TSG-9724: 适配Rocky Linux8.5v2.0.9

author: 刘学利 <[email protected]> 2022-03-16 07:19:54 +0000
committer: 刘学利 <[email protected]> 2022-03-16 07:19:54 +0000
commit: 270a31cfaa6b5f7df8aab8fc7d39f63a23809071 (patch)
tree: cfaa3fdc6d5c9724e2df31655b6dea8bf32cab71
parent: 6d9ed75b88c1b65e036a26b2c430e49ae4fc4c1c (diff)
7 files changed, 236 insertions, 148 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6a72925..2b0aeae 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,29 +1,50 @@
-image: "git.mesalab.cn:7443/mesa_platform/build-env:master"
 variables:
   GIT_STRATEGY: "clone"
+  BUILD_IMAGE_CENTOS7: "git.mesalab.cn:7443/mesa_platform/build-env:master"
+  BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux"
   BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
-  INSTALL_PREFIX: "/opt/MESA/lib/"
-  INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel  libcjson-devel libMESA_field_stat2-devel  sapp-devel framework_env  libMESA_prof_load-devel sapp-devel openssl-devel libasan
+  INSTALL_DEPENDENCY_PLATFORM:  sapp-devel libasan systemd-devel libnsl
+  INSTALL_DEPENDENCY_FRAMEWORK:  libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel framework_env libMESA_prof_load-devel libbreakpad_mini-devel libMESA_htable-devel
+  INSTALL_PREFIX: "/home/mesasoft/sapp_run/"
 
 stages:
+#- analysis
 - build
+#- test
+- package
 
-.build_by_travis:
+.build_before_script:
   before_script:
   - mkdir -p $BUILD_PADDING_PREFIX/$CI_PROJECT_NAMESPACE/
   - ln -s $CI_PROJECT_DIR $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
   - cd $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
   - chmod +x ./ci/travis.sh
-  script:
   - yum makecache
-  - ./ci/travis.sh
-  - cd build
+  - yum install -y elfutils-libelf-devel
+
+
+.build_by_travis_for_centos7:
+  stage: build
+  image: $BUILD_IMAGE_CENTOS7
+  extends: .build_before_script
+  script:
+    - ./ci/travis.sh
+      - cd build
   tags:
   - share
 
-branch_build_debug:
+.build_by_travis_for_centos8:
   stage: build
-  extends: .build_by_travis
+  image: $BUILD_IMAGE_CENTOS8
+  extends: .build_before_script
+  script:
+    - ./ci/travis.sh
+  tags:
+    - share
+
+branch_build_debug_for_centos7:
+  stage: build
+  extends: .build_by_travis_for_centos7
   variables:
     BUILD_TYPE: Debug
   except:
@@ -31,19 +52,19 @@ branch_build_debug:
     - /^master.*$/i
     - tags
 
-branch_build_release:
+branch_build_release_for_centos7:
   stage: build
   variables:
     BUILD_TYPE: RelWithDebInfo
-  extends: .build_by_travis
+  extends: .build_by_travis_for_centos7
   except:
     - /^develop.*$/i
     - /^master.*$/i
     - tags
 
-develop_build_debug:
+develop_build_debug_for_centos7:
   stage: build
-  extends: .build_by_travis
+  extends: .build_by_travis_for_centos7
   variables:
     BUILD_TYPE: Debug
     PACKAGE: 1
@@ -60,14 +81,13 @@ develop_build_debug:
     - /^develop.*$/i
     - /^master.*$/i
 
-develop_build_release:
+develop_build_release_for_centos7:
   stage: build
-  extends: .build_by_travis
+  extends: .build_by_travis_for_centos7
   variables:
     BUILD_TYPE: RelWithDebInfo
     PACKAGE: 1
     UPLOAD_RPM: 1
-    ASAN_OPTION: "OFF"
     TESTING_VERSION_BUILD: 1
     PULP3_REPO_NAME: protocol-testing-x86_64.el7
     PULP3_DIST_NAME: protocol-testing-x86_64.el7
@@ -79,24 +99,24 @@ develop_build_release:
     - /^develop.*$/i
     - /^master.*$/i
 
