Netssl/openssl3 (#3575)

* feat(Context): DH init openssl3 port (1/2 hardcoded params)

* create poco-1.11.3 branch, bump version

* update copyright date

* #3567: check legacy provider existence for legacy exception #3567

* fix(Placeholder): comparison for zero value

* feat(Context): DH init openssl3 port (2/2 params from file)

* test(HTTPSClientSession): try/catch to understand CI failure

* chore(cmake): copy the DH parameters file

* fix(OpenSSLInitializer): unload provider on uninitialize

* chore(HTTPSClientSessionTest): remove try/catch

* fix(OpenSSLInitializer): fix provider unloading

* feat(CppUnit): make tests exceptions more descriptive

* chore(CppUnit): a more descriptive name for callback

Co-authored-by: Günter Obiltschnig <guenter.obiltschnig@appinf.com>

ActiveRecord/Compiler/src/Compiler.cpp

@@ -78,7 +78,7 @@ protected:
 		helpFormatter.setHeader(
 			"\n"
 			"The POCO C++ Libraries ActiveRecord ORM Compiler.\n"
-			"Copyright (c) 2020-2021 by Applied Informatics Software Engineering GmbH.\n"
+			"Copyright (c) 2020-2022 by Applied Informatics Software Engineering GmbH.\n"
 			"All rights reserved.\n\n"
 			"This program generates C++ source code from an ActiveRecord "
 			"XML definition. "

CHANGELOG

@@ -1,5 +1,11 @@
 This is the changelog file for the POCO C++ Libraries.
 
+Release 1.11.2 (2022-05-XX)
+===========================
+
+- TODO
+
+
 Release 1.11.2 (2022-04-16)
 ===========================
 

CppUnit/include/CppUnit/Test.h

@@ -10,6 +10,7 @@
 #include "CppUnit/CppUnit.h"
 #include <string>
 #include <vector>
+#include <functional>
 
 
 namespace CppUnit {
@@ -33,8 +34,10 @@ public:
 	};
 
 public:
+	using Callback = std::function<std::string(const std::exception&)>;
+
 	virtual ~Test() = 0;
-	virtual void run(TestResult* result) = 0;
+	virtual void run(TestResult* result, const Callback& callback = nullptr) = 0;
 	virtual int countTestCases() const = 0;
 	virtual std::string toString() const = 0;
 	virtual Test::Type getType() const = 0;
@@ -43,7 +46,7 @@ public:
 	const std::vector<std::string>& setup() const;
 
 private:
-	std::vector<std::string>	_setup;
+	std::vector<std::string> _setup;
 };
 
 
@@ -53,7 +56,7 @@ inline Test::~Test()
 
 
 // Runs a test and collects its result in a TestResult instance.
-inline void Test::run(TestResult *result)
+inline void Test::run(TestResult *result, const Callback& callback)
 {
 }
 

CppUnit/include/CppUnit/TestCase.h

@@ -90,7 +90,7 @@ public:
 	TestCase(const std::string& Name, Test::Type testType = Test::Normal);
 	~TestCase();
 
-	virtual void run(TestResult* result);
+	virtual void run(TestResult* result, const Test::Callback& callback = nullptr);
 	virtual TestResult* run();
 	virtual int countTestCases() const;
 	virtual std::string toString() const;

CppUnit/include/CppUnit/TestDecorator.h

@@ -35,7 +35,7 @@ public:
 
 	int countTestCases() const;
 
-	void run(TestResult* result);
+	void run(TestResult* result, const Test::Callback& callback);
 
 	std::string toString() const;
 

CppUnit/include/CppUnit/TestRunner.h

@@ -8,20 +8,19 @@
 
 
 #include "CppUnit/CppUnit.h"
+#include "CppUnit/Test.h"
 #include <vector>
 #include <string>
 #include <ostream>
 #if defined(POCO_VXWORKS)
 #include <cstdarg>
 #endif
+#include "Poco/Exception.h"
 
 
 namespace CppUnit {
 
 
-class Test;
-
-
 /*
  * A command line based tool to run tests.
  * TestRunner expects as its only argument the name of a TestCase class.
@@ -46,7 +45,7 @@ public:
 	TestRunner(std::ostream& ostr);
 	~TestRunner();
 
