When using OTP R14, use public_key library instead of old ssl (EJAB-953)

2024-11-22 16:20:52 +01:00 · 2010-07-09 20:02:29 +02:00 · 2010-07-09 20:02:29 +02:00 · 12e00c57f9
commit 12e00c57f9
parent 0c95cf7e61
7 changed files with 31 additions and 11 deletions
--- a/src/Makefile.in
+++ b/src/Makefile.in
@ -30,7 +30,7 @@ else
  INIT_USER=$(INSTALLUSER)
 endif

-EFLAGS += @ERLANG_SSL39@ -pa .
+EFLAGS += @ERLANG_SSLVER@ -pa .

 # make debug=true to compile Erlang module with debug informations.
 ifdef debug
--- a/src/aclocal.m4
+++ b/src/aclocal.m4
@ -121,7 +121,6 @@ AC_DEFUN(AM_WITH_ERLANG,
 -author('alexey@sevcom.net').

 -export([[start/0]]).
-include_lib("ssl/include/ssl_pkix.hrl").

 start() ->
    EIDirS = code:lib_dir("erl_interface") ++ "\n",
@ -130,11 +129,13 @@ start() ->
    file:write_file("conftest.out", list_to_binary(EIDirS ++ EILibS ++ ssldef() ++ RootDirS)),
    halt().

-[ifdef]('id-pkix').
-ssldef() -> "-DSSL39\n".
-else.
-ssldef() -> "\n".
-endif.
+ssldef() -> 
+   OTP = (catch erlang:system_info(otp_release)),
+   if
+	OTP >= "R14" -> "-DSSL40\n";
+	OTP >= "R12" -> "-DSSL39\n";
+        true -> ""
+   end.

 %% return physical architecture based on OS/Processor
 archname() ->
@ -184,7 +185,7 @@ _EOF
   # Second line
   ERLANG_EI_LIB=`cat conftest.out | head -n 2 | tail -n 1`
   # Third line
-   ERLANG_SSL39=`cat conftest.out | head -n 3 | tail -n 1`
+   ERLANG_SSLVER=`cat conftest.out | head -n 3 | tail -n 1`
   # End line
   ERLANG_DIR=`cat conftest.out | tail -n 1`

@ -193,7 +194,7 @@ _EOF

   AC_SUBST(ERLANG_CFLAGS)
   AC_SUBST(ERLANG_LIBS)
-   AC_SUBST(ERLANG_SSL39)
+   AC_SUBST(ERLANG_SSLVER)
   AC_SUBST(ERLC)
   AC_SUBST(ERL)
 ])
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@ -48,6 +48,11 @@

 -include("ejabberd.hrl").
 -include("jlib.hrl").
+-ifdef(SSL40).
+-include_lib("public_key/include/public_key.hrl"). 
+-define(PKIXEXPLICIT, 'OTP-PUB-KEY').
+-define(PKIXIMPLICIT, 'OTP-PUB-KEY').
+-else.
 -ifdef(SSL39).
 -include_lib("ssl/include/ssl_pkix.hrl").
 -define(PKIXEXPLICIT, 'OTP-PKIX').
@ -58,6 +63,7 @@
 -define(PKIXEXPLICIT, 'PKIX1Explicit88').
 -define(PKIXIMPLICIT, 'PKIX1Implicit88').
 -endif.
+-endif.
 -include("XmppAddr.hrl").

 -define(DICT, dict).
--- a/src/tls/Makefile.in
+++ b/src/tls/Makefile.in
@ -21,6 +21,7 @@ ifeq ($(shell uname),SunOs)
    DYNAMIC_LIB_CFLAGS = -KPIC -G -z text
 endif

+EFLAGS += @ERLANG_SSLVER@
 EFLAGS += -I ..
 EFLAGS += -pz ..

--- a/src/tls/tls.erl
+++ b/src/tls/tls.erl
@ -61,6 +61,13 @@
 -define(GET_VERIFY_RESULT,    8).
 -define(VERIFY_NONE, 16#10000).

+-ifdef(SSL40).
+-define(CERT_DECODE, {public_key, pkix_decode_cert, plain}).
+-else.
+-define(CERT_DECODE, {ssl_pkix, decode_cert, [pkix]}).
+-endif.
+
+
 -record(tlssock, {tcpsock, tlsport}).

 start() ->
@ -232,7 +239,8 @@ close(#tlssock{tcpsock = TCPSocket, tlsport = Port}) ->
 get_peer_certificate(#tlssock{tlsport = Port}) ->
    case port_control(Port, ?GET_PEER_CERTIFICATE, []) of
 	<<0, BCert/binary>> ->
-	    case catch ssl_pkix:decode_cert(BCert, [pkix]) of
+	    {CertMod, CertFun, CertSecondArg} = ?CERT_DECODE,
+	    case catch apply(CertMod, CertFun, [BCert, CertSecondArg]) of
 		{ok, Cert} ->
 		    {ok, Cert};
 		_ ->
--- a/src/web/Makefile.in
+++ b/src/web/Makefile.in
@ -9,7 +9,7 @@ LIBS = @LIBS@
 ERLANG_CFLAGS = @ERLANG_CFLAGS@
 ERLANG_LIBS = @ERLANG_LIBS@

-EFLAGS += @ERLANG_SSL39@
+EFLAGS += @ERLANG_SSLVER@
 EFLAGS += -I ..
 EFLAGS += -pz ..

--- a/src/web/mod_http_fileserver.erl
+++ b/src/web/mod_http_fileserver.erl
@ -66,11 +66,15 @@
 		  headers
 		 }).

+-ifdef(SSL40).
+-define(STRING2LOWER, string).
+-else.
 -ifdef(SSL39).
 -define(STRING2LOWER, string).
 -else.
 -define(STRING2LOWER, httpd_util).
 -endif.
+-endif.

 -record(state, {host, docroot, accesslog, accesslogfd, directory_indices,
                custom_headers, default_content_type, content_types = []}).