merge 1.11.2

.github/workflows/ci.yml

@@ -74,7 +74,20 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - run: brew install openssl@1.1 mysql-client unixodbc libpq
-      - run: cmake -H. -Bcmake-build -DENABLE_PDF=OFF -DENABLE_TESTS=ON -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl -DMYSQL_ROOT_DIR=/usr/local/opt/mysql-client && cmake --build cmake-build --target all
+      - run: cmake -H. -Bcmake-build -DENABLE_PDF=OFF -DENABLE_TESTS=ON -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@1.1 -DMYSQL_ROOT_DIR=/usr/local/opt/mysql-client && cmake --build cmake-build --target all
+      - run: >-
+          cd cmake-build &&
+          sudo -s
+          CPPUNIT_IGNORE="N7CppUnit10TestCallerI10ThreadTestEE.testTrySleep,N7CppUnit10TestCallerI13TimestampTestEE.testTimestamp,N7CppUnit10TestCallerI18ExpireLRUCacheTestEE.testExpireN,N7CppUnit10TestCallerI18ExpireLRUCacheTestEE.testAccessExpireN,N7CppUnit10TestCallerI24UniqueExpireLRUCacheTestEE.testExpireN,N7CppUnit10TestCallerI18ExpireLRUCacheTestEE.testAccessExpireN,N7CppUnit10TestCallerI11PollSetTestEE.testPollClosedServer"
+          PWD=`pwd`
+          ctest --output-on-failure -E "(DataMySQL)|(DataODBC)|(PostgreSQL)|(MongoDB)|(Redis)"
+
+  macos-clang-cmake-openssl3:
+    runs-on: macos-10.15
+    steps:
+      - uses: actions/checkout@v2
+      - run: brew install openssl@3 mysql-client unixodbc libpq
+      - run: cmake -H. -Bcmake-build -DENABLE_PDF=OFF -DENABLE_TESTS=ON -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@3 -DMYSQL_ROOT_DIR=/usr/local/opt/mysql-client && cmake --build cmake-build --target all
       - run: >-
           cd cmake-build &&
           sudo -s

.vscode/c_cpp_properties.json

@@ -29,7 +29,7 @@
     {
       "name": "Mac",
       "intelliSenseMode": "clang-x64",
-      "includePath": ["${pocoIncludePath}"],
+      "includePath": ["${pocoIncludePath}", "/usr/local/opt/openssl@3/include"],
       "macFrameworkPath": ["/System/Library/Frameworks"],
       "defines": [],
       "forcedInclude": [],

CHANGELOG

@@ -1,9 +1,37 @@
 This is the changelog file for the POCO C++ Libraries.
 
-Release 1.11.2 (2022-02-XX)
+Release 1.11.2 (2022-04-16)
 ===========================
 
-- TODO
+- GH #2882: Handle negative DST offset
+- GH #3268: Poco redis command set have a bug when you want to set nx ex or expireTime
+- GH #3338: NamedMutex does not work on Linux distributions where fs.protected_regular=1
+- GH #3448: Basic support for OpenSSL 3.0.0
+- GH #3458: encryptString() crash on redhat/centos 8 with FIPS enabled using md5 default digest
+- GH #3465: NetSSL_Win: bad error handling when decodeMessage() fails
+- GH #3466: DefinePlatformSpecific.cmake: handle RelWithDebInfo and MinSizeRel configurations
+- GH #3470: bug in JSON ParseHandler.cpp (RFC 7159 should be valid)
+- GH #3472: Add Windows 11 detection to Environment_WIN32U
+- GH #3483: Adds Windows 11 and Server 2022 to Environment::osDisplayName()
+- GH #3485: Adds Visual Studio 2022 (v170) to buildwin.cmd
+- GH #3495: Should the Array::operator[] throw?
+- GH #3500: Sandbox all iFrames in PocoDoc
+- GH #3504: OpenSSL 3 compatibility
+- GH #3505: JSON::PrintHandler.value(bool) prints incorrect value
+- GH #3507: Reference counting for bound configuration in Util::Option is broken
+- GH #3508: #3507: Fix bound configuration reference counting in Poco::Util::Option.
+- GH #3509: fix dst and utcOffset handling for Dublin time zone
+- GH #3515: NetSSL_OpenSSL Testsuite: testInterop() and testProxy() fail due to changed certificate
+- GH #3518: Expat version check in #defines incorrect.
+- GH #3519: Add convertation to string in Redis Command#set
+- GH #3524: [linux] Why is Poco::XML linked to Poco::Zip target?
+- GH #3525: Bad management of file in case of OpenSSLException in X509Certificate::readPEM and X509Certificate::writePEM
+- GH #3538: Upgrade bundled expat to 2.4.7
+- GH #3544: Add back NIOS2 double conversion detection to fix compile errors
+- GH #3549: Test against the correct signatures in the JWT ES384 and ES512 tests
+- GH #3553: Upgrade bundled zlib to 1.2.12
+- GH #3559: Poco::Data::PostgreSQL - DateTime extraction truncates fractional seconds
+- GH #3563: Remove support for OpenSSL < 1.0
 