-	bool run(const std::vector<std::string>& args);
+	bool run(const std::vector<std::string>& args, const Test::Callback& callback = nullptr);
 	void addTest(const std::string& name, Test* test);
 
 protected:
@@ -85,6 +84,16 @@ private:
 		return runner.run(args) ? 0 : 1; \
 	}
 #else
+#define CppUnitPocoExceptionText(exc) \
+	CppUnit::Test::Callback exc = [] (const std::exception& ex) \
+	{ \
+		std::string text; \
+		const Poco::Exception* pEx = dynamic_cast<const Poco::Exception*>(&ex); \
+		if (pEx) text = pEx->displayText(); \
+		else text = ex.what(); \
+		return text; \
+	}
+
 #define CppUnitMain(testCase) \
 	int main(int ac, char **av)							\
 	{													\
@@ -93,7 +102,8 @@ private:
 			args.push_back(std::string(av[i]));			\
 		CppUnit::TestRunner runner;						\
 		runner.addTest(#testCase, testCase::suite());	\
-		return runner.run(args) ? 0 : 1;				\
+		CppUnitPocoExceptionText(exc);					\
+		return runner.run(args, exc) ? 0 : 1;			\
 	}
 #endif
 

CppUnit/include/CppUnit/TestSuite.h

@@ -41,7 +41,7 @@ public:
 	TestSuite(const std::string& name = "");
 	~TestSuite();
 
-	void run(TestResult* result);
+	void run(TestResult* result, const Test::Callback& callback = nullptr);
 	int countTestCases() const;
 	void addTest(Test* test);
 	std::string toString() const;

CppUnit/src/TestCase.cpp

@@ -106,7 +106,7 @@ void TestCase::warn(const std::string& message, long lineNumber, const std::stri
 
 
 // Run the test and catch any exceptions that are triggered by it
-void TestCase::run(TestResult *result)
+void TestCase::run(TestResult *result, const Test::Callback& callback)
 {
 	result->startTest(this);
 
@@ -123,8 +123,7 @@ void TestCase::run(TestResult *result)
 	catch (std::exception& e)
 	{
 		std::string msg(typeid(e).name());
-		msg.append(": ");
+		msg.append(":\n").append(callback(e));
-		msg.append(e.what());
 		result->addError(this, new CppUnitException(msg));
 	}
 	catch (...)

CppUnit/src/TestDecorator.cpp

@@ -26,7 +26,7 @@ int TestDecorator::countTestCases() const
 }
 
 
-void TestDecorator::run(TestResult* result)
+void TestDecorator::run(TestResult* result, const Test::Callback& callback = nullptr)
 {
 	_test->run(result);
 }

CppUnit/src/TestRunner.cpp

@@ -41,7 +41,7 @@ void TestRunner::printBanner()
 }
 
 
-bool TestRunner::run(const std::vector<std::string>& args)
+bool TestRunner::run(const std::vector<std::string>& args, const Test::Callback& callback)
 {
 	std::string testCase;
 	int numberOfTests = 0;
@@ -139,7 +139,7 @@ bool TestRunner::run(const std::vector<std::string>& args)
 		if (setup.size() > 0)
 			testToRun->addSetup(setup);
 
-		testToRun->run(&result);
+		testToRun->run(&result, callback);
 		numberOfTests++;
 	}
 	_ostr << result << std::endl;

CppUnit/src/TestSuite.cpp

@@ -19,7 +19,7 @@ void TestSuite::deleteContents()
 
 
 // Runs the tests and collects their result in a TestResult.
-void TestSuite::run(TestResult *result)
+void TestSuite::run(TestResult *result, const Test::Callback& callback)
 {
 	for (std::vector<Test*>::iterator it = _tests.begin(); it != _tests.end(); ++it) 
 	{
@@ -29,7 +29,7 @@ void TestSuite::run(TestResult *result)
 		Test *test = *it;
 		if (!setup().empty())
 			test->addSetup(setup());
-		test->run(result);
+		test->run(result, callback);
 	}
 }
 

