Update serf from 1.3.7 to 1.3.8. Mostly disables sslv2 and sslv3.

This commit is contained in:
peter 2015-08-09 05:16:14 +00:00
parent a55265d19a
commit 72322b0e20
5 changed files with 41 additions and 12 deletions

View File

@ -1,10 +1,18 @@
Serf 1.3.8 [2014-10-20, from /tags/1.3.8, rxxxx]
Fix issue #152: CRC calculation error for gzipped http reponses > 4GB.
Fix issue #153: SSPI CredHandle not freed when APR pool is destroyed.
Fix issue #154: Disable SSLv2 and SSLv3 as both or broken.
Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411]
Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399)
Serf 1.3.6 [2014-06-09, from /tags/1.3.6, r2372]
Revert r2319 from serf 1.3.5: this change was making serf call handle_response
multiple times in case of an error response, leading to unexpected behavior.
Serf 1.3.5 [2014-04-27, from /tags/1.3.5, r2355]
Fix issue #125: no reverse lookup during Negotiate authentication for proxies.
Fix a crash caused by incorrect reuse of the ssltunnel CONNECT request (r2316)

View File

@ -95,8 +95,8 @@ cleanup_ctx(void *data)
}
if (SecIsValidHandle(&ctx->sspi_credentials)) {
FreeCredentialsHandle(&ctx->sspi_context);
SecInvalidateHandle(&ctx->sspi_context);
FreeCredentialsHandle(&ctx->sspi_credentials);
SecInvalidateHandle(&ctx->sspi_credentials);
}
return APR_SUCCESS;

View File

@ -141,7 +141,6 @@ static apr_status_t serf_deflate_read(serf_bucket_t *bucket,
const char **data, apr_size_t *len)
{
deflate_context_t *ctx = bucket->data;
unsigned long compCRC, compLen;
apr_status_t status;
const char *private_data;
apr_size_t private_len;
@ -186,17 +185,25 @@ static apr_status_t serf_deflate_read(serf_bucket_t *bucket,
ctx->state++;
break;
case STATE_VERIFY:
{
unsigned long compCRC, compLen, actualLen;
/* Do the checksum computation. */
compCRC = getLong((unsigned char*)ctx->hdr_buffer);
if (ctx->crc != compCRC) {
return SERF_ERROR_DECOMPRESSION_FAILED;
}
compLen = getLong((unsigned char*)ctx->hdr_buffer + 4);
if (ctx->zstream.total_out != compLen) {
/* The length in the trailer is module 2^32, so do the same for
the actual length. */
actualLen = ctx->zstream.total_out;
actualLen &= 0xFFFFFFFF;
if (actualLen != compLen) {
return SERF_ERROR_DECOMPRESSION_FAILED;
}
ctx->state++;
break;
}
case STATE_INIT:
zRC = inflateInit2(&ctx->zstream, ctx->windowSize);
if (zRC != Z_OK) {
@ -264,10 +271,14 @@ static apr_status_t serf_deflate_read(serf_bucket_t *bucket,
ctx->zstream.next_in = (unsigned char*)private_data;
ctx->zstream.avail_in = private_len;
}
zRC = Z_OK;
while (ctx->zstream.avail_in != 0) {
/* We're full, clear out our buffer, reset, and return. */
if (ctx->zstream.avail_out == 0) {
while (1) {
zRC = inflate(&ctx->zstream, Z_NO_FLUSH);
/* We're full or zlib requires more space. Either case, clear
out our buffer, reset, and return. */
if (zRC == Z_BUF_ERROR || ctx->zstream.avail_out == 0) {
serf_bucket_t *tmp;
ctx->zstream.next_out = ctx->buffer;
private_len = ctx->bufferSize - ctx->zstream.avail_out;
@ -283,7 +294,6 @@ static apr_status_t serf_deflate_read(serf_bucket_t *bucket,
ctx->zstream.avail_out = ctx->bufferSize;
break;
}
zRC = inflate(&ctx->zstream, Z_NO_FLUSH);
if (zRC == Z_STREAM_END) {
serf_bucket_t *tmp;
@ -330,9 +340,13 @@ static apr_status_t serf_deflate_read(serf_bucket_t *bucket,
break;
}
/* Any other error? */
if (zRC != Z_OK) {
return SERF_ERROR_DECOMPRESSION_FAILED;
}
/* As long as zRC == Z_OK, just keep looping. */
}
/* Okay, we've inflated. Try to read. */
status = serf_bucket_read(ctx->inflate_stream, requested, data,
@ -340,8 +354,13 @@ static apr_status_t serf_deflate_read(serf_bucket_t *bucket,
/* Hide EOF. */
if (APR_STATUS_IS_EOF(status)) {
status = ctx->stream_status;
/* If our stream is finished too, return SUCCESS so
* we'll iterate one more time.
/* If the inflation wasn't finished, return APR_SUCCESS. */
if (zRC != Z_STREAM_END)
return APR_SUCCESS;
/* If our stream is finished too and all data was inflated,
* return SUCCESS so we'll iterate one more time.
*/
if (APR_STATUS_IS_EOF(status)) {
/* No more data to read from the stream, and everything

View File

@ -1317,7 +1317,9 @@ static serf_ssl_context_t *ssl_init_context(serf_bucket_alloc_t *allocator)
ssl_ctx->pool = serf_bucket_allocator_get_pool(allocator);
ssl_ctx->allocator = allocator;
/* Use the best possible protocol version, but disable the broken SSLv2/3 */
ssl_ctx->ctx = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(ssl_ctx->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
SSL_CTX_set_client_cert_cb(ssl_ctx->ctx, ssl_need_client_cert);
ssl_ctx->cached_cert = 0;

View File

@ -1062,7 +1062,7 @@ void serf_debug__bucket_alloc_check(
/* Version info */
#define SERF_MAJOR_VERSION 1
#define SERF_MINOR_VERSION 3
#define SERF_PATCH_VERSION 7
#define SERF_PATCH_VERSION 8
/* Version number string */
#define SERF_VERSION_STRING APR_STRINGIFY(SERF_MAJOR_VERSION) "." \