Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | When compiling with older versions of OpenSSL that do not support SHA256, hash certs using SHA1 instead. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
64d79ad4575985e975c581f3360537b8 |
| User & Date: | drh 2020-05-18 11:48:42 |
Context
|
2020-05-19
| ||
| 16:51 | Update the built-in SQLite to the third beta for 3.32.0. (check-in: a8098efe user: drh tags: trunk) | |
|
2020-05-18
| ||
| 11:48 | When compiling with older versions of OpenSSL that do not support SHA256, hash certs using SHA1 instead. (check-in: 64d79ad4 user: drh tags: trunk) | |
| 10:55 | Fix harmless compiler warnings in http_ssl.c that occur when building without SSL support. (check-in: b2824009 user: drh tags: trunk) | |
Changes
Changes to src/http_ssl.c.
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
...
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
|
if ( cert==NULL ){
ssl_set_errmsg("No SSL certificate was presented by the peer");
ssl_close();
return 1;
}
if( !sslNoCertVerify && SSL_get_verify_result(ssl)!=X509_V_OK ){
char *desc, *prompt;
Blob ans;
char cReply;
BIO *mem;
unsigned char md[32];
char zHash[32*2+1];
unsigned int mdLength = (int)sizeof(md);
memset(md, 0, sizeof(md));
zHash[0] = 0;
if( X509_digest(cert, EVP_sha256(), md, &mdLength) ){
int j;
for(j=0; j<mdLength && j*2+1<sizeof(zHash); ++j){
zHash[j*2] = "0123456789abcdef"[md[j]>>4];
zHash[j*2+1] = "0123456789abcdef"[md[j]&0xf];
}
zHash[j*2] = 0;
}
................................................................................
db_open_config(1,0);
zCmd = g.argc>=3 ? g.argv[2] : "show";
nCmd = strlen(zCmd);
if( strncmp("show",zCmd,nCmd)==0 ){
const char *zName, *zValue;
size_t nName;
Stmt q;
fossil_print("OpenSSL-version: %s\n", SSLeay_version(SSLEAY_VERSION));
fossil_print("OpenSSL-cert-file: %s\n", X509_get_default_cert_file());
fossil_print("OpenSSL-cert-dir: %s\n", X509_get_default_cert_dir());
zName = X509_get_default_cert_file_env();
zValue = fossil_getenv(zName);
if( zValue==0 ) zValue = "";
nName = strlen(zName);
fossil_print("%s:%.*s%s\n", zName, 19-nName, "", zValue);
|
>
>
>
|
>
>
>
>
|
>
|
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
...
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
|
if ( cert==NULL ){
ssl_set_errmsg("No SSL certificate was presented by the peer");
ssl_close();
return 1;
}
if( !sslNoCertVerify && SSL_get_verify_result(ssl)!=X509_V_OK ){
int x;
char *desc, *prompt;
Blob ans;
char cReply;
BIO *mem;
unsigned char md[32];
char zHash[32*2+1];
unsigned int mdLength = (int)sizeof(md);
memset(md, 0, sizeof(md));
zHash[0] = 0;
/* MMNNFFPPS */
#if OPENSSL_VERSION_NUMBER >= 0x010000000
x = X509_digest(cert, EVP_sha256(), md, &mdLength);
#else
x = X509_digest(cert, EVP_sha1(), md, &mdLength);
#endif
if( x ){
int j;
for(j=0; j<mdLength && j*2+1<sizeof(zHash); ++j){
zHash[j*2] = "0123456789abcdef"[md[j]>>4];
zHash[j*2+1] = "0123456789abcdef"[md[j]&0xf];
}
zHash[j*2] = 0;
}
................................................................................
db_open_config(1,0);
zCmd = g.argc>=3 ? g.argv[2] : "show";
nCmd = strlen(zCmd);
if( strncmp("show",zCmd,nCmd)==0 ){
const char *zName, *zValue;
size_t nName;
Stmt q;
fossil_print("OpenSSL-version: %s (0x%09x)\n",
SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_NUMBER);
fossil_print("OpenSSL-cert-file: %s\n", X509_get_default_cert_file());
fossil_print("OpenSSL-cert-dir: %s\n", X509_get_default_cert_dir());
zName = X509_get_default_cert_file_env();
zValue = fossil_getenv(zName);
if( zValue==0 ) zValue = "";
nName = strlen(zName);
fossil_print("%s:%.*s%s\n", zName, 19-nName, "", zValue);
|