Crypto/include/Poco/Crypto/OpenSSLInitializer.h

@@ -24,6 +24,7 @@
 #include <openssl/crypto.h>
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #include <openssl/provider.h>
+#include <atomic>
 #endif
 #if defined(OPENSSL_FIPS) && OPENSSL_VERSION_NUMBER < 0x010001000L
 #include <openssl/fips.h>
@@ -63,10 +64,10 @@ public:
 		/// Shuts down the OpenSSL machinery.
 
 	static bool isFIPSEnabled();
-		// Returns true if FIPS mode is enabled, false otherwise.
+		/// Returns true if FIPS mode is enabled, false otherwise.
 
 	static void enableFIPSMode(bool enabled);
-		// Enable or disable FIPS mode. If FIPS is not available, this method doesn't do anything.
+		/// Enable or disable FIPS mode. If FIPS is not available, this method doesn't do anything.
 
 protected:
 	enum
@@ -91,8 +92,8 @@ private:
 #endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-	static OSSL_PROVIDER* _defaultProvider;
+	static std::atomic<OSSL_PROVIDER*> _defaultProvider;
-	static OSSL_PROVIDER* _legacyProvider;
+	static std::atomic<OSSL_PROVIDER*> _legacyProvider;
 #endif
 };
 

Crypto/src/OpenSSLInitializer.cpp

@@ -66,8 +66,8 @@ Poco::FastMutex* OpenSSLInitializer::_mutexes(0);
 #endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-OSSL_PROVIDER* OpenSSLInitializer::_defaultProvider(0);
+std::atomic<OSSL_PROVIDER*> OpenSSLInitializer::_defaultProvider(0);
-OSSL_PROVIDER* OpenSSLInitializer::_legacyProvider(0);
+std::atomic<OSSL_PROVIDER*> OpenSSLInitializer::_legacyProvider(0);
 #endif
 
 
@@ -136,8 +136,8 @@ void OpenSSLInitializer::initialize()
 		}
 		if (!_legacyProvider)
 		{
-			_legacyProvider  = OSSL_PROVIDER_load(NULL, "legacy");
+			_legacyProvider = OSSL_PROVIDER_load(NULL, "legacy");
-			if (!_defaultProvider) throw CryptoException("Failed to load OpenSSL legacy provider");
+			if (!_legacyProvider) throw CryptoException("Failed to load OpenSSL legacy provider");
 		}
 #endif
 	}
@@ -157,7 +157,17 @@ void OpenSSLInitializer::uninitialize()
 #endif
 		delete [] _mutexes;
 #endif
-
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		OSSL_PROVIDER* provider = nullptr;
+		if ((provider = _defaultProvider.exchange(nullptr)))
+		{
+			OSSL_PROVIDER_unload(provider);
+		}
+		if ((provider = _legacyProvider.exchange(nullptr)))
+		{
+			OSSL_PROVIDER_unload(provider);
+		}
+#endif
 	}
 }
 

Crypto/testsuite/src/Driver.cpp

@@ -13,6 +13,7 @@
 #include "CppUnit/TestRunner.h"
 #include "CryptoTestSuite.h"
 #include "Poco/Crypto/Crypto.h"
+#include "Poco/Exception.h"
 
 
 class CryptoInitializer
@@ -39,5 +40,6 @@ int main(int ac, char **av)
 		args.push_back(std::string(av[i]));
 	CppUnit::TestRunner runner;
 	runner.addTest("CryptoTestSuite", CryptoTestSuite::suite());
-	return runner.run(args) ? 0 : 1;
+	CppUnitPocoExceptionText (exc);
+	return runner.run(args, exc) ? 0 : 1;
 }

DLLVersion.rc

@@ -4,8 +4,8 @@
 
 #include "winres.h"
 
-#define POCO_VERSION 1,11,2,0
+#define POCO_VERSION 1,11,3,0
-#define POCO_VERSION_STR "1.11.2"
+#define POCO_VERSION_STR "1.11.3"
 