 
 Release 1.11.1 (2021-11-05)

Crypto/include/Poco/Crypto/Crypto.h

@@ -49,6 +49,11 @@
 #endif
 
 
+#if OPENSSL_VERSION_NUMBER < 0x10000000L
+#error "OpenSSL version too old. At least OpenSSL 1.0.0 is required."
+#endif
+
+
 enum RSAPaddingMode
 	/// The padding mode used for RSA public key encryption.
 {

Crypto/include/Poco/Crypto/OpenSSLInitializer.h

@@ -74,16 +74,22 @@ protected:
 		SEEDSIZE = 256
 	};
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	// OpenSSL multithreading support
 	static void lock(int mode, int n, const char* file, int line);
 	static unsigned long id();
 	static struct CRYPTO_dynlock_value* dynlockCreate(const char* file, int line);
 	static void dynlock(int mode, struct CRYPTO_dynlock_value* lock, const char* file, int line);
 	static void dynlockDestroy(struct CRYPTO_dynlock_value* lock, const char* file, int line);
+#endif
 
 private:
-	static Poco::FastMutex* _mutexes;
 	static Poco::AtomicCounter _rc;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	static Poco::FastMutex* _mutexes;
+#endif
+
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	static OSSL_PROVIDER* _defaultProvider;
 	static OSSL_PROVIDER* _legacyProvider;

Crypto/src/ECKeyImpl.cpp

@@ -21,9 +21,7 @@
 #include "Poco/StreamCopier.h"
 #include <sstream>
 #include <openssl/evp.h>
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
 #include <openssl/bn.h>
-#endif
 
 
 namespace Poco {
@@ -78,8 +76,8 @@ ECKeyImpl::ECKeyImpl(int curve):
 }
 
 
-ECKeyImpl::ECKeyImpl(const std::string& publicKeyFile, 
-	const std::string& privateKeyFile, 
+ECKeyImpl::ECKeyImpl(const std::string& publicKeyFile,
+	const std::string& privateKeyFile,
 	const std::string& privateKeyPassphrase): KeyPairImpl("ec", KT_EC_IMPL), _pEC(0)
 {
 	if (EVPPKey::loadKey(&_pEC, PEM_read_PrivateKey, EVP_PKEY_get1_EC_KEY, privateKeyFile, privateKeyPassphrase))

Crypto/src/OpenSSLInitializer.cpp

@@ -13,15 +13,16 @@
 
 
 #include "Poco/Crypto/OpenSSLInitializer.h"
+#include "Poco/Crypto/CryptoException.h"
 #include "Poco/RandomStream.h"
 #include "Poco/Thread.h"
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
-#if OPENSSL_VERSION_NUMBER >= 0x0907000L
 #include <openssl/conf.h>
-#endif
+
+
 #if defined(POCO_OS_FAMILY_WINDOWS)
 	#define POCO_STR_HELPER(x) #x
 	#define POCO_STR(x) POCO_STR_HELPER(x)
@@ -58,8 +59,12 @@ namespace Poco {
 namespace Crypto {
 