-release_build_debug:
-  stage: build
+release_build_debug_for_centos7:
+  stage: package
   variables:
     BUILD_TYPE: Debug
     PACKAGE: 1
     UPLOAD_RPM: 1
     PULP3_REPO_NAME: protocol-stable-x86_64.el7
     PULP3_DIST_NAME: protocol-stable-x86_64.el7
-  extends: .build_by_travis
+  extends: .build_by_travis_for_centos7
   artifacts:
-    name: "ssl-$CI_COMMIT_REF_NAME-release"
+    name: "ssl-$CI_COMMIT_REF_NAME-debug"
     paths:
       - build/*.rpm
   only:
     - tags
 
-release_build_release:
-  stage: build
+release_build_release_for_centos7:
+  stage: package
   variables:
     BUILD_TYPE: RelWithDebInfo
     PACKAGE: 1
@@ -105,10 +125,101 @@ release_build_release:
     SYMBOL_TARGET: ssl
     PULP3_REPO_NAME: protocol-stable-x86_64.el7
     PULP3_DIST_NAME: protocol-stable-x86_64.el7
-  extends: .build_by_travis
+  extends: .build_by_travis_for_centos7
   artifacts:
     name: "ssl-$CI_COMMIT_REF_NAME-release"
     paths:
       - build/*.rpm
   only:
-    - tags
-\ No newline at end of file
+    - tags
+
+branch_build_debug_for_centos8:
+  stage: build
+  extends: .build_by_travis_for_centos8
+  variables:
+    BUILD_TYPE: Debug
+  except:
+    - /^develop.*$/i
+    - /^master.*$/i
+    - tags
+
+branch_build_release_for_centos8:
+  stage: build
+  variables:
+    BUILD_TYPE: RelWithDebInfo
+  extends: .build_by_travis_for_centos8
+  except:
+    - /^develop.*$/i
+    - /^master.*$/i
+    - tags
+
+develop_build_debug_for_centos8:
+  stage: build
+  extends: .build_by_travis_for_centos8
+  variables:
+    BUILD_TYPE: Debug
+    PACKAGE: 1
+    UPLOAD_RPM: 1
+    ASAN_OPTION: ADDRESS
+    TESTING_VERSION_BUILD: 1
+    PULP3_REPO_NAME: protocol-testing-x86_64.el8
+    PULP3_DIST_NAME: protocol-testing-x86_64.el8
+  artifacts:
+    name: "ssl-$CI_COMMIT_REF_NAME-debug"
+    paths:
+      - build/*.rpm
+  only:
+    - /^develop.*$/i
+    - /^master.*$/i
+
+develop_build_release_for_centos8:
+  stage: build
+  extends: .build_by_travis_for_centos8
+  variables:
+    BUILD_TYPE: RelWithDebInfo
+    PACKAGE: 1
+    UPLOAD_RPM: 1
+    TESTING_VERSION_BUILD: 1
+    PULP3_REPO_NAME: protocol-testing-x86_64.el8
+    PULP3_DIST_NAME: protocol-testing-x86_64.el8
+  artifacts:
+    name: "ssl-$CI_COMMIT_REF_NAME-release"
+    paths:
+      - build/*.rpm
+  only:
+    - /^develop.*$/i
+    - /^master.*$/i
+
+release_build_debug_for_centos8:
+  stage: package
+  variables:
+    BUILD_TYPE: Debug
+    PACKAGE: 1
+    UPLOAD_RPM: 1
+    PULP3_REPO_NAME: protocol-stable-x86_64.el8
+    PULP3_DIST_NAME: protocol-stable-x86_64.el8
+  extends: .build_by_travis_for_centos8
+  artifacts:
+    name: "ssl-$CI_COMMIT_REF_NAME-debug"
+    paths:
+      - build/*.rpm
+  only:
+    - tags
+
+release_build_release_for_centos8:
+  stage: package
+  variables:
+    BUILD_TYPE: RelWithDebInfo
+    PACKAGE: 1
+    UPLOAD_RPM: 1
+    UPLOAD_SYMBOL_FILES: 1
+    SYMBOL_TARGET: ssl
+    PULP3_REPO_NAME: protocol-stable-x86_64.el8
+    PULP3_DIST_NAME: protocol-stable-x86_64.el8
+  extends: .build_by_travis_for_centos8
+  artifacts:
+    name: "ssl-$CI_COMMIT_REF_NAME-release"
+    paths:
+      - build/*.rpm
+  only:
+    - tags
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2df4eb0..c4af0d1 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -33,18 +33,21 @@ endif()
 include_directories(/opt/MESA/include/MESA/)
 include_directories(./src/inc/)
 include_directories(./src/)
+include_directories(include)
+
+add_subdirectory(support)
 