 VS_VERSION_INFO VERSIONINFO
  FILEVERSION POCO_VERSION

Encodings/Compiler/src/TextEncodingCompiler.cpp

@@ -117,7 +117,7 @@ protected:
 		helpFormatter.setHeader(
 			"\n"
 			"The POCO C++ Text Encodings Compiler.\n"
-			"Copyright (c) 2018-2021 by Applied Informatics Software Engineering GmbH.\n"
+			"Copyright (c) 2018-2022 by Applied Informatics Software Engineering GmbH.\n"
 			"All rights reserved.\n\n"
 			"This program compiles Unicode character encoding tables "
 			"from http://www.unicode.org/Public/MAPPINGS/ to TextEncoding "

Foundation/include/Poco/Any.h

@@ -25,10 +25,8 @@
 
 namespace Poco {
 
-
 class Any;
 
-
 namespace Dynamic {
 
 class Var;
@@ -97,8 +95,8 @@ public:
 
 	bool isEmpty() const
 	{
-		char buf[SizeV] = {};
+		static char buf[SizeV+1] = {};
-		return 0 == std::memcmp(holder, buf, SizeV);
+		return 0 == std::memcmp(holder, buf, SizeV+1);
 	}
 
 	bool isLocal() const
@@ -202,6 +200,7 @@ private:
 		return pHolder;
 	}
 
+private:
 #endif // POCO_NO_SOO
 	PlaceholderT* pHolder;
 };

Foundation/include/Poco/Version.h

@@ -35,7 +35,7 @@
 //      Ax: alpha releases
 //      Bx: beta releases
 //
-#define POCO_VERSION 0x010B0200
+#define POCO_VERSION 0x010B0300
 
 
 #endif // Foundation_Version_INCLUDED

Foundation/testsuite/src/AnyTest.cpp

@@ -52,7 +52,7 @@ AnyTest::~AnyTest()
 }
 
 
-void AnyTest::testDefaultCtor()
+void AnyTest::testAnyDefaultCtor()
 {
 	const Any value;
 
@@ -62,7 +62,7 @@ void AnyTest::testDefaultCtor()
 }
 
 
-void AnyTest::testConvertingCtor()
+void AnyTest::testAnyConvertingCtor()
 {
 	std::string text = "test message";
 	Any value = text;
@@ -76,7 +76,7 @@ void AnyTest::testConvertingCtor()
 }
 
 
-void AnyTest::testCopyCtor()
+void AnyTest::testAnyCopyCtor()
 {
 	std::string text = "test message";
 	Any original = text, copy = original;
@@ -89,7 +89,7 @@ void AnyTest::testCopyCtor()
 }
 
 
-void AnyTest::testCopyAssign()
+void AnyTest::testAnyCopyAssign()
 {
 	std::string text = "test message";
 	Any original = text, copy;
@@ -111,7 +111,7 @@ void AnyTest::testCopyAssign()
 }
 
 
-void AnyTest::testConvertingAssign()
+void AnyTest::testAnyConvertingAssign()
 {
 	std::string text = "test message";
 	Any value;
@@ -127,7 +127,7 @@ void AnyTest::testConvertingAssign()
 }
 
 
-void AnyTest::testCastToReference()
+void AnyTest::testAnyCastToReference()
 {
 	Any a(137);
 	const Any b(a);
@@ -168,7 +168,7 @@ void AnyTest::testCastToReference()
 }
 
 
-void AnyTest::testBadCast()
+void AnyTest::testAnyBadCast()
 {
 	std::string text = "test message";
 	Any value = text;
@@ -182,7 +182,7 @@ void AnyTest::testBadCast()
 }
 
 
-void AnyTest::testSwap()
+void AnyTest::testAnySwap()
 {
 	std::string text = "test message";
 	Any original = text, swapped;
@@ -201,7 +201,7 @@ void AnyTest::testSwap()
 }
 
 
-void AnyTest::testEmptyCopy()
+void AnyTest::testAnyEmptyCopy()
 {
 	const Any null;
 	Any copied = null, assigned;
@@ -213,10 +213,12 @@ void AnyTest::testEmptyCopy()
 }
 
 
-void AnyTest::testInt()
+void AnyTest::testAnyInt()
 {
 	Any e;
 	assertTrue (e.empty());
+	e = 0;
+	assertFalse (e.empty());
 
 	Any a = 13;
 	assertTrue (a.type() == typeid(int));
@@ -237,7 +239,7 @@ void AnyTest::testInt()
 }
 