 
-Poco::FastMutex* OpenSSLInitializer::_mutexes(0);
 Poco::AtomicCounter OpenSSLInitializer::_rc;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+Poco::FastMutex* OpenSSLInitializer::_mutexes(0);
+#endif
+
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 OSSL_PROVIDER* OpenSSLInitializer::_defaultProvider(0);
 OSSL_PROVIDER* OpenSSLInitializer::_legacyProvider(0);
@@ -91,23 +96,15 @@ void OpenSSLInitializer::initialize()
 	{
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 		CONF_modules_load(NULL, NULL, 0);
-#elif OPENSSL_VERSION_NUMBER >= 0x0907000L
+#else
 		OPENSSL_config(NULL);
 #endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		SSL_library_init();
 		SSL_load_error_strings();
 		OpenSSL_add_all_algorithms();
 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		_defaultProvider = OSSL_PROVIDER_load(NULL, "default");
-		_legacyProvider  = OSSL_PROVIDER_load(NULL, "legacy");
-#endif
-
-		char seed[SEEDSIZE];
-		RandomInputStream rnd;
-		rnd.read(seed, sizeof(seed));
-		RAND_seed(seed, SEEDSIZE);
-
 		int nMutexes = CRYPTO_num_locks();
 		_mutexes = new Poco::FastMutex[nMutexes];
 		CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
@@ -124,6 +121,25 @@ void OpenSSLInitializer::initialize()
 		CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate);
 		CRYPTO_set_dynlock_lock_callback(&OpenSSLInitializer::dynlock);
 		CRYPTO_set_dynlock_destroy_callback(&OpenSSLInitializer::dynlockDestroy);
+
+		char seed[SEEDSIZE];
+		RandomInputStream rnd;
+		rnd.read(seed, sizeof(seed));
+		RAND_seed(seed, SEEDSIZE);
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		if (!_defaultProvider)
+		{
+			_defaultProvider = OSSL_PROVIDER_load(NULL, "default");
+			if (!_defaultProvider) throw CryptoException("Failed to load OpenSSL default provider");
+		}
+		if (!_legacyProvider)
+		{
+			_legacyProvider  = OSSL_PROVIDER_load(NULL, "legacy");
+			if (!_defaultProvider) throw CryptoException("Failed to load OpenSSL legacy provider");
+		}
+#endif
 	}
 }
 
@@ -132,6 +148,7 @@ void OpenSSLInitializer::uninitialize()
 {
 	if (--_rc == 0)
 	{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		EVP_cleanup();
 		ERR_free_strings();
 		CRYPTO_set_locking_callback(0);
@@ -139,17 +156,15 @@ void OpenSSLInitializer::uninitialize()
 		CRYPTO_set_id_callback(0);
 #endif
 		delete [] _mutexes;
-
-		CONF_modules_free();
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		OSSL_PROVIDER_unload(_defaultProvider);
-		OSSL_PROVIDER_unload(_legacyProvider);
 #endif
+
 	}
 }
 
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+
 void OpenSSLInitializer::lock(int mode, int n, const char* file, int line)
 {
 	if (mode & CRYPTO_LOCK)
@@ -191,6 +206,9 @@ void OpenSSLInitializer::dynlockDestroy(struct CRYPTO_dynlock_value* lock, const
 }
 
 
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
+
+
 void initializeCrypto()
 {
 	OpenSSLInitializer::initialize();

