diff options
author | Christian Grothoff <christian@grothoff.org> | 2014-05-02 18:43:17 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2014-05-02 18:43:17 +0000 |
commit | 7231b7f83075957636215c82746916ce3fffc89f (patch) | |
tree | f1de447c414468c87b246dc813b0bd70926e08e5 | |
parent | 1bd97426ba592406584ea78a991d1a5227d778c9 (diff) | |
download | libmicrohttpd-7231b7f83075957636215c82746916ce3fffc89f.tar.gz libmicrohttpd-7231b7f83075957636215c82746916ce3fffc89f.zip |
fix #3391
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | configure.ac | 10 | ||||
-rw-r--r-- | src/include/microhttpd.h | 2 | ||||
-rw-r--r-- | src/microspdy/io_openssl.c | 45 |
4 files changed, 30 insertions, 29 deletions
@@ -3,6 +3,8 @@ May 2 20:22:45 CEST 2014 | |||
3 | Fix possible issue from combination of epoll and suspend/resume | 3 | Fix possible issue from combination of epoll and suspend/resume |
4 | logic if edge trigger event is lost; also simplify logic to | 4 | logic if edge trigger event is lost; also simplify logic to |
5 | maintain simpler invariants on the epoll state. -CG | 5 | maintain simpler invariants on the epoll state. -CG |
6 | Use OpenSSL cipher list "HIGH" in libmicrospdy (#3391). -CG | ||
7 | Releasing 0.9.35. -CG | ||
6 | 8 | ||
7 | Thu Apr 10 09:39:38 CEST 2014 | 9 | Thu Apr 10 09:39:38 CEST 2014 |
8 | Removed unescaping for URI path (#3371) as '+' should not | 10 | Removed unescaping for URI path (#3371) as '+' should not |
diff --git a/configure.ac b/configure.ac index 361917a4..53db5bca 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -22,15 +22,15 @@ | |||
22 | # | 22 | # |
23 | AC_PREREQ([2.60]) | 23 | AC_PREREQ([2.60]) |
24 | LT_PREREQ([2.4.0]) | 24 | LT_PREREQ([2.4.0]) |
25 | AC_INIT([libmicrohttpd],[0.9.34],[libmicrohttpd@gnu.org]) | 25 | AC_INIT([libmicrohttpd],[0.9.35],[libmicrohttpd@gnu.org]) |
26 | AM_INIT_AUTOMAKE([silent-rules] [subdir-objects]) | 26 | AM_INIT_AUTOMAKE([silent-rules] [subdir-objects]) |
27 | AC_CONFIG_HEADERS([MHD_config.h]) | 27 | AC_CONFIG_HEADERS([MHD_config.h]) |
28 | AC_CONFIG_MACRO_DIR([m4]) | 28 | AC_CONFIG_MACRO_DIR([m4]) |
29 | AH_TOP([#define _GNU_SOURCE 1]) | 29 | AH_TOP([#define _GNU_SOURCE 1]) |
30 | 30 | ||
31 | LIB_VERSION_CURRENT=33 | 31 | LIB_VERSION_CURRENT=34 |
32 | LIB_VERSION_REVISION=0 | 32 | LIB_VERSION_REVISION=0 |
33 | LIB_VERSION_AGE=23 | 33 | LIB_VERSION_AGE=24 |
34 | AC_SUBST(LIB_VERSION_CURRENT) | 34 | AC_SUBST(LIB_VERSION_CURRENT) |
35 | AC_SUBST(LIB_VERSION_REVISION) | 35 | AC_SUBST(LIB_VERSION_REVISION) |
36 | AC_SUBST(LIB_VERSION_AGE) | 36 | AC_SUBST(LIB_VERSION_AGE) |
@@ -508,7 +508,7 @@ then | |||
508 | SAVE_LD_FLAGS="$LDFLAGS" | 508 | SAVE_LD_FLAGS="$LDFLAGS" |
509 | LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS" | 509 | LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS" |
510 | LIBS="$OPENSSL_LIBS $LIBS" | 510 | LIBS="$OPENSSL_LIBS $LIBS" |
511 | AC_CHECK_FUNC([SSL_CTX_set_next_protos_advertised_cb], | 511 | AC_CHECK_FUNC([SSL_CTX_set_next_protos_advertised_cb], |
512 | [ | 512 | [ |
513 | AC_CHECK_FUNC([SSL_library_init], [ have_openssl=yes ],[ have_openssl=no ]) | 513 | AC_CHECK_FUNC([SSL_library_init], [ have_openssl=yes ],[ have_openssl=no ]) |
