_code( - ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ), - asio::error::get_ssl_category()); + ec = asio::ssl::error::stream_truncated; } return ec; diff --git a/asio/include/asio/ssl/error.hpp b/asio/include/asio/ssl/error.hpp index 1385d2a..f044f59 100644 --- a/asio/include/asio/ssl/error.hpp +++ b/asio/include/asio/ssl/error.hpp @@ -25,6 +25,7 @@ namespace error { enum ssl_errors { + // Error numbers are those produced by openssl. }; extern ASIO_DECL @@ -34,6 +35,23 @@ static const asio::error_category& ssl_category = asio::error::get_ssl_category(); } // namespace error +namespace ssl { +namespace error { + +enum stream_errors +{ + /// The underlying stream closed before the ssl stream gracefully shut down. + stream_truncated = 1 +}; + +extern ASIO_DECL +const asio::error_category& get_stream_category(); + +static const asio::error_category& stream_category + = asio::ssl::error::get_stream_category(); + +} // namespace error +} // namespace ssl } // namespace asio #if defined(ASIO_HAS_STD_SYSTEM_ERROR) @@ -44,6 +62,11 @@ template<> struct is_error_code_enum static const bool value = true; }; +template<> struct is_error_code_enum +{ + static const bool value = true; +}; + } // namespace std #endif // defined(ASIO_HAS_STD_SYSTEM_ERROR) @@ -57,6 +80,17 @@ inline asio::error_code make_error_code(ssl_errors e) } } // namespace error +namespace ssl { +namespace error { + +inline asio::error_code make_error_code(stream_errors e) +{ + return asio::error_code( + static_cast(e), get_stream_category()); +} + +} // namespace error +} // namespace ssl } // namespace asio #include "asio/detail/pop_options.hpp" diff --git a/asio/include/asio/ssl/impl/error.ipp b/asio/include/asio/ssl/impl/error.ipp index 9e76039..8c20e81 100644 --- a/asio/include/asio/ssl/impl/error.ipp +++ b/asio/include/asio/ssl/impl/error.ipp @@ -23,7 +23,6 @@ namespace asio { namespace error { - namespace detail { class ssl_category : public asio::error_category @@ -50,6 +49,38 @@ const asio::error_category& get_ssl_category() } } // namespace error +namespace ssl { +namespace error { +namespace detail { + +class stream_category : public asio::error_category +{ +public: + const char* name() const ASIO_ERROR_CATEGORY_NOEXCEPT + { + return "asio.ssl.stream"; + } + + std::string message(int value) const + { + switch (value) + { + case stream_truncated: return "stream truncated"; + default: return "asio.ssl.stream error"; + } + } +}; + +} // namespace detail + +const asio::error_category& get_stream_category() +{ + static detail::stream_category instance; + return instance; +} + +} // namespace error +} // namespace ssl } // namespace asio #include "asio/detail/pop_options.hpp" From 5fa80539834c10406611bb02c20cdba2a9171f4a Mon Sep 17 00:00:00 2001 From: Christopher Kohlhoff Date: Thu, 19 Nov 2015 10:25:42 +1100 Subject: [PATCH] BoringSSL does not provide CONF_modules_unload. --- asio/include/asio/ssl/detail/impl/openssl_init.ipp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/asio/include/asio/ssl/detail/impl/openssl_init.ipp b/asio/include/asio/ssl/detail/impl/openssl_init.ipp index da66fc1..2a70bf5 100644 --- a/asio/include/asio/ssl/detail/impl/openssl_init.ipp +++ b/asio/include/asio/ssl/detail/impl/openssl_init.ipp @@ -70,7 +70,9 @@ public: #endif // (OPENSSL_VERSION_NUMBER >= 0x10000000L) ::EVP_cleanup(); ::CRYPTO_cleanup_all_ex_data(); +#if !defined(OPENSSL_IS_BORINGSSL) ::CONF_modules_unload(1); +#endif // !defined(OPENSSL_IS_BORINGSSL) #if !defined(OPENSSL_NO_ENGINE) ::ENGINE_cleanup(); #endif // !defined(OPENSSL_NO_ENGINE) From 062b19c97bb85f4625b46f93ee19b234948ff235 Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Fri, 1 Apr 2016 10:46:17 +0200 Subject: [PATCH] Add compatibility with OpenSSL 1.1 - SSLv2 has been completely removed from OpenSSL, even without OPENSSL_NO_SSL2 - there is a new threading API without locking callbacks - struct SSL_CTX has been made opaque and must be used via accessor functions - some cleanup functions have been removed --- asio/include/asio/ssl/detail/impl/engine.ipp | 2 + asio/include/asio/ssl/detail/impl/openssl_init.ipp | 20 ++++-- asio/include/asio/ssl/impl/context.ipp | 71 +++++++++++++++++----- 3 files changed, 72 insertions(+), 21 deletions(-) diff --git a/asio/include/asio/ssl/detail/impl/engine.ipp b/asio/include/asio/ssl/detail/impl/engine.ipp index fa5d4b0..22b7cdd 100644 --- a/asio/include/asio/ssl/detail/impl/engine.ipp +++ b/asio/include/asio/ssl/detail/impl/engine.ipp @@ -201,8 +201,10 @@ const asio::error_code& engine::map_error_code( // SSL v2 doesn't provide a protocol-level shutdown, so an eof on the // underlying transport is passed through. +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) if (ssl_->version == SSL2_VERSION) return ec; +#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) // Otherwise, the peer should have negotiated a proper shutdown. if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0) diff --git a/asio/include/asio/ssl/detail/impl/openssl_init.ipp b/asio/include/asio/ssl/detail/impl/openssl_init.ipp index 700b678..62a49cd 100644 --- a/asio/include/asio/ssl/detail/impl/openssl_init.ipp +++ b/asio/include/asio/ssl/detail/impl/openssl_init.ipp @@ -39,11 +39,13 @@ public: ::SSL_load_error_strings(); ::OpenSSL_add_all_algorithms(); +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) mutexes_.resize(::CRYPTO_num_locks()); for (size_t i = 0; i < mutexes_.size(); ++i) mutexes_[i].reset(new asio::detail::mutex); ::CRYPTO_set_locking_callback(&do_init::openssl_locking_func); ::CRYPTO_set_id_callback(&do_init::openssl_id_func); +#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) #if !defined(SSL_OP_NO_COMPRESSION) \ && (OPENSSL_VERSION_NUMBER >= 0x00908000L) @@ -60,22 +62,26 @@ public: #endif // !defined(SSL_OP_NO_COMPRESSION) // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ::CRYPTO_set_id_callback(0); ::CRYPTO_set_locking_callback(0); ::ERR_free_strings(); -#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) - ::ERR_remove_thread_state(NULL); -#else // (OPENSSL_VERSION_NUMBER >= 0x10000000L) - ::ERR_remove_state(0); -#endif // (OPENSSL_VERSION_NUMBER >= 0x10000000L) ::EVP_cleanup(); ::CRYPTO_cleanup_all_ex_data(); +#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) +#if (OPENSSL_VERSION_NUMBER < 0x10000000L) + ::ERR_remove_state(0); +#elif (OPENSSL_VERSION_NUMBER < 0x10100000L) + ::ERR_remove_thread_state(NULL); +#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) #if !defined(OPENSSL_IS_BORINGSSL) ::CONF_modules_unload(1); #endif // !defined(OPENSSL_IS_BORINGSSL) -#if !defined(OPENSSL_NO_ENGINE) +#if !defined(OPENSSL_NO_ENGINE) \ + && (OPENSSL_VERSION_NUMBER < 0x10100000L) ::ENGINE_cleanup(); #endif // !defined(OPENSSL_NO_ENGINE) + // && (OPENSSL_VERSION_NUMBER < 0x10100000L) } #if !defined(SSL_OP_NO_COMPRESSION) \ @@ -104,10 +110,12 @@ private: static void openssl_locking_func(int mode, int n, const char* /*file*/, int /*line*/) { +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) if (mode & CRYPTO_LOCK) instance()->mutexes_[n]->lock(); else instance()->mutexes_[n]->unlock(); +#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) } // Mutexes to be used in locking callbacks. diff --git a/asio/include/asio/ssl/impl/context.ipp