Crypto/src/RSAKeyImpl.cpp

@@ -21,9 +21,7 @@
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
 #include <openssl/bn.h>
-#endif
 
 
 namespace Poco {
@@ -66,7 +64,6 @@ RSAKeyImpl::RSAKeyImpl(const PKCS12Container& cont):
 RSAKeyImpl::RSAKeyImpl(int keyLength, unsigned long exponent): KeyPairImpl("rsa", KT_RSA_IMPL),
 	_pRSA(0)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
 	_pRSA = RSA_new();
 	int ret = 0;
 	BIGNUM* bn = 0;
@@ -83,15 +80,11 @@ RSAKeyImpl::RSAKeyImpl(int keyLength, unsigned long exponent): KeyPairImpl("rsa"
 		throw;
 	}
 	if (!ret) throw Poco::InvalidArgumentException("Failed to create RSA context");
-#else
-	_pRSA = RSA_generate_key(keyLength, exponent, 0, 0);
-	if (!_pRSA) throw Poco::InvalidArgumentException("Failed to create RSA context");
-#endif
 }
 
 
-RSAKeyImpl::RSAKeyImpl(const std::string& publicKeyFile, 
-	const std::string& privateKeyFile, 
+RSAKeyImpl::RSAKeyImpl(const std::string& publicKeyFile,
+	const std::string& privateKeyFile,
 	const std::string& privateKeyPassphrase): KeyPairImpl("rsa", KT_RSA_IMPL),
 		_pRSA(0)
 {
@@ -109,7 +102,7 @@ RSAKeyImpl::RSAKeyImpl(const std::string& publicKeyFile,
 			if (!pubKey)
 			{
 				int rc = BIO_reset(bio);
-				// BIO_reset() normally returns 1 for success and 0 or -1 for failure. 
+				// BIO_reset() normally returns 1 for success and 0 or -1 for failure.
 				// File BIOs are an exception, they return 0 for success and -1 for failure.
 				if (rc != 0) throw Poco::FileException("Failed to load public key", publicKeyFile);
 				pubKey = PEM_read_bio_RSA_PUBKEY(bio, &_pRSA, 0, 0);
@@ -174,7 +167,7 @@ RSAKeyImpl::RSAKeyImpl(std::istream* pPublicKeyStream,
 		if (!publicKey)
 		{
 			int rc = BIO_reset(bio);
-			// BIO_reset() normally returns 1 for success and 0 or -1 for failure. 
+			// BIO_reset() normally returns 1 for success and 0 or -1 for failure.
 			// File BIOs are an exception, they return 0 for success and -1 for failure.
 			if (rc != 1) throw Poco::FileException("Failed to load public key");
 			publicKey = PEM_read_bio_RSA_PUBKEY(bio, &_pRSA, 0, 0);
@@ -293,7 +286,7 @@ void RSAKeyImpl::save(const std::string& publicKeyFile,
 		}
 		BIO_free(bio);
 	}
-	
+
 	if (!privateKeyFile.empty())
 	{
 		BIO* bio = BIO_new(BIO_s_file());
@@ -306,8 +299,8 @@ void RSAKeyImpl::save(const std::string& publicKeyFile,
 				if (privateKeyPassphrase.empty())
 					rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, 0, 0, 0, 0, 0);
 				else
-					rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), 
-						reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())), 
+					rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(),
+						reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())),
 						static_cast<int>(privateKeyPassphrase.length()), 0, 0);
 				if (!rc) throw Poco::FileException("Failed to write private key to file", privateKeyFile);
 			}
@@ -350,10 +343,10 @@ void RSAKeyImpl::save(std::ostream* pPublicKeyStream,
 		if (privateKeyPassphrase.empty())
 			rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, 0, 0, 0, 0, 0);
 		else
-			rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(), 
-				reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())), 
+			rc = PEM_write_bio_RSAPrivateKey(bio, _pRSA, EVP_des_ede3_cbc(),
+				reinterpret_cast<unsigned char*>(const_cast<char*>(privateKeyPassphrase.c_str())),
 				static_cast<int>(privateKeyPassphrase.length()), 0, 0);
-		if (!rc) 
+		if (!rc)
 		{
 			BIO_free(bio);
 			throw Poco::FileException("Failed to write private key to stream");

