merge 1.11.2

This commit is contained in:
Alex Fabijanic 2022-04-16 21:10:45 +02:00
commit 7b051851b6
12 changed files with 138 additions and 51 deletions

View File

@ -74,7 +74,20 @@ jobs:
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- run: brew install openssl@1.1 mysql-client unixodbc libpq - run: brew install openssl@1.1 mysql-client unixodbc libpq
- run: cmake -H. -Bcmake-build -DENABLE_PDF=OFF -DENABLE_TESTS=ON -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl -DMYSQL_ROOT_DIR=/usr/local/opt/mysql-client && cmake --build cmake-build --target all - run: cmake -H. -Bcmake-build -DENABLE_PDF=OFF -DENABLE_TESTS=ON -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@1.1 -DMYSQL_ROOT_DIR=/usr/local/opt/mysql-client && cmake --build cmake-build --target all
- run: >-
cd cmake-build &&
sudo -s
CPPUNIT_IGNORE="N7CppUnit10TestCallerI10ThreadTestEE.testTrySleep,N7CppUnit10TestCallerI13TimestampTestEE.testTimestamp,N7CppUnit10TestCallerI18ExpireLRUCacheTestEE.testExpireN,N7CppUnit10TestCallerI18ExpireLRUCacheTestEE.testAccessExpireN,N7CppUnit10TestCallerI24UniqueExpireLRUCacheTestEE.testExpireN,N7CppUnit10TestCallerI18ExpireLRUCacheTestEE.testAccessExpireN,N7CppUnit10TestCallerI11PollSetTestEE.testPollClosedServer"
PWD=`pwd`
ctest --output-on-failure -E "(DataMySQL)|(DataODBC)|(PostgreSQL)|(MongoDB)|(Redis)"
macos-clang-cmake-openssl3:
runs-on: macos-10.15
steps:
- uses: actions/checkout@v2
- run: brew install openssl@3 mysql-client unixodbc libpq
- run: cmake -H. -Bcmake-build -DENABLE_PDF=OFF -DENABLE_TESTS=ON -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@3 -DMYSQL_ROOT_DIR=/usr/local/opt/mysql-client && cmake --build cmake-build --target all
- run: >- - run: >-
cd cmake-build && cd cmake-build &&
sudo -s sudo -s

View File

@ -29,7 +29,7 @@
{ {
"name": "Mac", "name": "Mac",
"intelliSenseMode": "clang-x64", "intelliSenseMode": "clang-x64",
"includePath": ["${pocoIncludePath}"], "includePath": ["${pocoIncludePath}", "/usr/local/opt/openssl@3/include"],
"macFrameworkPath": ["/System/Library/Frameworks"], "macFrameworkPath": ["/System/Library/Frameworks"],
"defines": [], "defines": [],
"forcedInclude": [], "forcedInclude": [],

View File

@ -1,9 +1,37 @@
This is the changelog file for the POCO C++ Libraries. This is the changelog file for the POCO C++ Libraries.
Release 1.11.2 (2022-02-XX) Release 1.11.2 (2022-04-16)
=========================== ===========================
- TODO - GH #2882: Handle negative DST offset
- GH #3268: Poco redis command set have a bug when you want to set nx ex or expireTime
- GH #3338: NamedMutex does not work on Linux distributions where fs.protected_regular=1
- GH #3448: Basic support for OpenSSL 3.0.0
- GH #3458: encryptString() crash on redhat/centos 8 with FIPS enabled using md5 default digest
- GH #3465: NetSSL_Win: bad error handling when decodeMessage() fails
- GH #3466: DefinePlatformSpecific.cmake: handle RelWithDebInfo and MinSizeRel configurations
- GH #3470: bug in JSON ParseHandler.cpp (RFC 7159 should be valid)
- GH #3472: Add Windows 11 detection to Environment_WIN32U
- GH #3483: Adds Windows 11 and Server 2022 to Environment::osDisplayName()
- GH #3485: Adds Visual Studio 2022 (v170) to buildwin.cmd
- GH #3495: Should the Array::operator[] throw?
- GH #3500: Sandbox all iFrames in PocoDoc
- GH #3504: OpenSSL 3 compatibility
- GH #3505: JSON::PrintHandler.value(bool) prints incorrect value
- GH #3507: Reference counting for bound configuration in Util::Option is broken
- GH #3508: #3507: Fix bound configuration reference counting in Poco::Util::Option.
- GH #3509: fix dst and utcOffset handling for Dublin time zone
- GH #3515: NetSSL_OpenSSL Testsuite: testInterop() and testProxy() fail due to changed certificate
- GH #3518: Expat version check in #defines incorrect.
- GH #3519: Add convertation to string in Redis Command#set
- GH #3524: [linux] Why is Poco::XML linked to Poco::Zip target?
- GH #3525: Bad management of file in case of OpenSSLException in X509Certificate::readPEM and X509Certificate::writePEM
- GH #3538: Upgrade bundled expat to 2.4.7
- GH #3544: Add back NIOS2 double conversion detection to fix compile errors
- GH #3549: Test against the correct signatures in the JWT ES384 and ES512 tests
- GH #3553: Upgrade bundled zlib to 1.2.12
- GH #3559: Poco::Data::PostgreSQL - DateTime extraction truncates fractional seconds
- GH #3563: Remove support for OpenSSL < 1.0
Release 1.11.1 (2021-11-05) Release 1.11.1 (2021-11-05)

