Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | When compiling with older versions of OpenSSL that do not support SHA256, hash certs using SHA1 instead. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
64d79ad4575985e975c581f3360537b8 |
| User & Date: | drh 2020-05-18 11:48:42.914 |
Context
|
2020-05-19
| ||
| 16:51 | Update the built-in SQLite to the third beta for 3.32.0. ... (check-in: a8098efe user: drh tags: trunk) | |
|
2020-05-18
| ||
| 11:48 | When compiling with older versions of OpenSSL that do not support SHA256, hash certs using SHA1 instead. ... (check-in: 64d79ad4 user: drh tags: trunk) | |
| 10:55 | Fix harmless compiler warnings in http_ssl.c that occur when building without SSL support. ... (check-in: b2824009 user: drh tags: trunk) | |
Changes
Changes to src/http_ssl.c.
| ︙ | ︙ | |||
326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 |
if ( cert==NULL ){
ssl_set_errmsg("No SSL certificate was presented by the peer");
ssl_close();
return 1;
}
if( !sslNoCertVerify && SSL_get_verify_result(ssl)!=X509_V_OK ){
char *desc, *prompt;
Blob ans;
char cReply;
BIO *mem;
unsigned char md[32];
char zHash[32*2+1];
unsigned int mdLength = (int)sizeof(md);
memset(md, 0, sizeof(md));
zHash[0] = 0;
| > > > | > > > > | 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 |
if ( cert==NULL ){
ssl_set_errmsg("No SSL certificate was presented by the peer");
ssl_close();
return 1;
}
if( !sslNoCertVerify && SSL_get_verify_result(ssl)!=X509_V_OK ){
int x;
char *desc, *prompt;
Blob ans;
char cReply;
BIO *mem;
unsigned char md[32];
char zHash[32*2+1];
unsigned int mdLength = (int)sizeof(md);
memset(md, 0, sizeof(md));
zHash[0] = 0;
/* MMNNFFPPS */
#if OPENSSL_VERSION_NUMBER >= 0x010000000
x = X509_digest(cert, EVP_sha256(), md, &mdLength);
#else
x = X509_digest(cert, EVP_sha1(), md, &mdLength);
#endif
if( x ){
int j;
for(j=0; j<mdLength && j*2+1<sizeof(zHash); ++j){
zHash[j*2] = "0123456789abcdef"[md[j]>>4];
zHash[j*2+1] = "0123456789abcdef"[md[j]&0xf];
}
zHash[j*2] = 0;
}
|
| ︙ | ︙ | |||
530 531 532 533 534 535 536 |
db_open_config(1,0);
zCmd = g.argc>=3 ? g.argv[2] : "show";
nCmd = strlen(zCmd);
if( strncmp("show",zCmd,nCmd)==0 ){
const char *zName, *zValue;
size_t nName;
Stmt q;
| | > | 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 |
db_open_config(1,0);
zCmd = g.argc>=3 ? g.argv[2] : "show";
nCmd = strlen(zCmd);
if( strncmp("show",zCmd,nCmd)==0 ){
const char *zName, *zValue;
size_t nName;
Stmt q;
fossil_print("OpenSSL-version: %s (0x%09x)\n",
SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_NUMBER);
fossil_print("OpenSSL-cert-file: %s\n", X509_get_default_cert_file());
fossil_print("OpenSSL-cert-dir: %s\n", X509_get_default_cert_dir());
zName = X509_get_default_cert_file_env();
zValue = fossil_getenv(zName);
if( zValue==0 ) zValue = "";
nName = strlen(zName);
fossil_print("%s:%.*s%s\n", zName, 19-nName, "", zValue);
|
| ︙ | ︙ |