b/asio/include/asio/ssl/impl/context.ipp index 02210d9..fde7709 100644 --- a/asio/include/asio/ssl/impl/context.ipp +++ b/asio/include/asio/ssl/impl/context.ipp @@ -66,7 +66,8 @@ context::context(context::method m) switch (m) { -#if defined(OPENSSL_NO_SSL2) +#if defined(OPENSSL_NO_SSL2) \ + || (OPENSSL_VERSION_NUMBER >= 0x10100000L) case context::sslv2: case context::sslv2_client: case context::sslv2_server: @@ -74,6 +75,7 @@ context::context(context::method m) asio::error::invalid_argument, "context"); break; #else // defined(OPENSSL_NO_SSL2) + // || (OPENSSL_VERSION_NUMBER >= 0x10100000L) case context::sslv2: handle_ = ::SSL_CTX_new(::SSLv2_method()); break; @@ -84,6 +86,7 @@ context::context(context::method m) handle_ = ::SSL_CTX_new(::SSLv2_server_method()); break; #endif // defined(OPENSSL_NO_SSL2) + // || (OPENSSL_VERSION_NUMBER >= 0x10100000L) #if defined(OPENSSL_NO_SSL3) case context::sslv3: case context::sslv3_client: @@ -192,13 +195,22 @@ context::~context() { if (handle_) { - if (handle_->default_passwd_callback_userdata) +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); +#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) + void* cb_userdata = handle_->default_passwd_callback_userdata; +#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) + if (cb_userdata) { detail::password_callback_base* callback = static_cast( - handle_->default_passwd_callback_userdata); + cb_userdata); delete callback; +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + ::SSL_CTX_set_default_passwd_cb_userdata(handle_, 0); +#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) handle_->default_passwd_callback_userdata = 0; +#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) } if (SSL_CTX_get_app_data(handle_)) @@ -528,10 +540,17 @@ ASIO_SYNC_OP_VOID context::use_certificate_chain( bio_cleanup bio = { make_buffer_bio(chain) }; if (bio.p) { +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_); + void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); +#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) + pem_password_cb* callback = handle_->default_passwd_callback; + void* cb_userdata = handle_->default_passwd_callback_userdata; +#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) x509_cleanup cert = { ::PEM_read_bio_X509_AUX(bio.p, 0, - handle_->default_passwd_callback, - handle_->default_passwd_callback_userdata) }; + callback, + cb_userdata) }; if (!cert.p) { ec = asio::error_code(ERR_R_PEM_LIB, @@ -559,8 +578,8 @@ ASIO_SYNC_OP_VOID context::use_certificate_chain( #endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0, - handle_->default_passwd_callback, - handle_->default_passwd_callback_userdata)) + callback, + cb_userdata)) { if (!::SSL_CTX_add_extra_chain_cert(handle_, cacert)) { @@ -625,6 +644,14 @@ ASIO_SYNC_OP_VOID context::use_private_key( { ::ERR_clear_error(); +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_); + void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); +#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) + pem_password_cb* callback = handle_->default_passwd_callback; + void* cb_userdata = handle_->default_passwd_callback_userdata; +#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) + bio_cleanup bio = { make_buffer_bio(private_key) }; if (bio.p) { @@ -636,8 +663,8 @@ ASIO_SYNC_OP_VOID context::use_private_key( break; case context_base::pem: evp_private_key.p = ::PEM_read_bio_PrivateKey( - bio.p, 0, handle_->default_passwd_callback, - handle_->default_passwd_callback_userdata); + bio.p, 0, callback, + cb_userdata); break; default: { @@ -684,6 +711,14 @@ ASIO_SYNC_OP_VOID