Fossil

Check-in [64d79ad4]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:When compiling with older versions of OpenSSL that do not support SHA256, hash certs using SHA1 instead.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 64d79ad4575985e975c581f3360537b8ba4795f81c7cc0e0723a862b3a89a512
User & Date: drh 2020-05-18 11:48:42
Context
2020-05-19
16:51
Update the built-in SQLite to the third beta for 3.32.0. (check-in: a8098efe user: drh tags: trunk)
2020-05-18
11:48
When compiling with older versions of OpenSSL that do not support SHA256, hash certs using SHA1 instead. (check-in: 64d79ad4 user: drh tags: trunk)
10:55
Fix harmless compiler warnings in http_ssl.c that occur when building without SSL support. (check-in: b2824009 user: drh tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/http_ssl.c.

326
327
328
329
330
331
332

333
334
335
336
337
338
339
340
341
342


343




344
345
346
347
348
349
350
...
530
531
532
533
534
535
536
537

538
539
540
541
542
543
544
  if ( cert==NULL ){
    ssl_set_errmsg("No SSL certificate was presented by the peer");
    ssl_close();
    return 1;
  }

  if( !sslNoCertVerify && SSL_get_verify_result(ssl)!=X509_V_OK ){

    char *desc, *prompt;
    Blob ans;
    char cReply;
    BIO *mem;
    unsigned char md[32];
    char zHash[32*2+1];
    unsigned int mdLength = (int)sizeof(md);

    memset(md, 0, sizeof(md));
    zHash[0] = 0;


    if( X509_digest(cert, EVP_sha256(), md, &mdLength) ){




      int j;
      for(j=0; j<mdLength && j*2+1<sizeof(zHash); ++j){
        zHash[j*2] = "0123456789abcdef"[md[j]>>4];
        zHash[j*2+1] = "0123456789abcdef"[md[j]&0xf];
      }
      zHash[j*2] = 0;
    }
................................................................................
  db_open_config(1,0);
  zCmd = g.argc>=3 ? g.argv[2] : "show";
  nCmd = strlen(zCmd);
  if( strncmp("show",zCmd,nCmd)==0 ){
    const char *zName, *zValue;
    size_t nName;
    Stmt q;
    fossil_print("OpenSSL-version:   %s\n", SSLeay_version(SSLEAY_VERSION));

    fossil_print("OpenSSL-cert-file: %s\n", X509_get_default_cert_file());
    fossil_print("OpenSSL-cert-dir:  %s\n", X509_get_default_cert_dir());
    zName = X509_get_default_cert_file_env();
    zValue = fossil_getenv(zName);
    if( zValue==0 ) zValue = "";
    nName = strlen(zName);
    fossil_print("%s:%.*s%s\n", zName, 19-nName, "", zValue);







>










>
>
|
>
>
>
>







 







|
>







326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
...
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
  if ( cert==NULL ){
    ssl_set_errmsg("No SSL certificate was presented by the peer");
    ssl_close();
    return 1;
  }

  if( !sslNoCertVerify && SSL_get_verify_result(ssl)!=X509_V_OK ){
    int x;
    char *desc, *prompt;
    Blob ans;
    char cReply;
    BIO *mem;
    unsigned char md[32];
    char zHash[32*2+1];
    unsigned int mdLength = (int)sizeof(md);

    memset(md, 0, sizeof(md));
    zHash[0] = 0;
                            /*  MMNNFFPPS */
#if OPENSSL_VERSION_NUMBER >= 0x010000000
    x = X509_digest(cert, EVP_sha256(), md, &mdLength);
#else
    x = X509_digest(cert, EVP_sha1(), md, &mdLength);
#endif
    if( x ){
      int j;
      for(j=0; j<mdLength && j*2+1<sizeof(zHash); ++j){
        zHash[j*2] = "0123456789abcdef"[md[j]>>4];
        zHash[j*2+1] = "0123456789abcdef"[md[j]&0xf];
      }
      zHash[j*2] = 0;
    }
................................................................................
  db_open_config(1,0);
  zCmd = g.argc>=3 ? g.argv[2] : "show";
  nCmd = strlen(zCmd);
  if( strncmp("show",zCmd,nCmd)==0 ){
    const char *zName, *zValue;
    size_t nName;
    Stmt q;
    fossil_print("OpenSSL-version:   %s  (0x%09x)\n",
         SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_NUMBER);
    fossil_print("OpenSSL-cert-file: %s\n", X509_get_default_cert_file());
    fossil_print("OpenSSL-cert-dir:  %s\n", X509_get_default_cert_dir());
    zName = X509_get_default_cert_file_env();
    zValue = fossil_getenv(zName);
    if( zValue==0 ) zValue = "";
    nName = strlen(zName);
    fossil_print("%s:%.*s%s\n", zName, 19-nName, "", zValue);