commit: r1865 - in neon/trunk: src test

joe at manyfish.co.uk joe at manyfish.co.uk
Thu Nov 24 19:11:36 EST 2011


Author: joe
Date: Fri Nov 25 00:11:34 2011
New Revision: 1865

Modified:
   neon/trunk/src/ne_openssl.c
   neon/trunk/src/ne_session.c
   neon/trunk/src/ne_ssl.h
   neon/trunk/src/neon.vers
   neon/trunk/test/ssl.c

Log:
Fix build and test suite for OpenSSL without SSLv2 support.

* src/ne_openssl.c (ne_ssl_context_get_flag): New function.
  (ne_ssl_context_create): Fix compile without SSLv2.
 
* src/ne_session.c (ne_set_session_flag): Retrieve SSLv2
  flag value after setting it.

* src/ne_ssl.h, src/neon.vers: Add ne_ssl_context_get_flag.

* test/ssl.c (simple_sslv2): Retrieve flag setting and skip
  test if it was not enabled.


Modified: neon/trunk/src/ne_openssl.c
==============================================================================
--- neon/trunk/src/ne_openssl.c	(original)
+++ neon/trunk/src/ne_openssl.c	Fri Nov 25 00:11:34 2011
@@ -569,8 +569,10 @@
         ctx->ctx = SSL_CTX_new(SSLv23_server_method());
         SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_CLIENT);
     } else {
+#ifndef OPENSSL_NO_SSL2
         ctx->ctx = SSL_CTX_new(SSLv2_server_method());
         SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_CLIENT);
+#endif
     }
     return ctx;
 }
@@ -594,6 +596,22 @@
     SSL_CTX_set_options(ctx->ctx, opts);
 }
 
+int ne_ssl_context_get_flag(ne_ssl_context *ctx, int flag)
+{
+    switch (flag) {
+    case NE_SSL_CTX_SSLv2:
+#ifdef OPENSSL_NO_SSL2
+        return 0;
+#else
+        return ! (SSL_CTX_get_options(ctx->ctx); & SSL_OP_NO_SSLv2);
+#endif
+    default:
+        break;
+    }
+
+    return 0;
+}
+
 int ne_ssl_context_keypair(ne_ssl_context *ctx, const char *cert,
                            const char *key)
 {

Modified: neon/trunk/src/ne_session.c
==============================================================================
--- neon/trunk/src/ne_session.c	(original)
+++ neon/trunk/src/ne_session.c	Fri Nov 25 00:11:34 2011
@@ -361,6 +361,7 @@
 #ifdef NE_HAVE_SSL
         if (flag == NE_SESSFLAG_SSLv2 && sess->ssl_context) {
             ne_ssl_context_set_flag(sess->ssl_context, NE_SSL_CTX_SSLv2, value);
+            sess->flags[flag] = ne_ssl_context_get_flag(sess->ssl_context, NE_SSL_CTX_SSLv2);
         }
 #endif
     }

Modified: neon/trunk/src/ne_ssl.h
==============================================================================
--- neon/trunk/src/ne_ssl.h	(original)
+++ neon/trunk/src/ne_ssl.h	Fri Nov 25 00:11:34 2011
@@ -190,6 +190,9 @@
 /* Set a flag for the SSL context. */
 void ne_ssl_context_set_flag(ne_ssl_context *ctx, int flag, int value);
 
+/* Return flag value. */
+int ne_ssl_context_get_flag(ne_ssl_context *ctx, int flag);
+
 /* Destroy an SSL context. */
 void ne_ssl_context_destroy(ne_ssl_context *ctx);
 

Modified: neon/trunk/src/neon.vers
==============================================================================
--- neon/trunk/src/neon.vers	(original)
+++ neon/trunk/src/neon.vers	Fri Nov 25 00:11:34 2011
@@ -17,4 +17,5 @@
 NEON_0_30 {
     ne_ssl_clicert_import;
     ne_addr_canonical;
+    ne_ssl_context_get_flag;
 };

Modified: neon/trunk/test/ssl.c
==============================================================================
--- neon/trunk/test/ssl.c	(original)
+++ neon/trunk/test/ssl.c	Fri Nov 25 00:11:34 2011
@@ -427,8 +427,16 @@
 {
     ne_session *sess = ne_session_create("https", "localhost", 7777);
     struct ssl_server_args args = {SERVER_CERT, 0};
+
     args.use_ssl2 = 1;
     ne_set_session_flag(sess, NE_SESSFLAG_SSLv2, 1);
+
+    if (ne_get_session_flag(sess, NE_SESSFLAG_SSLv2) != 1) {
+        t_context("no SSLv2 support in SSL library");
+        ne_session_destroy(sess);
+        return SKIP;
+    }
+
     CALL(any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL));
     ne_session_destroy(sess);
     return OK;



More information about the neon-commits mailing list