View File

@ -49,6 +49,11 @@
#endif #endif
#if OPENSSL_VERSION_NUMBER < 0x10000000L
#error "OpenSSL version too old. At least OpenSSL 1.0.0 is required."
#endif
enum RSAPaddingMode enum RSAPaddingMode
/// The padding mode used for RSA public key encryption. /// The padding mode used for RSA public key encryption.
{ {

View File

@ -74,16 +74,22 @@ protected:
SEEDSIZE = 256 SEEDSIZE = 256
}; };
#if OPENSSL_VERSION_NUMBER < 0x10100000L
// OpenSSL multithreading support // OpenSSL multithreading support
static void lock(int mode, int n, const char* file, int line); static void lock(int mode, int n, const char* file, int line);
static unsigned long id(); static unsigned long id();
static struct CRYPTO_dynlock_value* dynlockCreate(const char* file, int line); static struct CRYPTO_dynlock_value* dynlockCreate(const char* file, int line);
static void dynlock(int mode, struct CRYPTO_dynlock_value* lock, const char* file, int line); static void dynlock(int mode, struct CRYPTO_dynlock_value* lock, const char* file, int line);
static void dynlockDestroy(struct CRYPTO_dynlock_value* lock, const char* file, int line); static void dynlockDestroy(struct CRYPTO_dynlock_value* lock, const char* file, int line);
#endif
private: private:
static Poco::FastMutex* _mutexes;
static Poco::AtomicCounter _rc; static Poco::AtomicCounter _rc;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
static Poco::FastMutex* _mutexes;
#endif
#if OPENSSL_VERSION_NUMBER >= 0x30000000L #if OPENSSL_VERSION_NUMBER >= 0x30000000L
static OSSL_PROVIDER* _defaultProvider; static OSSL_PROVIDER* _defaultProvider;
static OSSL_PROVIDER* _legacyProvider; static OSSL_PROVIDER* _legacyProvider;

View File

@ -21,9 +21,7 @@
#include "Poco/StreamCopier.h" #include "Poco/StreamCopier.h"
#include <sstream> #include <sstream>
#include <openssl/evp.h> #include <openssl/evp.h>
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
#include <openssl/bn.h> #include <openssl/bn.h>
#endif
namespace Poco { namespace Poco {