 file(GLOB SRC
     "src/*.c"
     "src/*.cpp"
 )
 
-set(DNS_DEPEND_DYN_LIB MESA_handle_logger MESA_field_stat2 MESA_prof_load)
+set(DEPEND_DYN_LIB MESA_handle_logger MESA_field_stat2 MESA_prof_load)
 
 # Shared Library Output
 add_library(ssl SHARED ${SRC})
 set_target_properties(ssl  PROPERTIES PREFIX "")
-target_link_libraries(ssl ${DNS_DEPEND_DYN_LIB})
+target_link_libraries(ssl ${DEPEND_DYN_LIB} -Wl,--no-whole-archive openssl-crypto-static -Wl,--no-whole-archive openssl-ssl-static)
 #target_link_libraries(ssl "openssl.so")
 if(DEFINED MESA_SHARED_INSTALL_DIR)
 	set_target_properties(ssl PROPERTIES OUTPUT_NAME ${lib_name} LIBRARY_OUTPUT_DIRECTORY ${MESA_SHARED_INSTALL_DIR})
diff --git a/ci/travis.sh b/ci/travis.sh
index 24fe71f..80df870 100644
--- a/ci/travis.sh
+++ b/ci/travis.sh
@@ -33,12 +33,16 @@ env | sort
 : "${COMPILER_IS_GNUCXX:=OFF}"
 
 # Install dependency from YUM
-if [ -n "${INSTALL_DEPENDENCY_LIBRARY}" ]; then
-	yum install -y $INSTALL_DEPENDENCY_LIBRARY
+if [ -n "${INSTALL_DEPENDENCY_FRAMEWORK}" ]; then
+	yum install -y $INSTALL_DEPENDENCY_FRAMEWORK
 	source /etc/profile.d/framework.sh
 fi
 
-if [ $ASAN_OPTION ];then
+if [ -n "${INSTALL_DEPENDENCY_PLATFORM}" ]; then
+	yum install -y $INSTALL_DEPENDENCY_PLATFORM
+fi
+
+if [ $ASAN_OPTION ] && [ -f "/opt/rh/devtoolset-7/enable" ] ;then
 	source /opt/rh/devtoolset-7/enable
 fi
 
diff --git a/cmake/Package.cmake b/cmake/Package.cmake
index 20e7cfa..9a01423 100644
--- a/cmake/Package.cmake
+++ b/cmake/Package.cmake
@@ -12,18 +12,18 @@ set(CPACK_PACKAGE_VERSION_MINOR "${VERSION_MINOR}")
 set(CPACK_PACKAGE_VERSION_PATCH "${VERSION_PATCH}.${VERSION_BUILD}")
 set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX})
 set(CPACK_PACKAGE_VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_BUILD}")
-execute_process(COMMAND bash -c "echo -ne \"`uname -r | awk -F'.' '{print $5\".\"$6\".\"$7}'`\"" OUTPUT_VARIABLE SYSTEM_VERSION)
 
