From b8649e81458194d70667952d9e26df82a79c773f Mon Sep 17 00:00:00 2001 From: Mladen Turk Date: Wed, 28 Aug 2019 18:38:58 +0200 Subject: [PATCH] Use new OpenSSL v1.1+ initialization API --- native/src/ssl.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/native/src/ssl.c b/native/src/ssl.c index 9dbdcd49b..473ca4953 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -371,6 +371,11 @@ static apr_status_t ssl_init_cleanup(void *data) #endif free_dh_params(); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + /* Openssl v1.1+ handles all termination automatically. Do + * nothing in this case. + */ +#else /* * Try to kill the internals of the SSL library. */ @@ -393,6 +398,7 @@ static apr_status_t ssl_init_cleanup(void *data) #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ERR_remove_thread_state(NULL); #endif +#endif #ifdef HAVE_KEYLOG_CALLBACK if (key_log_file) { @@ -783,7 +789,14 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) TCN_FREE_CSTRING(engine); return (jint)APR_SUCCESS; } - +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + /* Openssl v1.1+ handles all initialisation automatically, apart + * from hints as to how we want to use the library. + * + * We tell openssl we want to include engine support. + */ + OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); +#else /* We must register the library in full, to ensure our configuration * code can successfully test the SSL environment. */ @@ -797,7 +810,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) #endif OPENSSL_load_builtin_modules(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L #if ! (defined(WIN32) || defined(WIN64)) err = apr_threadkey_private_create(&thread_exit_key, _ssl_thread_exit, tcn_global_pool);