Index: cups/http.c =================================================================== --- cups/http.c (revision 5393) +++ cups/http.c (working copy) @@ -2041,7 +2041,7 @@ size_t processed; /* Number of bytes processed */ - error = SSLRead((SSLContextRef)http->tls, buf, len, &processed); + error = SSLRead(((http_tls_t *)http->tls)->session, buf, len, &processed); switch (error) { @@ -2224,8 +2224,9 @@ gnutls_certificate_client_credentials *credentials; /* TLS credentials */ # elif defined(HAVE_CDSASSL) - SSLContextRef conn; /* Context for encryption */ - OSStatus error; /* Error info */ + OSStatus error; /* Error code */ + http_tls_t *conn; /* CDSA connection information */ + cdsa_conn_ref_t u; /* Connection reference union */ # endif /* HAVE_LIBSSL */ @@ -2303,45 +2304,51 @@ conn->credentials = credentials; # elif defined(HAVE_CDSASSL) - cdsa_conn_ref_t u; /* Connection reference union */ + conn = (http_tls_t *)calloc(1, sizeof(http_tls_t)); + if (conn == NULL) + return (-1); - error = SSLNewContext(false, &conn); - - if (!error) - error = SSLSetIOFuncs(conn, _httpReadCDSA, _httpWriteCDSA); - - if (!error) + if ((error = SSLNewContext(false, &conn->session))) { - /* - * Use a union to resolve warnings about int/pointer size mismatches... - */ + http->error = error; + http->status = HTTP_ERROR; - u.connection = NULL; - u.sock = http->fd; - error = SSLSetConnection(conn, u.connection); + free(conn); + return (-1); } + /* + * Use a union to resolve warnings about int/pointer size mismatches... + */ + + u.connection = NULL; + u.sock = http->fd; + error = SSLSetConnection(conn->session, u.connection); + if (!error) - error = SSLSetAllowsExpiredCerts(conn, true); + error = SSLSetIOFuncs(conn->session, _httpReadCDSA, _httpWriteCDSA); if (!error) - error = SSLSetAllowsAnyRoot(conn, true); + error = SSLSetAllowsExpiredCerts(conn->session, true); if (!error) + error = SSLSetAllowsAnyRoot(conn->session, true); + + if (!error) { - while ((error = SSLHandshake(conn)) == errSSLWouldBlock) + while ((error = SSLHandshake(conn->session)) == errSSLWouldBlock) usleep(1000); } - if (error != 0) + if (error) { http->error = error; http->status = HTTP_ERROR; - SSLDisposeContext(conn); + SSLDisposeContext(conn->session); - close(http->fd); + free(conn); return (-1); } @@ -2389,10 +2396,19 @@ free(conn); # elif defined(HAVE_CDSASSL) - while (SSLClose((SSLContextRef)http->tls) == errSSLWouldBlock) + http_tls_t *conn; /* CDSA connection information */ + + conn = (http_tls_t *)(http->tls); + + while (SSLClose(conn->session) == errSSLWouldBlock) usleep(1000); - SSLDisposeContext((SSLContextRef)http->tls); + SSLDisposeContext(conn->session); + + if (conn->certsArray) + CFRelease(conn->certsArray); + + free(conn); # endif /* HAVE_LIBSSL */ http->tls = NULL; @@ -2529,7 +2545,7 @@ # elif defined(HAVE_CDSASSL) size_t bytes; /* Bytes that are available */ - if (!SSLGetBufferedReadSize((SSLContextRef)http->tls, &bytes) && bytes > 0) + if (!SSLGetBufferedReadSize(((http_tls_t *)http->tls)->session, &bytes) && bytes > 0) return (1); # endif /* HAVE_LIBSSL */ } @@ -2745,7 +2761,7 @@ size_t processed; /* Number of bytes processed */ - error = SSLWrite((SSLContextRef)http->tls, buf, len, &processed); + error = SSLWrite(((http_tls_t *)http->tls)->session, buf, len, &processed); switch (error) { Index: cups/http-private.h =================================================================== --- cups/http-private.h (revision 5393) +++ cups/http-private.h (working copy) @@ -98,7 +98,11 @@ # include -typedef SSLConnectionRef http_tls_t; +typedef struct /**** CDSA connection information ****/ +{ + SSLContextRef session; /* CDSA session object */ + CFArrayRef certsArray; /* Certificates array */ +} http_tls_t; typedef union _cdsa_conn_ref_u /**** CDSA Connection reference union **** used to