 
-void AnyTest::testComplexType()
+void AnyTest::testAnyComplexType()
 {
 	SomeClass str(13,std::string("hello"));
 	Any a = str;
@@ -253,7 +255,7 @@ void AnyTest::testComplexType()
 }
 
 
-void AnyTest::testVector()
+void AnyTest::testAnyVector()
 {
 	std::vector<int> tmp;
 	tmp.push_back(1);
@@ -290,33 +292,46 @@ void AnyTest::testPlaceholder()
 	assertTrue(ph.isEmpty());
 	assertFalse(ph.isLocal());
 
-		Placeholder<std::shared_ptr<int>> sph;
+	Placeholder<int> phi;
-		assertTrue(sph.isEmpty());
+	assertTrue(phi.isEmpty());
-		assertFalse(sph.isLocal());
+	assertFalse(phi.isLocal());
 
-		int i = **sph.assign<std::shared_ptr<int>, int*>(new int(1));
+	int i = *phi.assign<int, int>(0);
-		assertTrue(1 == i);
+	assertTrue(0 == i);
-		assertFalse(sph.isEmpty());
+	assertFalse(phi.isEmpty());
-		assertTrue(sph.isLocal());
+	assertTrue(phi.isLocal());
 
-		Placeholder<Poco::SharedPtr<int>> psph;
+	phi.erase();
-		assertTrue(psph.isEmpty());
+	assertTrue(phi.isEmpty());
-		assertFalse(psph.isLocal());
+	assertFalse(phi.isLocal());
 
-		i = **psph.assign<Poco::SharedPtr<int>, int*>(new int(2));
+	Placeholder<std::shared_ptr<int>> sph;
-		assertTrue(2 == i);
+	assertTrue(sph.isEmpty());
-		assertFalse(psph.isEmpty());
+	assertFalse(sph.isLocal());
-		assertTrue(psph.isLocal());
 
-		Placeholder<std::vector<int>> vph;
+	i = **sph.assign<std::shared_ptr<int>, int*>(new int(1));
-		assertTrue(vph.isEmpty());
+	assertTrue(1 == i);
-		assertFalse(vph.isLocal());
+	assertFalse(sph.isEmpty());
+	assertTrue(sph.isLocal());
 
-		std::vector<int> inv{1,2,3};
+	Placeholder<Poco::SharedPtr<int>> psph;
-		std::vector<int> outv = *vph.assign<std::vector<int>, std::vector<int>>(inv);
+	assertTrue(psph.isEmpty());
-		assertTrue(inv == outv);
+	assertFalse(psph.isLocal());
-		assertFalse(vph.isEmpty());
+
-		assertTrue(vph.isLocal());
+	i = **psph.assign<Poco::SharedPtr<int>, int*>(new int(2));
+	assertTrue(2 == i);
+	assertFalse(psph.isEmpty());
+	assertTrue(psph.isLocal());
+
+	Placeholder<std::vector<int>> vph;
+	assertTrue(vph.isEmpty());
+	assertFalse(vph.isLocal());
+
+	std::vector<int> inv{1,2,3};
+	std::vector<int> outv = *vph.assign<std::vector<int>, std::vector<int>>(inv);
+	assertTrue(inv == outv);
+	assertFalse(vph.isEmpty());
+	assertTrue(vph.isLocal());
 
 	// ...
 #endif
@@ -337,18 +352,18 @@ CppUnit::Test* AnyTest::suite()
 {
 	CppUnit::TestSuite* pSuite = new CppUnit::TestSuite("AnyTest");
 
