Add compatibility with OpenSSL 1.1
- SSLv2 has been completely removed from OpenSSL, even without OPENSSL_NO_SSL2
- there is a new threading API without locking callbacks
- struct SSL_CTX has been made opaque and must be used via accessor functions
- some cleanup functions have been removed
diff --git a/asio/include/asio/ssl/detail/impl/engine.ipp b/asio/include/asio/ssl/detail/impl/engine.ipp
index fa5d4b0..22b7cdd 100644
--- a/asio/include/asio/ssl/detail/impl/engine.ipp
+++ b/asio/include/asio/ssl/detail/impl/engine.ipp
@@ -201,8 +201,10 @@
// SSL v2 doesn't provide a protocol-level shutdown, so an eof on the
// underlying transport is passed through.
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
if (ssl_->version == SSL2_VERSION)
return ec;
+#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L)
// Otherwise, the peer should have negotiated a proper shutdown.
if ((::SSL_get_shutdown(ssl_) & SSL_RECEIVED_SHUTDOWN) == 0)
diff --git a/asio/include/asio/ssl/detail/impl/openssl_init.ipp b/asio/include/asio/ssl/detail/impl/openssl_init.ipp
index 700b678..62a49cd 100644
--- a/asio/include/asio/ssl/detail/impl/openssl_init.ipp
+++ b/asio/include/asio/ssl/detail/impl/openssl_init.ipp
@@ -39,11 +39,13 @@
::SSL_load_error_strings();
::OpenSSL_add_all_algorithms();
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
mutexes_.resize(::CRYPTO_num_locks());
for (size_t i = 0; i < mutexes_.size(); ++i)
mutexes_[i].reset(new asio::detail::mutex);
::CRYPTO_set_locking_callback(&do_init::openssl_locking_func);
::CRYPTO_set_id_callback(&do_init::openssl_id_func);
+#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L)
#if !defined(SSL_OP_NO_COMPRESSION) \
&& (OPENSSL_VERSION_NUMBER >= 0x00908000L)
@@ -60,22 +62,26 @@
#endif // !defined(SSL_OP_NO_COMPRESSION)
// && (OPENSSL_VERSION_NUMBER >= 0x00908000L)
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
::CRYPTO_set_id_callback(0);
::CRYPTO_set_locking_callback(0);
::ERR_free_strings();
-#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
- ::ERR_remove_thread_state(NULL);
-#else // (OPENSSL_VERSION_NUMBER >= 0x10000000L)
- ::ERR_remove_state(0);
-#endif // (OPENSSL_VERSION_NUMBER >= 0x10000000L)
::EVP_cleanup();
::CRYPTO_cleanup_all_ex_data();
+#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#if (OPENSSL_VERSION_NUMBER < 0x10000000L)
+ ::ERR_remove_state(0);
+#elif (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ ::ERR_remove_thread_state(NULL);
+#endif // (OPENSSL_VERSION_NUMBER < 0x10000000L)
#if !defined(OPENSSL_IS_BORINGSSL)
::CONF_modules_unload(1);
#endif // !defined(OPENSSL_IS_BORINGSSL)
-#if !defined(OPENSSL_NO_ENGINE)
+#if !defined(OPENSSL_NO_ENGINE) \
+ && (OPENSSL_VERSION_NUMBER < 0x10100000L)
::ENGINE_cleanup();
#endif // !defined(OPENSSL_NO_ENGINE)
+ // && (OPENSSL_VERSION_NUMBER < 0x10100000L)
}
#if !defined(SSL_OP_NO_COMPRESSION) \
@@ -104,10 +110,12 @@
static void openssl_locking_func(int mode, int n,
const char* /*file*/, int /*line*/)
{
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
if (mode & CRYPTO_LOCK)
instance()->mutexes_[n]->lock();
else
instance()->mutexes_[n]->unlock();
+#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L)
}
// Mutexes to be used in locking callbacks.