-#execute_process(COMMAND sh changelog.sh ${CMAKE_BINARY_DIR} WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/cmake)
-#SET(CPACK_RPM_CHANGELOG_FILE ${CMAKE_BINARY_DIR}/changelog.txt)
+execute_process(COMMAND sh changelog.sh ${CMAKE_BINARY_DIR} WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/cmake)
+SET(CPACK_RPM_CHANGELOG_FILE ${CMAKE_BINARY_DIR}/changelog.txt)
 
 # RPM Build
 set(CPACK_GENERATOR "RPM")
+set(CPACK_RPM_AUTO_GENERATED_FILE_NAME ON)
+set(CPACK_RPM_FILE_NAME "RPM-DEFAULT")
 set(CPACK_RPM_PACKAGE_VENDOR "MESA")
 set(CPACK_RPM_PACKAGE_AUTOREQPROV "yes")
-set(CPACK_RPM_PACKAGE_RELEASE_LIBRARY "on")
+set(CPACK_RPM_PACKAGE_RELEASE_DIST "on")
 set(CPACK_RPM_DEBUGINFO_PACKAGE "on")
-set(CPACK_RPM_PACKAGE_DEBUG 1)
 
 set(CPACK_RPM_COMPONENT_INSTALL ON)
 set(CPACK_COMPONENTS_IGNORE_GROUPS 1)
@@ -32,17 +32,12 @@ set(CPACK_COMPONENT_HEADER_DISPLAY_NAME "develop")
 
 set(CPACK_COMPONENT_LIBRARIES_REQUIRED TRUE)
 set(CPACK_RPM_LIBRARIES_PACKAGE_NAME ${MY_RPM_NAME_PREFIX})
-set(CPACK_RPM_LIBRARIES_FILE_NAME "${CPACK_RPM_LIBRARIES_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm")
-set(CPACK_RPM_LIBRARIES_DEBUGINFO_FILE_NAME "${CPACK_RPM_LIBRARIES_PACKAGE_NAME}-debuginfo-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm")
-
-set(CPACK_COMPONENT_PROFILE_GROUP "libraries")
-set(CPACK_COMPONENT_LIBRARIES_GROUP "libraries")
+set(CPACK_COMPONENT_PROFILE_GROUP "LIBRARIES")
+set(CPACK_COMPONENT_LIBRARIES_GROUP "LIBRARIES")
 
 set(CPACK_COMPONENT_HEADER_REQUIRED TRUE)
 set(CPACK_RPM_HEADER_PACKAGE_NAME "${MY_RPM_NAME_PREFIX}-devel")
-set(CPACK_RPM_HEADER_FILE_NAME "${CPACK_RPM_HEADER_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm")
-set(CPACK_RPM_HEADER_DEBUGINFO_FILE_NAME "${CPACK_RPM_HEADER_PACKAGE_NAME}-debuginfo-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm")
-set(CPACK_COMPONENT_HEADER_GROUP "header")
+set(CPACK_COMPONENT_HEADER_GROUP "HEADER")
 
 set(CPACK_RPM_HEADER_PACKAGE_REQUIRES_PRE ${CPACK_RPM_LIBRARIES_PACKAGE_NAME})
 set(CPACK_RPM_HEADER_PACKAGE_CONFLICTS ${CPACK_RPM_HEADER_PACKAGE_NAME})
diff --git a/src/SSL_Certificate.c b/src/SSL_Certificate.c
index 60fbae3..36dc565 100644
--- a/src/SSL_Certificate.c
+++ b/src/SSL_Certificate.c
@@ -10,21 +10,21 @@
 #include <string.h>
 #include <pthread.h>
 #include <assert.h>
+
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/safestack.h>
+#include <openssl/cms.h>
+#include <openssl/ocsp.h>
+#include <openssl/ts.h>
+#include <openssl/x509v3.h>
+
 #include "SSL_Analyze.h"
 #include "ssl.h"
 #include "SSL_Message.h"
 #include "SSL_Certificate.h"
 #include "SSL_Proc.h"
 
