commit 7231b7f83075957636215c82746916ce3fffc89f
parent 1bd97426ba592406584ea78a991d1a5227d778c9
Author: Christian Grothoff <christian@grothoff.org>
Date: Fri, 2 May 2014 18:43:17 +0000
fix #3391
Diffstat:
4 files changed, 30 insertions(+), 29 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -3,6 +3,8 @@ May 2 20:22:45 CEST 2014
Fix possible issue from combination of epoll and suspend/resume
logic if edge trigger event is lost; also simplify logic to
maintain simpler invariants on the epoll state. -CG
+ Use OpenSSL cipher list "HIGH" in libmicrospdy (#3391). -CG
+ Releasing 0.9.35. -CG
Thu Apr 10 09:39:38 CEST 2014
Removed unescaping for URI path (#3371) as '+' should not
diff --git a/configure.ac b/configure.ac
@@ -22,15 +22,15 @@
#
AC_PREREQ([2.60])
LT_PREREQ([2.4.0])
-AC_INIT([libmicrohttpd],[0.9.34],[libmicrohttpd@gnu.org])
+AC_INIT([libmicrohttpd],[0.9.35],[libmicrohttpd@gnu.org])
AM_INIT_AUTOMAKE([silent-rules] [subdir-objects])
AC_CONFIG_HEADERS([MHD_config.h])
AC_CONFIG_MACRO_DIR([m4])
AH_TOP([#define _GNU_SOURCE 1])
-LIB_VERSION_CURRENT=33
+LIB_VERSION_CURRENT=34
LIB_VERSION_REVISION=0
-LIB_VERSION_AGE=23
+LIB_VERSION_AGE=24
AC_SUBST(LIB_VERSION_CURRENT)
AC_SUBST(LIB_VERSION_REVISION)
AC_SUBST(LIB_VERSION_AGE)
@@ -508,7 +508,7 @@ then
SAVE_LD_FLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
LIBS="$OPENSSL_LIBS $LIBS"
- AC_CHECK_FUNC([SSL_CTX_set_next_protos_advertised_cb],
+ AC_CHECK_FUNC([SSL_CTX_set_next_protos_advertised_cb],
[
AC_CHECK_FUNC([SSL_library_init], [ have_openssl=yes ],[ have_openssl=no ])
],[ have_openssl=no ])
@@ -641,7 +641,7 @@ AC_ARG_WITH(gnutls,
CPPFLAGS="-I$with_gnutls/include $CPPFLAGS"
AC_CHECK_FILE([$with_gnutls/include/gnutls/gnutls.h],
[AC_CHECK_HEADERS([gnutls/gnutls.h],
- [AC_CHECK_LIB([gnutls], [gnutls_priority_set],
+ [AC_CHECK_LIB([gnutls], [gnutls_priority_set],
[
GNUTLS_CPPFLAGS="-I$with_gnutls/include"
GNUTLS_LDFLAGS="-L$with_gnutls/lib"
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
@@ -130,7 +130,7 @@ typedef intptr_t ssize_t;
* Current version of the library.
* 0x01093001 = 1.9.30-1.
*/
-#define MHD_VERSION 0x00093401
+#define MHD_VERSION 0x00093500
/**
* MHD-internal return code for "YES".