View File

@ -13,15 +13,16 @@
#include "Poco/Crypto/OpenSSLInitializer.h" #include "Poco/Crypto/OpenSSLInitializer.h"
#include "Poco/Crypto/CryptoException.h"
#include "Poco/RandomStream.h" #include "Poco/RandomStream.h"
#include "Poco/Thread.h" #include "Poco/Thread.h"
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include <openssl/err.h> #include <openssl/err.h>
#if OPENSSL_VERSION_NUMBER >= 0x0907000L
#include <openssl/conf.h> #include <openssl/conf.h>
#endif
#if defined(POCO_OS_FAMILY_WINDOWS) #if defined(POCO_OS_FAMILY_WINDOWS)
#define POCO_STR_HELPER(x) #x #define POCO_STR_HELPER(x) #x
#define POCO_STR(x) POCO_STR_HELPER(x) #define POCO_STR(x) POCO_STR_HELPER(x)
@ -58,8 +59,12 @@ namespace Poco {
namespace Crypto { namespace Crypto {
Poco::FastMutex* OpenSSLInitializer::_mutexes(0);
Poco::AtomicCounter OpenSSLInitializer::_rc; Poco::AtomicCounter OpenSSLInitializer::_rc;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
Poco::FastMutex* OpenSSLInitializer::_mutexes(0);
#endif
#if OPENSSL_VERSION_NUMBER >= 0x30000000L #if OPENSSL_VERSION_NUMBER >= 0x30000000L
OSSL_PROVIDER* OpenSSLInitializer::_defaultProvider(0); OSSL_PROVIDER* OpenSSLInitializer::_defaultProvider(0);
OSSL_PROVIDER* OpenSSLInitializer::_legacyProvider(0); OSSL_PROVIDER* OpenSSLInitializer::_legacyProvider(0);
@ -91,23 +96,15 @@ void OpenSSLInitializer::initialize()
{ {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L #if OPENSSL_VERSION_NUMBER >= 0x10100000L
CONF_modules_load(NULL, NULL, 0); CONF_modules_load(NULL, NULL, 0);
#elif OPENSSL_VERSION_NUMBER >= 0x0907000L #else
OPENSSL_config(NULL); OPENSSL_config(NULL);
#endif #endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_library_init(); SSL_library_init();
SSL_load_error_strings(); SSL_load_error_strings();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
_defaultProvider = OSSL_PROVIDER_load(NULL, "default");
_legacyProvider = OSSL_PROVIDER_load(NULL, "legacy");
#endif
char seed[SEEDSIZE];
RandomInputStream rnd;
rnd.read(seed, sizeof(seed));
RAND_seed(seed, SEEDSIZE);
int nMutexes = CRYPTO_num_locks(); int nMutexes = CRYPTO_num_locks();
_mutexes = new Poco::FastMutex[nMutexes]; _mutexes = new Poco::FastMutex[nMutexes];
CRYPTO_set_locking_callback(&OpenSSLInitializer::lock); CRYPTO_set_locking_callback(&OpenSSLInitializer::lock);
@ -124,6 +121,25 @@ void OpenSSLInitializer::initialize()
CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate); CRYPTO_set_dynlock_create_callback(&OpenSSLInitializer::dynlockCreate);
CRYPTO_set_dynlock_lock_callback(&OpenSSLInitializer::dynlock); CRYPTO_set_dynlock_lock_callback(&OpenSSLInitializer::dynlock);
CRYPTO_set_dynlock_destroy_callback(&OpenSSLInitializer::dynlockDestroy); CRYPTO_set_dynlock_destroy_callback(&OpenSSLInitializer::dynlockDestroy);
char seed[SEEDSIZE];
RandomInputStream rnd;
rnd.read(seed, sizeof(seed));
RAND_seed(seed, SEEDSIZE);
#endif
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (!_defaultProvider)
{
_defaultProvider = OSSL_PROVIDER_load(NULL, "default");
if (!_defaultProvider) throw CryptoException("Failed to load OpenSSL default provider");
}
if (!_legacyProvider)
{
_legacyProvider = OSSL_PROVIDER_load(NULL, "legacy");
if (!_defaultProvider) throw CryptoException("Failed to load OpenSSL legacy provider");
}
#endif
} }
} }
@ -132,6 +148,7 @@ void OpenSSLInitializer::uninitialize()
{ {
if (--_rc == 0) if (--_rc == 0)
{ {
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_cleanup(); EVP_cleanup();
ERR_free_strings(); ERR_free_strings();
CRYPTO_set_locking_callback(0); CRYPTO_set_locking_callback(0);
@ -139,17 +156,15 @@ void OpenSSLInitializer::uninitialize()
CRYPTO_set_id_callback(0); CRYPTO_set_id_callback(0);
#endif #endif
delete [] _mutexes; delete [] _mutexes;
CONF_modules_free();
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
OSSL_PROVIDER_unload(_defaultProvider);
OSSL_PROVIDER_unload(_legacyProvider);
#endif #endif
} }
} }
#if OPENSSL_VERSION_NUMBER < 0x10100000L
void OpenSSLInitializer::lock(int mode, int n, const char* file, int line) void OpenSSLInitializer::lock(int mode, int n, const char* file, int line)
{ {
if (mode & CRYPTO_LOCK) if (mode & CRYPTO_LOCK)
@ -191,6 +206,9 @@ void OpenSSLInitializer::dynlockDestroy(struct CRYPTO_dynlock_value* lock, const
} }
#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
void initializeCrypto() void initializeCrypto()
{ {
OpenSSLInitializer::initialize(); OpenSSLInitializer::initialize();

View File

@ -21,9 +21,7 @@
#include <openssl/pem.h> #include <openssl/pem.h>
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
#include <openssl/bn.h> #include <openssl/bn.h>
#endif
namespace Poco { namespace Poco {
@ -66,7 +64,6 @@ RSAKeyImpl::RSAKeyImpl(const PKCS12Container& cont):
RSAKeyImpl::RSAKeyImpl(int keyLength, unsigned long exponent): KeyPairImpl("rsa", KT_RSA_IMPL), RSAKeyImpl::RSAKeyImpl(int keyLength, unsigned long exponent): KeyPairImpl("rsa", KT_RSA_IMPL),
_pRSA(0) _pRSA(0)
{ {
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
_pRSA = RSA_new(); _pRSA = RSA_new();
int ret = 0; int ret = 0;
BIGNUM* bn = 0; BIGNUM* bn = 0;
@ -83,10 +80,6 @@ RSAKeyImpl::RSAKeyImpl(int keyLength, unsigned long exponent): KeyPairImpl("rsa"
throw; throw;
} }
if (!ret) throw Poco::InvalidArgumentException("Failed to create RSA context"); if (!ret) throw Poco::InvalidArgumentException("Failed to create RSA context");
#else
_pRSA = RSA_generate_key(keyLength, exponent, 0, 0);
if (!_pRSA) throw Poco::InvalidArgumentException("Failed to create RSA context");
#endif
} }