-#include "openssl/x509.h"
-#include "openssl/objects.h"
-#include "openssl/safestack.h"
-#include "openssl/cms.h"
-#include "openssl/ocsp.h"
-#include "openssl/ts.h"
-#include "openssl/ts.h"
-#include "openssl/x509v3.h"
-
 //debug
 #define PRINTF_CERTIFICATE		0
 
@@ -63,7 +63,7 @@ const stSerialString_t g_astUserItemId[] =
     {{0}, NULL},
 };
 
-/*return :  1 ���ڣ�0 ������*/
+/*return :  1 ���ڣ�0 ������*/
 int ssl_read_specific_cert(const char* conj_cert_buf, uint32_t conj_buflen, uint8_t cert_type, char** cert, uint32_t* cert_len)
 {
 	if(NULL==conj_cert_buf || 0==conj_buflen) return 0;	
@@ -144,7 +144,7 @@ int ssl_read_specific_cert(const char* conj_cert_buf, uint32_t conj_buflen, uint
 	return 0;	
 }
 
-/*return : chain ����*/
+/*return : chain ����*/
 int ssl_read_all_cert(const char* conj_cert_buf, uint32_t conj_buflen, cert_chain_t* cert_unit, uint32_t unit_size)
 {
 	if(NULL==conj_cert_buf || 0==conj_buflen) return 0;
@@ -295,7 +295,7 @@ UCHAR ssl_AnalyseCertificate(char *pcSslCertificateData, int iDataLen, ssl_strea
 		a_ssl_stream->p_output_buffer->p_data = NULL;
 		a_ssl_stream->p_output_buffer->data_size = 0;
 		cert_num++;
-		/*�ͷ�san�ڴ�*/
+		/*�ͷ�san�ڴ�*/
 		if(a_ssl_stream->stSSLCert->SSLSubAltName!=NULL)
 		{
 			if(a_ssl_stream->stSSLCert->SSLSubAltName->san_array!=NULL)
@@ -1037,8 +1037,28 @@ UCHAR  fn_pGetSSLInfo_v1(char *pcCert, int iLen, ssl_stream *a_ssl_stream,  stru
 
 UCHAR  fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream,  struct streaminfo *a_tcp,
 		        			unsigned long long region_flag, int thread_seq, void *a_packet)
-{	
-	//return SSL_RETURN_NORM;
+{
+	int cnt;
+    int i = 0;
+	char *san = NULL;
+    
+	X509_NAME *issuer = NULL;
+    X509_NAME *subject = NULL;
+
+    ASN1_STRING *serial = NULL;
+	ASN1_STRING *san_name = NULL;
+    
+	GENERAL_NAME *generalName = NULL;
+    GENERAL_NAMES *subjectAltNames = NULL;
+    
+    ASN1_TIME *start = NULL;
+    ASN1_TIME *end = NULL;
+	
+	EVP_PKEY *pkey = NULL;
+	const ASN1_OBJECT *salg;
+    const X509_ALGOR *tsig_alg;
+	
+    //return SSL_RETURN_NORM;
 	
 	X509 *x509_handle = d2i_X509(NULL, (unsigned char const **)&pcCert, iLen);
 	if (x509_handle == NULL) 
@@ -1046,7 +1066,7 @@ UCHAR  fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream,  struct
 		return SSL_RETURN_NORM;
 	}
 	
-	if(NULL!=x509_handle->cert_info)
+	if(NULL!=x509_handle)
 	{
 		/*version*/
 		int ver = X509_get_version(x509_handle);
@@ -1056,20 +1076,20 @@ UCHAR  fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream,  struct
 				1 + strlen((const char *)g_astCertVersions[ver].pcString));
 
