112.24.03 ( fix #3 )

_oasis

@@ -2,7 +2,7 @@ OASISFormat:      0.3
 OCamlVersion:     >= 4.00.0
 FindlibVersion:   >= 1.3.2
 Name:             async_ssl
-Version:          112.24.02
+Version:          112.24.03
 Synopsis:         Async wrappers for ssl
 Authors:          Jane Street Capital LLC <opensource@janestreet.com>
 Copyrights:       (C) 2008-2013 Jane Street Capital LLC <opensource@janestreet.com>
@@ -74,9 +74,13 @@ Library async_ssl_bindings
   Pack:               true
   Modules:            Ffi_bindings
   BuildDepends:       ctypes,
-                      ctypes.stubs
+                      ctypes.stubs,
+                      ctypes.foreign.threaded,
+                      threads
   XMETARequires:      ctypes,
-                      ctypes.stubs
+                      ctypes.stubs,
+                      ctypes.foreign.threaded,
+                      threads
 
 Executable ffi_stubgen
   MainIs:             ffi_stubgen.ml

bindings/ffi_bindings.ml

@@ -39,6 +39,27 @@ struct
   end
 end
 
+(* Not using stubs here so we can use the ~stub: argument and not blow up on
+   systems with older OpenSSL that don't support TLS 1.1 and 1.2. This way
+   Ctypes will guess sizes of types instead of getting them directly from C, but
+   since these types only use void and *void this should be fine.
+
+   https://github.com/janestreet/async_ssl/issues/3
+*)
+module Ssl_method = struct
+  let foreign = Foreign.foreign ~stub:true
+  let ssl_method_t = Ctypes.(void @-> returning (ptr void))
+  let sslv3 = foreign "SSLv3_method" ssl_method_t
+  let tlsv1 = foreign "TLSv1_method" ssl_method_t
+  let tlsv1_1 = foreign "TLSv1_1_method" ssl_method_t
+  let tlsv1_2 = foreign "TLSv1_2_method" ssl_method_t
+  let sslv23 = foreign "SSLv23_method" ssl_method_t
+  (* SSLv2 isn't secure, so we don't use it.  If you really really really need it, use
+     SSLv23 which will at least try to upgrade the security whenever possible.
+
+     let sslv2_method  = foreign "SSLv2_method"  ssl_method_t
+  *)
+end
 
 module Bindings (F : Cstubs.FOREIGN) =
 struct
@@ -62,18 +83,6 @@ struct
   let ssl_load_error_strings = foreign "SSL_load_error_strings"
     Ctypes.(void @-> returning void)
 
-  let ssl_method_t  = Ctypes.(void @-> returning (ptr void))
-  let sslv3_method  = foreign "SSLv3_method" ssl_method_t
-  let tlsv1_method  = foreign "TLSv1_method" ssl_method_t
-  let tlsv1_1_method  = foreign "TLSv1_1_method" ssl_method_t
-  let tlsv1_2_method  = foreign "TLSv1_2_method" ssl_method_t
-  let sslv23_method = foreign "SSLv23_method" ssl_method_t
-  (* SSLv2 isn't secure, so we don't use it.  If you really really really need it, use
-     SSLv23 which will at least try to upgrade the security whenever possible.
-
-     let sslv2_method  = foreign "SSLv2_method"  ssl_method_t
-  *)
-
   module Ssl_ctx =
   struct
     let t = Ctypes.(ptr void)

lib/ffi.ml

@@ -5,6 +5,8 @@ open Import
 module Types = Async_ssl_bindings.Ffi_bindings.Types(Ffi_generated_types)
 module Bindings = Async_ssl_bindings.Ffi_bindings.Bindings(Ffi_generated)
 
+module Ssl_method = Async_ssl_bindings.Ffi_bindings.Ssl_method
+
 module Ssl_error = struct
   type t =
     | Zero_return
@@ -113,11 +115,11 @@ module Ssl_ctx = struct
       let ver_method =
         let module V = Version in
         match ver with
-        | V.Sslv3  -> Bindings.sslv3_method  ()
-        | V.Tlsv1  -> Bindings.tlsv1_method  ()
-        | V.Tlsv1_1 -> Bindings.tlsv1_1_method ()
-        | V.Tlsv1_2 -> Bindings.tlsv1_2_method ()
-        | V.Sslv23 -> Bindings.sslv23_method ()
+        | V.Sslv3  -> Ssl_method.sslv3  ()
+        | V.Tlsv1  -> Ssl_method.tlsv1  ()
+        | V.Tlsv1_1 -> Ssl_method.tlsv1_1 ()
+        | V.Tlsv1_2 -> Ssl_method.tlsv1_2 ()
+        | V.Sslv23 -> Ssl_method.sslv23 ()
       in
       match Bindings.Ssl_ctx.new_ ver_method with
       | None   -> failwith "Could not allocate a new SSL context."
@@ -261,11 +263,11 @@ module Ssl = struct
       let version_method =
         let open Version in
         match version with
-        | Sslv3  -> Bindings.sslv3_method ()
-        | Tlsv1  -> Bindings.tlsv1_method ()
-        | Tlsv1_1 -> Bindings.tlsv1_1_method ()
-        | Tlsv1_2 -> Bindings.tlsv1_2_method ()
-        | Sslv23 -> Bindings.sslv23_method ()
+        | Sslv3  -> Ssl_method.sslv3 ()
+        | Tlsv1  -> Ssl_method.tlsv1 ()
+        | Tlsv1_1 -> Ssl_method.tlsv1_1 ()
+        | Tlsv1_2 -> Ssl_method.tlsv1_2 ()
+        | Sslv23 -> Ssl_method.sslv23 ()
       in
       match Bindings.Ssl.set_method t version_method with
       | 1 -> ()

lib/version.mli

@@ -8,6 +8,10 @@ open Core.Std
 
     [SSLv2] was banned by RFC 6176 which contains a dire list of its
     shortcomings.
+
+    Older versions of OpenSSL do not support Tlsv1_1 and Tlsv1_2. You will be
+    able to link with such a version, but will get an error about an undefined
+    symbol at runtime if you try using the unsupported version.
 *)
 type t =
   (* Sslv3 or above, historic name. *)