diff --git a/src/microspdy/io_openssl.c b/src/microspdy/io_openssl.c
@@ -45,7 +45,7 @@ spdyf_next_protos_advertised_cb (SSL *ssl, const unsigned char **out, unsigned i
(void)arg;
static unsigned char npn_spdy3[] = {0x06, // length of "spdy/3"
0x73,0x70,0x64,0x79,0x2f,0x33};// spdy/3
-
+
*out = npn_spdy3;
*outlen = 7; // total length of npn_spdy3
return SSL_TLSEXT_ERR_OK;
@@ -87,8 +87,8 @@ SPDYF_openssl_init(struct SPDY_Daemon *daemon)
//set options for tls
//TODO DH is not enabled for easier debugging
//SSL_CTX_set_options(daemon->io_context, SSL_OP_SINGLE_DH_USE);
-
- //TODO here session tickets are disabled for easier debuging with
+
+ //TODO here session tickets are disabled for easier debuging with
//wireshark when using Chrome
// SSL_OP_NO_COMPRESSION disables TLS compression to avoid CRIME attack
options = SSL_OP_NO_TICKET;
@@ -112,14 +112,13 @@ SPDYF_openssl_init(struct SPDY_Daemon *daemon)
return SPDY_NO;
}
SSL_CTX_set_next_protos_advertised_cb(daemon->io_context, &spdyf_next_protos_advertised_cb, NULL);
- //TODO only RC4-SHA is used to make it easy to debug with wireshark
- if (1 != SSL_CTX_set_cipher_list(daemon->io_context, "RC4-SHA"))
+ if (1 != SSL_CTX_set_cipher_list(daemon->io_context, "HIGH"))
{
SPDYF_DEBUG("Couldn't set the desired cipher list");
SSL_CTX_free(daemon->io_context);
return SPDY_NO;
}
-
+
return SPDY_YES;
}
@@ -135,7 +134,7 @@ int
SPDYF_openssl_new_session(struct SPDY_Session *session)
{
int ret;
-
+
if(NULL == (session->io_context = SSL_new(session->daemon->io_context)))
{
SPDYF_DEBUG("Couldn't create ssl structure");
@@ -148,7 +147,7 @@ SPDYF_openssl_new_session(struct SPDY_Session *session)
session->io_context = NULL;
return SPDY_NO;
}
-
+
//for non-blocking I/O SSL_accept may return -1
//and this function won't work
if(1 != (ret = SSL_accept(session->io_context)))
@@ -158,11 +157,11 @@ SPDYF_openssl_new_session(struct SPDY_Session *session)
session->io_context = NULL;
return SPDY_NO;
}
- /* alternatively
+ /* alternatively
SSL_set_accept_state(session->io_context);
* may be called and then the negotiation will be done on reading
*/
-
+
return SPDY_YES;
}
@@ -176,7 +175,7 @@ SPDYF_openssl_close_session(struct SPDY_Session *session)
//after that because the browsers don't seem to care much about
//"close notify"
SSL_shutdown(session->io_context);
-
+
SSL_free(session->io_context);
}
@@ -187,7 +186,7 @@ SPDYF_openssl_recv(struct SPDY_Session *session,
size_t size)
{
int ret;
- int n = SSL_read(session->io_context,
+ int n = SSL_read(session->io_context,
buffer,
size);
//if(n > 0) SPDYF_DEBUG("recvd: %i",n);
@@ -198,15 +197,15 @@ SPDYF_openssl_recv(struct SPDY_Session *session,
{
case SSL_ERROR_ZERO_RETURN:
return 0;
-
+
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
return SPDY_IO_ERROR_AGAIN;
-
+
case SSL_ERROR_SYSCALL:
if(EINTR == errno)
return SPDY_IO_ERROR_AGAIN;
-
+
default:
return SPDY_IO_ERROR_ERROR;
}
@@ -222,8 +221,8 @@ SPDYF_openssl_send(struct SPDY_Session *session,
size_t size)
{
int ret;
-
- int n = SSL_write(session->io_context,
+
+ int n = SSL_write(session->io_context,
buffer,
size);
//if(n > 0) SPDYF_DEBUG("sent: %i",n);
@@ -234,20 +233,20 @@ SPDYF_openssl_send(struct SPDY_Session *session,
{
case SSL_ERROR_ZERO_RETURN:
return 0;
-
+
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
return SPDY_IO_ERROR_AGAIN;
-
+
case SSL_ERROR_SYSCALL:
if(EINTR == errno)
return SPDY_IO_ERROR_AGAIN;
-
+
default:
return SPDY_IO_ERROR_ERROR;
}
}
-
+
return n;
}
@@ -267,7 +266,7 @@ int
SPDYF_openssl_before_write(struct SPDY_Session *session)
{
(void)session;
-
+
return SPDY_YES;
}
@@ -276,6 +275,6 @@ int
SPDYF_openssl_after_write(struct SPDY_Session *session, int was_written)
{
(void)session;
-
+
return was_written;
}