Data/PostgreSQL/src/Extractor.cpp

@@ -314,7 +314,7 @@ bool Extractor::extract(std::size_t pos, DateTime& val)
 
 	int tzd = -1;
 	DateTime dateTime;
-	if (!DateTimeParser::tryParse(outputParameter.pData(), dateTime, tzd))
+	if (!DateTimeParser::tryParse("%Y-%m-%d %H:%M:%s", outputParameter.pData(), dateTime, tzd))
 	{
 		return false;
 	}

NetSSL_OpenSSL/src/Context.cpp

@@ -824,7 +824,7 @@ void Context::initECDH(const std::string& curve)
  		throw SSLContextException("Cannot set ECDH groups", groups);
  	}
  	SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_ECDH_USE);
- #elif OPENSSL_VERSION_NUMBER >= 0x0090800fL
+ #else
 	int nid = 0;
 	if (!curve.empty())
 	{

NetSSL_OpenSSL/src/SecureSocketImpl.cpp

@@ -157,12 +157,10 @@ void SecureSocketImpl::connectSSL(bool performHandshake)
 	}
 	SSL_set_bio(_pSSL, pBIO, pBIO);
 
-#if OPENSSL_VERSION_NUMBER >= 0x0908060L && !defined(OPENSSL_NO_TLSEXT)
 	if (!_peerHostName.empty())
 	{
 		SSL_set_tlsext_host_name(_pSSL, _peerHostName.c_str());
 	}
-#endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x10001000L
 	if(_pContext->ocspStaplingResponseVerificationEnabled())

doc/99100-ReleaseNotes.page

@@ -5,7 +5,35 @@ AAAIntroduction
 
 !!Summary of Changes
 
-  - TODO
+  - GH #2882: Handle negative DST offset
+  - GH #3268: Poco redis command set have a bug when you want to set nx ex or expireTime
+  - GH #3338: NamedMutex does not work on Linux distributions where fs.protected_regular=1
+  - GH #3448: Basic support for OpenSSL 3.0.0
+  - GH #3458: encryptString() crash on redhat/centos 8 with FIPS enabled using md5 default digest
+  - GH #3465: NetSSL_Win: bad error handling when decodeMessage() fails
+  - GH #3466: DefinePlatformSpecific.cmake: handle RelWithDebInfo and MinSizeRel configurations
+  - GH #3470: bug in JSON ParseHandler.cpp (RFC 7159 should be valid)
+  - GH #3472: Add Windows 11 detection to Environment_WIN32U
+  - GH #3483: Adds Windows 11 and Server 2022 to Environment::osDisplayName()
+  - GH #3485: Adds Visual Studio 2022 (v170) to buildwin.cmd
+  - GH #3495: Should the Array::operator[] throw?
+  - GH #3500: Sandbox all iFrames in PocoDoc
+  - GH #3504: OpenSSL 3 compatibility
+  - GH #3505: JSON::PrintHandler.value(bool) prints incorrect value
+  - GH #3507: Reference counting for bound configuration in Util::Option is broken
+  - GH #3508: #3507: Fix bound configuration reference counting in Poco::Util::Option.
+  - GH #3509: fix dst and utcOffset handling for Dublin time zone
+  - GH #3515: NetSSL_OpenSSL Testsuite: testInterop() and testProxy() fail due to changed certificate
+  - GH #3518: Expat version check in #defines incorrect.
+  - GH #3519: Add convertation to string in Redis Command#set
+  - GH #3524: [linux] Why is Poco::XML linked to Poco::Zip target?
+  - GH #3525: Bad management of file in case of OpenSSLException in X509Certificate::readPEM and X509Certificate::writePEM
+  - GH #3538: Upgrade bundled expat to 2.4.7
+  - GH #3544: Add back NIOS2 double conversion detection to fix compile errors
+  - GH #3549: Test against the correct signatures in the JWT ES384 and ES512 tests
+  - GH #3553: Upgrade bundled zlib to 1.2.12
+  - GH #3559: Poco::Data::PostgreSQL - DateTime extraction truncates fractional seconds
+  - GH #3563: Remove support for OpenSSL < 1.0
 
 
 !!!Release 1.11.1