514 | ],[ have_openssl=no ]) | 514 | ],[ have_openssl=no ]) |
@@ -641,7 +641,7 @@ AC_ARG_WITH(gnutls, | |||
641 | CPPFLAGS="-I$with_gnutls/include $CPPFLAGS" | 641 | CPPFLAGS="-I$with_gnutls/include $CPPFLAGS" |
642 | AC_CHECK_FILE([$with_gnutls/include/gnutls/gnutls.h], | 642 | AC_CHECK_FILE([$with_gnutls/include/gnutls/gnutls.h], |
643 | [AC_CHECK_HEADERS([gnutls/gnutls.h], | 643 | [AC_CHECK_HEADERS([gnutls/gnutls.h], |
644 | [AC_CHECK_LIB([gnutls], [gnutls_priority_set], | 644 | [AC_CHECK_LIB([gnutls], [gnutls_priority_set], |
645 | [ | 645 | [ |
646 | GNUTLS_CPPFLAGS="-I$with_gnutls/include" | 646 | GNUTLS_CPPFLAGS="-I$with_gnutls/include" |
647 | GNUTLS_LDFLAGS="-L$with_gnutls/lib" | 647 | GNUTLS_LDFLAGS="-L$with_gnutls/lib" |
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h index 46346097..61272790 100644 --- a/src/include/microhttpd.h +++ b/src/include/microhttpd.h | |||
@@ -130,7 +130,7 @@ typedef intptr_t ssize_t; | |||
130 | * Current version of the library. | 130 | * Current version of the library. |
131 | * 0x01093001 = 1.9.30-1. | 131 | * 0x01093001 = 1.9.30-1. |
132 | */ | 132 | */ |
133 | #define MHD_VERSION 0x00093401 | 133 | #define MHD_VERSION 0x00093500 |
134 | 134 | ||
135 | /** | 135 | /** |
136 | * MHD-internal return code for "YES". | 136 | * MHD-internal return code for "YES". |
diff --git a/src/microspdy/io_openssl.c b/src/microspdy/io_openssl.c index 8dea5bb7..6a8b5cad 100644 --- a/src/microspdy/io_openssl.c +++ b/src/microspdy/io_openssl.c | |||
@@ -45,7 +45,7 @@ spdyf_next_protos_advertised_cb (SSL *ssl, const unsigned char **out, unsigned i | |||
45 | (void)arg; | 45 | (void)arg; |
46 | static unsigned char npn_spdy3[] = {0x06, // length of "spdy/3" | 46 | static unsigned char npn_spdy3[] = {0x06, // length of "spdy/3" |
47 | 0x73,0x70,0x64,0x79,0x2f,0x33};// spdy/3 | 47 | 0x73,0x70,0x64,0x79,0x2f,0x33};// spdy/3 |
48 | 48 | ||
49 | *out = npn_spdy3; | 49 | *out = npn_spdy3; |
50 | *outlen = 7; // total length of npn_spdy3 | 50 | *outlen = 7; // total length of npn_spdy3 |
51 | return SSL_TLSEXT_ERR_OK; | 51 | return SSL_TLSEXT_ERR_OK; |
@@ -87,8 +87,8 @@ SPDYF_openssl_init(struct SPDY_Daemon *daemon) | |||
87 | //set options for tls | 87 | //set options for tls |
88 | //TODO DH is not enabled for easier debugging | 88 | //TODO DH is not enabled for easier debugging |
89 | //SSL_CTX_set_options(daemon->io_context, SSL_OP_SINGLE_DH_USE); | 89 | //SSL_CTX_set_options(daemon->io_context, SSL_OP_SINGLE_DH_USE); |
90 | 90 | ||
91 | //TODO here session tickets are disabled for easier debuging with | 91 | //TODO here session tickets are disabled for easier debuging with |
92 | //wireshark when using Chrome | 92 | //wireshark when using Chrome |
93 | // SSL_OP_NO_COMPRESSION disables TLS compression to avoid CRIME attack | 93 | // SSL_OP_NO_COMPRESSION disables TLS compression to avoid CRIME attack |
94 | options = SSL_OP_NO_TICKET; | 94 | options = SSL_OP_NO_TICKET; |
@@ -112,14 +112,13 @@ SPDYF_openssl_init(struct SPDY_Daemon *daemon) | |||
112 | return SPDY_NO; | 112 | return SPDY_NO; |