 		/*serial num*/
-		if(NULL!=x509_handle->cert_info->serialNumber)
-		{
-			a_ssl_stream->stSSLCert->SSLSerialNumLen = x509_handle->cert_info->serialNumber->length;
-			memcpy(a_ssl_stream->stSSLCert->SSLSerialNum, 
-					x509_handle->cert_info->serialNumber->data, 
-					MIN(x509_handle->cert_info->serialNumber->length,sizeof(a_ssl_stream->stSSLCert->SSLSerialNum)));
-		}		
-
-		/*SSL AgID*/		
-		ASN1_OBJECT* salg  = x509_handle->cert_info->signature->algorithm;
+		serial = X509_get_serialNumber(x509_handle);
+		if (NULL != serial)
+    	{
+            a_ssl_stream->stSSLCert->SSLSerialNumLen = MIN(ASN1_STRING_length(serial), sizeof(a_ssl_stream->stSSLCert->SSLSerialNum));
+        	memcpy(a_ssl_stream->stSSLCert->SSLSerialNum, ASN1_STRING_get0_data(serial), a_ssl_stream->stSSLCert->SSLSerialNumLen);
+    	}
+
+		/*SSL AgID*/
+        tsig_alg = X509_get0_tbs_sigalg(x509_handle);
+        X509_ALGOR_get0(&salg, NULL, NULL, tsig_alg);
 		OBJ_obj2txt(a_ssl_stream->stSSLCert->SSLAgID, sizeof(a_ssl_stream->stSSLCert->SSLAgID), salg, 1);
 
 		/*SSL Issuer*/
-		X509_NAME* issuer = X509_get_issuer_name(x509_handle);
+		issuer = X509_get_issuer_name(x509_handle);
 		if(NULL!=issuer)
 		{
 			X509_NAME_get_text_by_NID(issuer, NID_commonName, a_ssl_stream->stSSLCert->SSLIssuerCN, sizeof(a_ssl_stream->stSSLCert->SSLIssuerCN));
@@ -1094,7 +1114,7 @@ UCHAR  fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream,  struct
 		}
 
 		/*SSL Subject*/
-		X509_NAME* subject = X509_get_subject_name(x509_handle);
+		subject = X509_get_subject_name(x509_handle);
 		if(NULL!=subject)
 		{
 			X509_NAME_get_text_by_NID(subject, NID_commonName, a_ssl_stream->stSSLCert->SSLSubCN, sizeof(a_ssl_stream->stSSLCert->SSLSubCN));
@@ -1124,7 +1144,7 @@ UCHAR  fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream,  struct
 		}
 
 		/*SSL Subject keyInfo*/
-		EVP_PKEY* pkey = X509_get_pubkey(x509_handle);
+		pkey = X509_get_pubkey(x509_handle);
 		if(pkey!=NULL)
 		{
 			int pkeyLen=0;			
@@ -1137,25 +1157,21 @@ UCHAR  fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream,  struct
 		}		
 				
 		/*validity*/
-		ASN1_TIME *start = X509_get_notBefore(x509_handle);
-		ASN1_TIME *end = X509_get_notAfter(x509_handle);
+		start = X509_get_notBefore(x509_handle);
+		end = X509_get_notAfter(x509_handle);
 		sprintf(a_ssl_stream->stSSLCert->SSLFrom, "%s", start->data);
 		sprintf(a_ssl_stream->stSSLCert->SSLTo, "%s", end->data);				
 