resolve 64-bit casting Index: scheduler/client.c =================================================================== --- scheduler/client.c (revision 5393) +++ scheduler/client.c (working copy) @@ -462,6 +462,8 @@ int error; /* Error code */ gnutls_certificate_server_credentials *credentials; /* TLS credentials */ +# elif defined(HAVE_CDSASSL) + http_tls_t *conn; /* CDSA connection information */ #endif /* HAVE_LIBSSL */ @@ -530,10 +532,17 @@ free(conn); # elif defined(HAVE_CDSASSL) - while (SSLClose((SSLContextRef)con->http.tls) == errSSLWouldBlock) + conn = (http_tls_t *)(con->http.tls); + + while (SSLClose(conn->session) == errSSLWouldBlock) usleep(1000); - SSLDisposeContext((SSLContextRef)con->http.tls); + SSLDisposeContext(conn->session); + + if (conn->certsArray) + CFRelease(conn->certsArray); + + free(conn); # endif /* HAVE_LIBSSL */ con->http.tls = NULL; @@ -2564,7 +2573,7 @@ * Create the SSL object and perform the SSL handshake... */ - conn = (http_tls_t *)malloc(sizeof(gnutls_session)); + conn = (http_tls_t *)malloc(sizeof(http_tls_t)); if (conn == NULL) return (0); @@ -2618,23 +2627,21 @@ return (1); # elif defined(HAVE_CDSASSL) - OSStatus error; /* Error info */ - SSLContextRef conn; /* New connection */ - CFArrayRef certificatesArray; - /* Array containing certificates */ - int allowExpired; /* Allow expired certificates? */ - int allowAnyRoot; /* Allow any root certificate? */ - cdsa_conn_ref_t u; /* Connection reference union */ + OSStatus error; /* Error code */ + http_tls_t *conn; /* CDSA connection information */ + cdsa_conn_ref_t u; /* Connection reference union */ - conn = NULL; - error = SSLNewContext(true, &conn); - allowExpired = 1; - allowAnyRoot = 1; + conn = (http_tls_t *)malloc(sizeof(http_tls_t)); - certificatesArray = get_cdsa_server_certs(); + if (conn == NULL) + return (0); - if (!certificatesArray) + error = 0; + conn->session = NULL; + conn->certsArray = get_cdsa_server_certs(); + + if (!conn->certsArray) { cupsdLogMessage(CUPSD_LOG_ERROR, "EncryptClient: Could not find signing key in keychain " @@ -2643,12 +2650,15 @@ } if (!error) - error = SSLSetIOFuncs(conn, _httpReadCDSA, _httpWriteCDSA); + error = SSLNewContext(true, &conn->session); if (!error) - error = SSLSetProtocolVersion(conn, kSSLProtocol3); + error = SSLSetIOFuncs(conn->session, _httpReadCDSA, _httpWriteCDSA); if (!error) + error = SSLSetProtocolVersion(conn->session, kSSLProtocol3); + + if (!error) { /* * Use a union to resolve warnings about int/pointer size mismatches... @@ -2656,38 +2666,25 @@ u.connection = NULL; u.sock = con->http.fd; - error = SSLSetConnection(conn, u.connection); + error = SSLSetConnection(conn->session, u.connection); } if (!error) - error = SSLSetPeerDomainName(conn, ServerName, strlen(ServerName) + 1); + error = SSLSetAllowsExpiredCerts(conn->session, true); - /* - * Have to set these options before setting server certs... - */ + if (!error) + error = SSLSetAllowsAnyRoot(conn->session, true); - if (!error && allowExpired) - error = SSLSetAllowsExpiredCerts(conn, true); - - if (!error && allowAnyRoot) - error = SSLSetAllowsAnyRoot(conn, true); - if (!error) - error = SSLSetCertificate(conn, certificatesArray); + error = SSLSetCertificate(conn->session, conn->certsArray); - if (certificatesArray) - { - CFRelease(certificatesArray); - certificatesArray = NULL; - } - if (!error) { /* * Perform SSL/TLS handshake */ - while ((error = SSLHandshake(conn)) == errSSLWouldBlock) + while ((error = SSLHandshake(conn->session)) == errSSLWouldBlock) usleep(1000); } @@ -2703,9 +2700,14 @@ con->http.error = error; con->http.status = HTTP_ERROR; - if (conn != NULL) - SSLDisposeContext(conn); + if (conn->session != NULL) + SSLDisposeContext(conn->session); + if (conn->certsArray) + CFRelease(conn->certsArray); + + free(conn); + return (0); }