113 | } | 113 | } |
114 | SSL_CTX_set_next_protos_advertised_cb(daemon->io_context, &spdyf_next_protos_advertised_cb, NULL); | 114 | SSL_CTX_set_next_protos_advertised_cb(daemon->io_context, &spdyf_next_protos_advertised_cb, NULL); |
115 | //TODO only RC4-SHA is used to make it easy to debug with wireshark | 115 | if (1 != SSL_CTX_set_cipher_list(daemon->io_context, "HIGH")) |
116 | if (1 != SSL_CTX_set_cipher_list(daemon->io_context, "RC4-SHA")) | ||
117 | { | 116 | { |
118 | SPDYF_DEBUG("Couldn't set the desired cipher list"); | 117 | SPDYF_DEBUG("Couldn't set the desired cipher list"); |
119 | SSL_CTX_free(daemon->io_context); | 118 | SSL_CTX_free(daemon->io_context); |
120 | return SPDY_NO; | 119 | return SPDY_NO; |
121 | } | 120 | } |
122 | 121 | ||
123 | return SPDY_YES; | 122 | return SPDY_YES; |
124 | } | 123 | } |
125 | 124 | ||
@@ -135,7 +134,7 @@ int | |||
135 | SPDYF_openssl_new_session(struct SPDY_Session *session) | 134 | SPDYF_openssl_new_session(struct SPDY_Session *session) |
136 | { | 135 | { |
137 | int ret; | 136 | int ret; |
138 | 137 | ||
139 | if(NULL == (session->io_context = SSL_new(session->daemon->io_context))) | 138 | if(NULL == (session->io_context = SSL_new(session->daemon->io_context))) |
140 | { | 139 | { |
141 | SPDYF_DEBUG("Couldn't create ssl structure"); | 140 | SPDYF_DEBUG("Couldn't create ssl structure"); |
@@ -148,7 +147,7 @@ SPDYF_openssl_new_session(struct SPDY_Session *session) | |||
148 | session->io_context = NULL; | 147 | session->io_context = NULL; |
149 | return SPDY_NO; | 148 | return SPDY_NO; |
150 | } | 149 | } |
151 | 150 | ||
152 | //for non-blocking I/O SSL_accept may return -1 | 151 | //for non-blocking I/O SSL_accept may return -1 |
153 | //and this function won't work | 152 | //and this function won't work |
154 | if(1 != (ret = SSL_accept(session->io_context))) | 153 | if(1 != (ret = SSL_accept(session->io_context))) |
@@ -158,11 +157,11 @@ SPDYF_openssl_new_session(struct SPDY_Session *session) | |||
158 | session->io_context = NULL; | 157 | session->io_context = NULL; |
159 | return SPDY_NO; | 158 | return SPDY_NO; |
160 | } | 159 | } |
161 | /* alternatively | 160 | /* alternatively |
162 | SSL_set_accept_state(session->io_context); | 161 | SSL_set_accept_state(session->io_context); |
163 | * may be called and then the negotiation will be done on reading | 162 | * may be called and then the negotiation will be done on reading |
164 | */ | 163 | */ |
165 | 164 | ||
166 | return SPDY_YES; | 165 | return SPDY_YES; |
167 | } | 166 | } |
168 | 167 | ||
@@ -176,7 +175,7 @@ SPDYF_openssl_close_session(struct SPDY_Session *session) | |||
176 | //after that because the browsers don't seem to care much about | 175 | //after that because the browsers don't seem to care much about |
177 | //"close notify" | 176 | //"close notify" |
178 | SSL_shutdown(session->io_context); | 177 | SSL_shutdown(session->io_context); |
179 | 178 | ||
180 | SSL_free(session->io_context); | 179 | SSL_free(session->io_context); |
181 | } | 180 | } |
182 | 181 | ||
@@ -187,7 +186,7 @@ SPDYF_openssl_recv(struct SPDY_Session *session, | |||