 		/*subject bak*/	
-		GENERAL_NAMES* subjectAltNames = (GENERAL_NAMES*)X509_get_ext_d2i(x509_handle, NID_subject_alt_name, NULL, NULL);  
+		subjectAltNames = (GENERAL_NAMES*)X509_get_ext_d2i(x509_handle, NID_subject_alt_name, NULL, NULL);  
 		if(!subjectAltNames) goto cert_return;
-		int cnt = sk_GENERAL_NAME_num(subjectAltNames);
-		char* san = NULL;
-		ASN1_STRING *san_name;
-		GENERAL_NAME* generalName;
+		cnt = sk_GENERAL_NAME_num(subjectAltNames);
 		if(cnt>0)
 		{			
 			a_ssl_stream->stSSLCert->SSLSubAltName = (st_san_t*)dictator_malloc(thread_seq, sizeof(st_san_t));
 			a_ssl_stream->stSSLCert->SSLSubAltName->san_array = (san_t*)dictator_malloc(thread_seq, cnt*sizeof(san_t));
 			memset(a_ssl_stream->stSSLCert->SSLSubAltName->san_array,0,cnt*sizeof(san_t));
 			a_ssl_stream->stSSLCert->SSLSubAltName->count = 0;
-			int i=0;
 			for (i = 0; i < cnt; i++)
 			{       
 				generalName = sk_GENERAL_NAME_value(subjectAltNames, i);
@@ -1165,7 +1181,7 @@ UCHAR  fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream,  struct
 					san_name = (ASN1_STRING*)GENERAL_NAME_get0_value(generalName, NULL);
 					if(ASN1_STRING_length(san_name)>0)
 					{
-						san = (char*)ASN1_STRING_data(san_name);
+						san = (char*)ASN1_STRING_get0_data(san_name);
 						snprintf(a_ssl_stream->stSSLCert->SSLSubAltName->san_array[a_ssl_stream->stSSLCert->SSLSubAltName->count].san,
 								 sizeof(a_ssl_stream->stSSLCert->SSLSubAltName->san_array[a_ssl_stream->stSSLCert->SSLSubAltName->count].san),
 								 "%s",
@@ -1178,76 +1194,7 @@ UCHAR  fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream,  struct
 		if(subjectAltNames)
 		{
 			GENERAL_NAMES_free(subjectAltNames);
-		}		
-
-		/*extension*/	
-		/*SCT*/
-		/*
-		GENERAL_NAMES* subjectAltNames = (GENERAL_NAMES*)X509_get_ext_d2i(x509_handle, NID_subject_alt_name, NULL, NULL);  
-		if(!subjectAltNames) goto cert_return;
-		int cnt = sk_GENERAL_NAME_num(subjectAltNames);
-		char* san = NULL;
-		ASN1_STRING *san_name;
-		GENERAL_NAME* generalName;
-		if(cnt>0)
-		{			
-			a_ssl_stream->stSSLCert->SSLSubAltName = (st_san_t*)dictator_malloc(thread_seq, sizeof(st_san_t));
-			a_ssl_stream->stSSLCert->SSLSubAltName->san_array = (san_t*)dictator_malloc(thread_seq, cnt*sizeof(san_t));
-			memset(a_ssl_stream->stSSLCert->SSLSubAltName->san_array,0,cnt*sizeof(san_t));
-			a_ssl_stream->stSSLCert->SSLSubAltName->count = 0;
-			for (int i = 0; i < cnt; i++)
-			{       
-				generalName = sk_GENERAL_NAME_value(subjectAltNames, i);
-				if(!generalName) goto cert_return;
-				if(GEN_DNS == generalName->type)
-				{
-					san_name = (ASN1_STRING*)GENERAL_NAME_get0_value(generalName, NULL);
-					if(ASN1_STRING_length(san_name)>0)
-					{
-						san = (char*)ASN1_STRING_data(san_name);
-						snprintf(a_ssl_stream->stSSLCert->SSLSubAltName->san_array[a_ssl_stream->stSSLCert->SSLSubAltName->count].san,
-								 sizeof(a_ssl_stream->stSSLCert->SSLSubAltName->san_array[a_ssl_stream->stSSLCert->SSLSubAltName->count].san),
-								 "%s",
-								 san);						
-						a_ssl_stream->stSSLCert->SSLSubAltName->count++;
-					}	
-				}			
-			}
-		
-		/* GET ALL EXTENSION
-		int ext_num = X509_get_ext_count(x509_handle);
-		X509_EXTENSION* ext;
-		ASN1_OBJECT* obj;
-		int oid; 
-		STACK_OF(CONF_VALUE)* item;
-		int item_num=0;
-		CONF_VALUE *val;
-		for(int i=0;i<ext_num;i++)
-		{
-			ext = X509_get_ext(x509_handle, i);
-			if(ext!=NULL)
-			{
-				item = X509V3_parse_list((const char *)ext->value->data);
-				item_num = sk_CONF_VALUE_num(item);
-				for (int j = 0; j<item_num; j++) 
-				{
-					val = sk_CONF_VALUE_value(item, i);
-					//val->section;
-					//val->name;
-				}
-				obj = X509_EXTENSION_get_object(ext);
-				if(obj!=NULL)
-				{
-					oid = OBJ_obj2nid(obj);
-					///*SCT:  Signed Certificate Timestamp; OID is 1.3.6.1.4.1.11129.2.4.2; NID: NID_ct_cert_scts
-					if(oid=SCT_OID)
-					{						
-													 
-					}
-				}				
-			}			
 		}
-		*/
 	}	
 