View File

@ -314,7 +314,7 @@ bool Extractor::extract(std::size_t pos, DateTime& val)
int tzd = -1; int tzd = -1;
DateTime dateTime; DateTime dateTime;
if (!DateTimeParser::tryParse(outputParameter.pData(), dateTime, tzd)) if (!DateTimeParser::tryParse("%Y-%m-%d %H:%M:%s", outputParameter.pData(), dateTime, tzd))
{ {
return false; return false;
} }

View File

@ -824,7 +824,7 @@ void Context::initECDH(const std::string& curve)
throw SSLContextException("Cannot set ECDH groups", groups); throw SSLContextException("Cannot set ECDH groups", groups);
} }
SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_ECDH_USE); SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_ECDH_USE);
#elif OPENSSL_VERSION_NUMBER >= 0x0090800fL #else
int nid = 0; int nid = 0;
if (!curve.empty()) if (!curve.empty())
{ {

View File

@ -157,12 +157,10 @@ void SecureSocketImpl::connectSSL(bool performHandshake)
} }
SSL_set_bio(_pSSL, pBIO, pBIO); SSL_set_bio(_pSSL, pBIO, pBIO);
#if OPENSSL_VERSION_NUMBER >= 0x0908060L && !defined(OPENSSL_NO_TLSEXT)
if (!_peerHostName.empty()) if (!_peerHostName.empty())
{ {
SSL_set_tlsext_host_name(_pSSL, _peerHostName.c_str()); SSL_set_tlsext_host_name(_pSSL, _peerHostName.c_str());
} }
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10001000L #if OPENSSL_VERSION_NUMBER >= 0x10001000L
if(_pContext->ocspStaplingResponseVerificationEnabled()) if(_pContext->ocspStaplingResponseVerificationEnabled())

View File

@ -5,7 +5,35 @@ AAAIntroduction
!!Summary of Changes !!Summary of Changes
- TODO - GH #2882: Handle negative DST offset
- GH #3268: Poco redis command set have a bug when you want to set nx ex or expireTime
- GH #3338: NamedMutex does not work on Linux distributions where fs.protected_regular=1
- GH #3448: Basic support for OpenSSL 3.0.0
- GH #3458: encryptString() crash on redhat/centos 8 with FIPS enabled using md5 default digest
- GH #3465: NetSSL_Win: bad error handling when decodeMessage() fails
- GH #3466: DefinePlatformSpecific.cmake: handle RelWithDebInfo and MinSizeRel configurations
- GH #3470: bug in JSON ParseHandler.cpp (RFC 7159 should be valid)
- GH #3472: Add Windows 11 detection to Environment_WIN32U
- GH #3483: Adds Windows 11 and Server 2022 to Environment::osDisplayName()
- GH #3485: Adds Visual Studio 2022 (v170) to buildwin.cmd
- GH #3495: Should the Array::operator[] throw?
- GH #3500: Sandbox all iFrames in PocoDoc
- GH #3504: OpenSSL 3 compatibility
- GH #3505: JSON::PrintHandler.value(bool) prints incorrect value
- GH #3507: Reference counting for bound configuration in Util::Option is broken
- GH #3508: #3507: Fix bound configuration reference counting in Poco::Util::Option.
- GH #3509: fix dst and utcOffset handling for Dublin time zone
- GH #3515: NetSSL_OpenSSL Testsuite: testInterop() and testProxy() fail due to changed certificate
- GH #3518: Expat version check in #defines incorrect.
- GH #3519: Add convertation to string in Redis Command#set
- GH #3524: [linux] Why is Poco::XML linked to Poco::Zip target?
- GH #3525: Bad management of file in case of OpenSSLException in X509Certificate::readPEM and X509Certificate::writePEM
- GH #3538: Upgrade bundled expat to 2.4.7
- GH #3544: Add back NIOS2 double conversion detection to fix compile errors
- GH #3549: Test against the correct signatures in the JWT ES384 and ES512 tests
- GH #3553: Upgrade bundled zlib to 1.2.12
- GH #3559: Poco::Data::PostgreSQL - DateTime extraction truncates fractional seconds
- GH #3563: Remove support for OpenSSL < 1.0
!!!Release 1.11.1 !!!Release 1.11.1