187 | size_t size) | 186 | size_t size) |
188 | { | 187 | { |
189 | int ret; | 188 | int ret; |
190 | int n = SSL_read(session->io_context, | 189 | int n = SSL_read(session->io_context, |
191 | buffer, | 190 | buffer, |
192 | size); | 191 | size); |
193 | //if(n > 0) SPDYF_DEBUG("recvd: %i",n); | 192 | //if(n > 0) SPDYF_DEBUG("recvd: %i",n); |
@@ -198,15 +197,15 @@ SPDYF_openssl_recv(struct SPDY_Session *session, | |||
198 | { | 197 | { |
199 | case SSL_ERROR_ZERO_RETURN: | 198 | case SSL_ERROR_ZERO_RETURN: |
200 | return 0; | 199 | return 0; |
201 | 200 | ||
202 | case SSL_ERROR_WANT_READ: | 201 | case SSL_ERROR_WANT_READ: |
203 | case SSL_ERROR_WANT_WRITE: | 202 | case SSL_ERROR_WANT_WRITE: |
204 | return SPDY_IO_ERROR_AGAIN; | 203 | return SPDY_IO_ERROR_AGAIN; |
205 | 204 | ||
206 | case SSL_ERROR_SYSCALL: | 205 | case SSL_ERROR_SYSCALL: |
207 | if(EINTR == errno) | 206 | if(EINTR == errno) |
208 | return SPDY_IO_ERROR_AGAIN; | 207 | return SPDY_IO_ERROR_AGAIN; |
209 | 208 | ||
210 | default: | 209 | default: |
211 | return SPDY_IO_ERROR_ERROR; | 210 | return SPDY_IO_ERROR_ERROR; |
212 | } | 211 | } |
@@ -222,8 +221,8 @@ SPDYF_openssl_send(struct SPDY_Session *session, | |||
222 | size_t size) | 221 | size_t size) |
223 | { | 222 | { |
224 | int ret; | 223 | int ret; |
225 | 224 | ||
226 | int n = SSL_write(session->io_context, | 225 | int n = SSL_write(session->io_context, |
227 | buffer, | 226 | buffer, |
228 | size); | 227 | size); |
229 | //if(n > 0) SPDYF_DEBUG("sent: %i",n); | 228 | //if(n > 0) SPDYF_DEBUG("sent: %i",n); |
@@ -234,20 +233,20 @@ SPDYF_openssl_send(struct SPDY_Session *session, | |||
234 | { | 233 | { |
235 | case SSL_ERROR_ZERO_RETURN: | 234 | case SSL_ERROR_ZERO_RETURN: |
236 | return 0; | 235 | return 0; |
237 | 236 | ||
238 | case SSL_ERROR_WANT_READ: | 237 | case SSL_ERROR_WANT_READ: |
239 | case SSL_ERROR_WANT_WRITE: | 238 | case SSL_ERROR_WANT_WRITE: |
240 | return SPDY_IO_ERROR_AGAIN; | 239 | return SPDY_IO_ERROR_AGAIN; |
241 | 240 | ||
242 | case SSL_ERROR_SYSCALL: | 241 | case SSL_ERROR_SYSCALL: |
243 | if(EINTR == errno) | 242 | if(EINTR == errno) |
244 | return SPDY_IO_ERROR_AGAIN; | 243 | return SPDY_IO_ERROR_AGAIN; |
245 | 244 | ||
246 | default: | 245 | default: |
247 | return SPDY_IO_ERROR_ERROR; | 246 | return SPDY_IO_ERROR_ERROR; |
248 | } | 247 | } |
249 | } | 248 | } |
250 | 249 | ||
251 | return n; | 250 | return n; |
252 | } | 251 | } |
253 | 252 | ||
@@ -267,7 +266,7 @@ int | |||
267 | SPDYF_openssl_before_write(struct SPDY_Session *session) | 266 | SPDYF_openssl_before_write(struct SPDY_Session *session) |
268 | { | 267 | { |
269 | (void)session; | 268 | (void)session; |
270 | 269 | ||
271 | return SPDY_YES; | 270 | return SPDY_YES; |
272 | } | 271 | } |
273 | 272 | ||
@@ -276,6 +275,6 @@ int | |||
276 | SPDYF_openssl_after_write(struct SPDY_Session *session, int was_written) | 275 | SPDYF_openssl_after_write(struct SPDY_Session *session, int was_written) |
277 | { | 276 | { |
278 | (void)session; | 277 | (void)session; |
279 | 278 | ||
280 | return was_written; | 279 | return was_written; |
281 | } | 280 | } |