 cert_return:
diff --git a/support/CMakeLists.txt b/support/CMakeLists.txt
new file mode 100644
index 0000000..db6c0e1
--- /dev/null
+++ b/support/CMakeLists.txt
@@ -0,0 +1,28 @@
+# CMakeFiles for 3rd vendor library
+
+include(ExternalProject)
+
+### OpenSSL 1.1.1m
+ExternalProject_Add(openssl PREFIX openssl
+        URL ${CMAKE_CURRENT_SOURCE_DIR}/openssl-1.1.1m.tar.gz
+        URL_MD5 8ec70f665c145c3103f6e330f538a9db
+        CONFIGURE_COMMAND ./Configure  linux-x86_64 --prefix=<INSTALL_DIR> --openssldir=<INSTALL_DIR>/lib/ssl -fPIC no-shared 
+		BUILD_COMMAND ${MAKE_COMMAND}
+		INSTALL_COMMAND make install_sw
+        BUILD_IN_SOURCE 1)
+
+ExternalProject_Get_Property(openssl INSTALL_DIR)
+set(OPENSSL_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)
+set(OPENSSL_LINK_DIRECTORIES ${INSTALL_DIR}/lib)
+set(OPENSSL_PKGCONFIG_PATH ${INSTALL_DIR}/lib/pkgconfig/)
+file(MAKE_DIRECTORY ${INSTALL_DIR}/include)
+
+add_library(openssl-crypto-static STATIC IMPORTED GLOBAL)
+add_dependencies(openssl-crypto-static openssl)
+set_property(TARGET openssl-crypto-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libcrypto.a)
+set_property(TARGET openssl-crypto-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)
+
+add_library(openssl-ssl-static STATIC IMPORTED GLOBAL)
+add_dependencies(openssl-ssl-static openssl)
+set_property(TARGET openssl-ssl-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libssl.a)
+set_property(TARGET openssl-ssl-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include)
diff --git a/support/openssl-1.1.1m.tar.gz b/support/openssl-1.1.1m.tar.gz
new file mode 100644
index 0000000..2db4ee8
--- /dev/null
+++ b/support/openssl-1.1.1m.tar.gz
author	刘学利 <[email protected]>	2022-03-16 07:19:54 +0000
committer	刘学利 <[email protected]>	2022-03-16 07:19:54 +0000
commit	270a31cfaa6b5f7df8aab8fc7d39f63a23809071 (patch)
tree	cfaa3fdc6d5c9724e2df31655b6dea8bf32cab71
parent	6d9ed75b88c1b65e036a26b2c430e49ae4fc4c1c (diff)