context::use_rsa_private_key( { ::ERR_clear_error(); +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_); + void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); +#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) + pem_password_cb* callback = handle_->default_passwd_callback; + void* cb_userdata = handle_->default_passwd_callback_userdata; +#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) + bio_cleanup bio = { make_buffer_bio(private_key) }; if (bio.p) { @@ -695,8 +730,8 @@ ASIO_SYNC_OP_VOID context::use_rsa_private_key( break; case context_base::pem: rsa_private_key.p = ::PEM_read_bio_RSAPrivateKey( - bio.p, 0, handle_->default_passwd_callback, - handle_->default_passwd_callback_userdata); + bio.p, 0, callback, + cb_userdata); break; default: { @@ -915,11 +950,17 @@ int context::verify_callback_function(int preverified, X509_STORE_CTX* ctx) ASIO_SYNC_OP_VOID context::do_set_password_callback( detail::password_callback_base* callback, asio::error_code& ec) { - if (handle_->default_passwd_callback_userdata) - delete static_cast( - handle_->default_passwd_callback_userdata); - +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + void* old_callback = ::SSL_CTX_get_default_passwd_cb_userdata(handle_); + ::SSL_CTX_set_default_passwd_cb_userdata(handle_, callback); +#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L) + void* old_callback = handle_->default_passwd_callback_userdata; handle_->default_passwd_callback_userdata = callback; +#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L) + + if (old_callback) + delete static_cast( + old_callback); SSL_CTX_set_default_passwd_cb(handle_, &context::password_callback_function); From 69e44a4cc6eb5ba21ede409779a7b777c0eb3869 Mon Sep 17 00:00:00 2001 From: Christopher Kohlhoff Date: Sun, 28 Aug 2016 10:02:08 +1000 Subject: [PATCH] Fix errors when OPENSSL_NO_DEPRECATED is defined. --- asio/include/asio/ssl/detail/impl/openssl_init.ipp | 23 +++++++++++----------- asio/include/asio/ssl/detail/openssl_types.hpp | 2 ++ 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/asio/include/asio/ssl/detail/impl/openssl_init.ipp b/asio/include/asio/ssl/detail/impl/openssl_init.ipp index 62a49cd..4cc9859 100644 --- a/asio/include/asio/ssl/detail/impl/openssl_init.ipp +++ b/asio/include/asio/ssl/detail/impl/openssl_init.ipp @@ -44,8 +44,10 @@ public: for (size_t i = 0; i < mutexes_.size(); ++i) mutexes_[i].reset(new asio::detail::mutex); ::CRYPTO_set_locking_callback(&do_init::openssl_locking_func); - ::CRYPTO_set_id_callback(&do_init::openssl_id_func); #endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) +#if (OPENSSL_VERSION_NUMBER < 0x10000000L) + ::CRYPTO_set_id_callback(&do_init::openssl_id_func); +#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) #if !defined(SSL_OP_NO_COMPRESSION) \ && (OPENSSL_VERSION_NUMBER >= 0x00908000L) @@ -62,8 +64,10 @@ public: #endif // !defined(SSL_OP_NO_COMPRESSION) // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) +#if (OPENSSL_VERSION_NUMBER < 0x10000000L) ::CRYPTO_set_id_callback(0); +#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ::CRYPTO_set_locking_callback(0); ::ERR_free_strings(); ::EVP_cleanup(); @@ -94,38 +98,33 @@ public: // && (OPENSSL_VERSION_NUMBER >= 0x00908000L) private: +#if (OPENSSL_VERSION_NUMBER < 0x10000000L) static unsigned long openssl_id_func() { #if defined(ASIO_WINDOWS) || defined(__CYGWIN__) return ::GetCurrentThreadId(); #else // defined(ASIO_WINDOWS) || defined(__CYGWIN__) - void* id = instance()->thread_id_; - if (id == 0) - instance()->thread_id_ = id = &id; // Ugh. + void* id = &errno; ASIO_ASSERT(sizeof(unsigned long) >= sizeof(void*)); return