diff --git a/asio/include/asio/ssl/impl/context.ipp b/asio/include/asio/ssl/impl/context.ipp
index 02210d9..fde7709 100644
--- a/asio/include/asio/ssl/impl/context.ipp
+++ b/asio/include/asio/ssl/impl/context.ipp
@@ -66,7 +66,8 @@
switch (m)
{
-#if defined(OPENSSL_NO_SSL2)
+#if defined(OPENSSL_NO_SSL2) \
+ || (OPENSSL_VERSION_NUMBER >= 0x10100000L)
case context::sslv2:
case context::sslv2_client:
case context::sslv2_server:
@@ -74,6 +75,7 @@
asio::error::invalid_argument, "context");
break;
#else // defined(OPENSSL_NO_SSL2)
+ // || (OPENSSL_VERSION_NUMBER >= 0x10100000L)
case context::sslv2:
handle_ = ::SSL_CTX_new(::SSLv2_method());
break;
@@ -84,6 +86,7 @@
handle_ = ::SSL_CTX_new(::SSLv2_server_method());
break;
#endif // defined(OPENSSL_NO_SSL2)
+ // || (OPENSSL_VERSION_NUMBER >= 0x10100000L)
#if defined(OPENSSL_NO_SSL3)
case context::sslv3:
case context::sslv3_client:
@@ -192,13 +195,22 @@
{
if (handle_)
{
- if (handle_->default_passwd_callback_userdata)
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
+#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ void* cb_userdata = handle_->default_passwd_callback_userdata;
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ if (cb_userdata)
{
detail::password_callback_base* callback =
static_cast<detail::password_callback_base*>(
- handle_->default_passwd_callback_userdata);
+ cb_userdata);
delete callback;
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ ::SSL_CTX_set_default_passwd_cb_userdata(handle_, 0);
+#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
handle_->default_passwd_callback_userdata = 0;
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
}
if (SSL_CTX_get_app_data(handle_))
@@ -528,10 +540,17 @@
bio_cleanup bio = { make_buffer_bio(chain) };
if (bio.p)
{
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
+ void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
+#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ pem_password_cb* callback = handle_->default_passwd_callback;
+ void* cb_userdata = handle_->default_passwd_callback_userdata;
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
x509_cleanup cert = {
::PEM_read_bio_X509_AUX(bio.p, 0,
- handle_->default_passwd_callback,
- handle_->default_passwd_callback_userdata) };
+ callback,
+ cb_userdata) };
if (!cert.p)
{
ec = asio::error_code(ERR_R_PEM_LIB,
@@ -559,8 +578,8 @@
#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L)
while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0,
- handle_->default_passwd_callback,
- handle_->default_passwd_callback_userdata))
+ callback,
+ cb_userdata))
{
if (!::SSL_CTX_add_extra_chain_cert(handle_, cacert))
{
@@ -625,6 +644,14 @@
{
::ERR_clear_error();
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
+ void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
+#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ pem_password_cb* callback = handle_->default_passwd_callback;
+ void* cb_userdata = handle_->default_passwd_callback_userdata;
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+
bio_cleanup bio = { make_buffer_bio(private_key) };
if (bio.p)
{
@@ -636,8 +663,8 @@
break;
case context_base::pem:
evp_private_key.p = ::PEM_read_bio_PrivateKey(
- bio.p, 0, handle_->default_passwd_callback,
- handle_->default_passwd_callback_userdata);
+ bio.p, 0, callback,
+ cb_userdata);
break;
default:
{
@@ -684,6 +711,14 @@
{
::ERR_clear_error();
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
+ void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
+#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ pem_password_cb* callback = handle_->default_passwd_callback;
+ void* cb_userdata = handle_->default_passwd_callback_userdata;
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+
bio_cleanup bio = { make_buffer_bio(private_key) };
if (bio.p)
{
@@ -695,8 +730,8 @@
break;
case context_base::pem:
rsa_private_key.p = ::PEM_read_bio_RSAPrivateKey(
- bio.p, 0, handle_->default_passwd_callback,
- handle_->default_passwd_callback_userdata);
+ bio.p, 0, callback,
+ cb_userdata);
break;
default:
{
@@ -915,11 +950,17 @@
ASIO_SYNC_OP_VOID context::do_set_password_callback(
detail::password_callback_base* callback, asio::error_code& ec)
{
- if (handle_->default_passwd_callback_userdata)
- delete static_cast<detail::password_callback_base*>(
- handle_->default_passwd_callback_userdata);
-
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ void* old_callback = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
+ ::SSL_CTX_set_default_passwd_cb_userdata(handle_, callback);
+#else // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ void* old_callback = handle_->default_passwd_callback_userdata;
handle_->default_passwd_callback_userdata = callback;
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+
+ if (old_callback)
+ delete static_cast<detail::password_callback_base*>(
+ old_callback);
SSL_CTX_set_default_passwd_cb(handle_, &context::password_callback_function);