upgrade hunter and pin version of openssl
diff --git a/CMakeLists.txt b/CMakeLists.txt
index b578005..1fc7796 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -19,14 +19,13 @@
# Debug information
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -fno-omit-frame-pointer")
+#SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-rtti")
+#SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-rtti")
+
include("cmake/HunterGate.cmake")
-#HunterGate(
-# URL "https://github.com/ruslo/hunter/archive/v0.16.31.tar.gz"
-# SHA1 "8fcc0a2d6206e1f2c6fc011e3e694e388d030b53"
-#)
HunterGate(
- URL "https://github.com/ruslo/hunter/archive/v0.18.16.tar.gz"
- SHA1 "6cbca2b0e7605ad8ea22ee3527850996436f71b8"
+ URL "https://github.com/ruslo/hunter/archive/v0.18.44.tar.gz"
+ SHA1 "a78f0b377b8e53c038f12fc18b0c02564c4534c8"
)
@@ -55,6 +54,8 @@
#SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -z noexecstack -z relro -z now")
# Boost
+#add_definitions(-DBOOST_NO_RTTI -DBOOST_NO_TYPEID)
+
#add_definitions(-DBOOST_ASIO_ENABLE_HANDLER_TRACKING)
add_definitions(-DBOOST_ERROR_CODE_HEADER_ONLY)
add_definitions(-DBOOST_SYSTEM_NO_DEPRECATED)
@@ -75,9 +76,9 @@
file(GLOB_RECURSE HEADER_FILES ${LOG_SRC}/*.hpp)
IF (MSVC OR MINGW)
- list(REMOVE_ITEM SRC_FILES ${LOG_SRC}/crashhandler_unix.cpp)
+ list(REMOVE_ITEM SRC_FILES ${LOG_SRC}/crashhandler_unix.cpp)
ELSE()
- list(REMOVE_ITEM SRC_FILES ${LOG_SRC}/crashhandler_windows.cpp ${LOG_SRC}/g3log/stacktrace_windows.hpp ${LOG_SRC}/stacktrace_windows.cpp)
+ list(REMOVE_ITEM SRC_FILES ${LOG_SRC}/crashhandler_windows.cpp ${LOG_SRC}/g3log/stacktrace_windows.hpp ${LOG_SRC}/stacktrace_windows.cpp)
ENDIF (MSVC OR MINGW)
# Create the g3log library
diff --git a/cmake/Hunter/config.cmake b/cmake/Hunter/config.cmake
new file mode 100644
index 0000000..473cecb
--- /dev/null
+++ b/cmake/Hunter/config.cmake
@@ -0,0 +1 @@
+hunter_config(OpenSSL VERSION 1.0.2k)
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp
index eef4d55..5cd29a8 100644
--- a/include/ssl_key_handler.hpp
+++ b/include/ssl_key_handler.hpp
@@ -11,9 +11,9 @@
#include <openssl/rand.h>
#include <openssl/rsa.h>
#include <openssl/ssl.h>
-#include <boost/asio.hpp>
#include <g3log/g3log.hpp>
#include <random>
+#include <boost/asio.hpp>
namespace ensuressl {
static void init_openssl(void);
@@ -33,38 +33,26 @@
EVP_PKEY *pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL);
int rc;
if (pkey) {
- int type = EVP_PKEY_type(pkey->type);
- switch (type) {
- case EVP_PKEY_RSA:
- case EVP_PKEY_RSA2: {
- LOG(DEBUG) << "Found an RSA key";
- RSA *rsa = EVP_PKEY_get1_RSA(pkey);
- if (rsa) {
- if (RSA_check_key(rsa) == 1) {
- // private_key_valid = true;
- } else {
- LOG(WARNING) << "Key not valid error number " << ERR_get_error();
- }
- RSA_free(rsa);
- }
- break;
+ RSA *rsa = EVP_PKEY_get1_RSA(pkey);
+ if (rsa) {
+ LOG(DEBUG) << "Found an RSA key";
+ if (RSA_check_key(rsa) == 1) {
+ // private_key_valid = true;
+ } else {
+ LOG(WARNING) << "Key not valid error number " << ERR_get_error();
}
- case EVP_PKEY_EC: {
+ RSA_free(rsa);
+ } else {
+ EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
+ if (ec) {
LOG(DEBUG) << "Found an EC key";
- EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
- if (ec) {
- if (EC_KEY_check_key(ec) == 1) {
- private_key_valid = true;
- } else {
- LOG(WARNING) << "Key not valid error number " << ERR_get_error();
- }
- EC_KEY_free(ec);
+ if (EC_KEY_check_key(ec) == 1) {
+ private_key_valid = true;
+ } else {
+ LOG(WARNING) << "Key not valid error number " << ERR_get_error();
}
- break;
+ EC_KEY_free(ec);
}
- default:
- LOG(WARNING) << "Found an unrecognized key type " << type;
- break;
}
if (private_key_valid) {
@@ -158,9 +146,13 @@
EVP_PKEY *create_rsa_key(void) {
RSA *pRSA = NULL;
- EVP_PKEY *pKey = NULL;
+#if OPENSSL_VERSION_NUMBER < 0x00908000L
pRSA = RSA_generate_key(2048, RSA_3, NULL, NULL);
- pKey = EVP_PKEY_new();
+#else
+ RSA_generate_key_ex(pRSA, 2048, NULL, NULL);
+#endif
+
+ EVP_PKEY *pKey = EVP_PKEY_new();
if (pRSA && pKey && EVP_PKEY_assign_RSA(pKey, pRSA)) {
/* pKey owns pRSA from now */
if (RSA_check_key(pRSA) <= 0) {
@@ -206,18 +198,19 @@
}
void init_openssl(void) {
- if (SSL_library_init()) {
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
RAND_load_file("/dev/urandom", 1024);
- } else
- exit(EXIT_FAILURE);
+#endif
}
void cleanup_openssl(void) {
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_remove_thread_state(0);
+#endif
EVP_cleanup();
}
diff --git a/src/token_authorization_middleware.cpp b/src/token_authorization_middleware.cpp
index bf164c8..4bac9b4 100644
--- a/src/token_authorization_middleware.cpp
+++ b/src/token_authorization_middleware.cpp
@@ -34,8 +34,6 @@
res.end();
};
- CROW_LOG_DEBUG << "Token Auth Got route " << req.url;
-
if (req.url == "/" || boost::starts_with(req.url, "/static/")) {
// TODO this is total hackery to allow the login page to work before the
// user is authenticated. Also, it will be quite slow for all pages instead