reinterpret_cast(id); #endif // defined(ASIO_WINDOWS) || defined(__CYGWIN__) } +#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) static void openssl_locking_func(int mode, int n, const char* /*file*/, int /*line*/) { -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) if (mode & CRYPTO_LOCK) instance()->mutexes_[n]->lock(); else instance()->mutexes_[n]->unlock(); -#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) } // Mutexes to be used in locking callbacks. std::vector > mutexes_; - -#if !defined(ASIO_WINDOWS) && !defined(__CYGWIN__) - // The thread identifiers to be used by openssl. - asio::detail::tss_ptr thread_id_; -#endif // !defined(ASIO_WINDOWS) && !defined(__CYGWIN__) +#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L) #if !defined(SSL_OP_NO_COMPRESSION) \ && (OPENSSL_VERSION_NUMBER >= 0x00908000L) diff --git a/asio/include/asio/ssl/detail/openssl_types.hpp b/asio/include/asio/ssl/detail/openssl_types.hpp index d9cfc71..eda740d 100644 --- a/asio/include/asio/ssl/detail/openssl_types.hpp +++ b/asio/include/asio/ssl/detail/openssl_types.hpp @@ -21,7 +21,9 @@ #if !defined(OPENSSL_NO_ENGINE) # include #endif // !defined(OPENSSL_NO_ENGINE) +#include #include +#include #include #include "asio/detail/socket_types.hpp" From 2cde22623ca0fd9571d8d57c5a8965082d815e1c Mon Sep 17 00:00:00 2001 From: Christopher Kohlhoff Date: Tue, 13 Sep 2016 21:59:03 +1000 Subject: [PATCH] Call SSL_COMP_free_compression_methods() on ssl cleanup. This call is needed for OpenSSL >=1.0.2 and <1.1.0. --- asio/include/asio/ssl/detail/impl/openssl_init.ipp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/asio/include/asio/ssl/detail/impl/openssl_init.ipp b/asio/include/asio/ssl/detail/impl/openssl_init.ipp index 4cc9859..392eff9 100644 --- a/asio/include/asio/ssl/detail/impl/openssl_init.ipp +++ b/asio/include/asio/ssl/detail/impl/openssl_init.ipp @@ -78,6 +78,11 @@ public: #elif (OPENSSL_VERSION_NUMBER < 0x10100000L) ::ERR_remove_thread_state(NULL); #endif // (OPENSSL_VERSION_NUMBER < 0x10000000L) +#if (OPENSSL_VERSION_NUMBER >= 0x10002000L) \ + && (OPENSSL_VERSION_NUMBER < 0x10100000L) + ::SSL_COMP_free_compression_methods(); +#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L) + // && (OPENSSL_VERSION_NUMBER < 0x10100000L) #if !defined(OPENSSL_IS_BORINGSSL) ::CONF_modules_unload(1); #endif // !defined(OPENSSL_IS_BORINGSSL) From dc2b5b9ac09326ba1e38a28b48170063ca2b1332 Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Mon, 31 Oct 2016 10:32:19 +0100 Subject: [PATCH] Fix compilation with OpenSSL 1.1 API With OPENSSL_API_COMPAT=0x10100000L, SSL_library_init, SSL_load_error_strings, and OpenSSL_add_all_algorithms are removed. With OPENSSL_API_COMPAT=0x10000000L, these are function-style macros mapping to OPENSSL_init_ssl, which is called automatically anyway. References: https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html --- asio/include/asio/ssl/detail/impl/openssl_init.ipp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/asio/include/asio/ssl/detail/impl/openssl_init.ipp b/asio/include/asio/ssl/detail/impl/openssl_init.ipp index 392eff9..5de0caa 100644 --- a/asio/include/asio/ssl/detail/impl/openssl_init.ipp +++ b/asio/include/asio/ssl/detail/impl/openssl_init.ipp @@ -35,11 +35,11 @@ class openssl_init_base::do_init public: do_init() { +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ::SSL_library_init(); ::SSL_load_error_strings(); ::OpenSSL_add_all_algorithms(); -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) mutexes_.resize(::CRYPTO_num_locks()); for (size_t i = 0; i < mutexes_.size(); ++i) mutexes_[i].reset(new asio::detail::mutex);