-	CppUnit_addTest(pSuite, AnyTest, testConvertingCtor);
+	CppUnit_addTest(pSuite, AnyTest, testAnyConvertingCtor);
-	CppUnit_addTest(pSuite, AnyTest, testDefaultCtor);
+	CppUnit_addTest(pSuite, AnyTest, testAnyDefaultCtor);
-	CppUnit_addTest(pSuite, AnyTest, testCopyCtor);
+	CppUnit_addTest(pSuite, AnyTest, testAnyCopyCtor);
-	CppUnit_addTest(pSuite, AnyTest, testCopyAssign);
+	CppUnit_addTest(pSuite, AnyTest, testAnyCopyAssign);
-	CppUnit_addTest(pSuite, AnyTest, testConvertingAssign);
+	CppUnit_addTest(pSuite, AnyTest, testAnyConvertingAssign);
-	CppUnit_addTest(pSuite, AnyTest, testBadCast);
+	CppUnit_addTest(pSuite, AnyTest, testAnyBadCast);
-	CppUnit_addTest(pSuite, AnyTest, testSwap);
+	CppUnit_addTest(pSuite, AnyTest, testAnySwap);
-	CppUnit_addTest(pSuite, AnyTest, testEmptyCopy);
+	CppUnit_addTest(pSuite, AnyTest, testAnyEmptyCopy);
-	CppUnit_addTest(pSuite, AnyTest, testCastToReference);
+	CppUnit_addTest(pSuite, AnyTest, testAnyCastToReference);
-	CppUnit_addTest(pSuite, AnyTest, testInt);
+	CppUnit_addTest(pSuite, AnyTest, testAnyInt);
-	CppUnit_addTest(pSuite, AnyTest, testComplexType);
+	CppUnit_addTest(pSuite, AnyTest, testAnyComplexType);
-	CppUnit_addTest(pSuite, AnyTest, testVector);
+	CppUnit_addTest(pSuite, AnyTest, testAnyVector);
 	CppUnit_addTest(pSuite, AnyTest, testPlaceholder);
 
 	return pSuite;

Foundation/testsuite/src/AnyTest.h

@@ -23,19 +23,19 @@ public:
 	AnyTest(const std::string& name);
 	~AnyTest();
 
-	void testConvertingCtor();
+	void testAnyConvertingCtor();
-	void testDefaultCtor();
+	void testAnyDefaultCtor();
-	void testCopyCtor();
+	void testAnyCopyCtor();
-	void testCopyAssign();
+	void testAnyCopyAssign();
-	void testConvertingAssign();
+	void testAnyConvertingAssign();
-	void testBadCast();
+	void testAnyBadCast();
-	void testSwap();
+	void testAnySwap();
-	void testEmptyCopy();
+	void testAnyEmptyCopy();
-	void testCastToReference();
+	void testAnyCastToReference();
 
-	void testInt();
+	void testAnyInt();
-	void testComplexType();
+	void testAnyComplexType();
-	void testVector();
+	void testAnyVector();
 
 	void testPlaceholder();
 

NetSSL_OpenSSL/include/Poco/Net/Context.h

@@ -289,6 +289,7 @@ public:
 	void addCertificateAuthority(const Poco::Crypto::X509Certificate& certificate);
 		/// Add one trusted certification authority to be used by the Context.
 
+	//@deprecated
 	void usePrivateKey(const Poco::Crypto::RSAKey& key);
 		/// Sets the private key to be used by the Context.
 		///

NetSSL_OpenSSL/src/Context.cpp

@@ -20,10 +20,17 @@
 #include "Poco/File.h"
 #include "Poco/Path.h"
 #include "Poco/Timestamp.h"
+#include "Poco/Format.h"
+#include "Poco/Error.h"
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/x509v3.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/core_names.h>
+#include <openssl/decoder.h>
+#endif // OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <iostream>
 
 
 namespace Poco {
@@ -727,6 +734,110 @@ void Context::initDH(bool use2048Bits, const std::string& dhParamsFile)
 		0x6C,0xC4,0x16,0x59,
 	};
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+	EVP_PKEY_CTX* pKeyCtx = NULL;
+	OSSL_DECODER_CTX* pOSSLDecodeCtx = NULL;
+	EVP_PKEY* pKey = NULL;
+	bool freeEVPPKey = true;
+	if (!dhParamsFile.empty())
+	{
+		freeEVPPKey = false;
+		pOSSLDecodeCtx = OSSL_DECODER_CTX_new_for_pkey(&pKey, NULL, NULL, "DH",
+				OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, NULL, NULL);
+
+		if (!pOSSLDecodeCtx)
+		{
+			std::string err = Poco::format(
+					"Context::initDH(%s):OSSL_DECODER_CTX_new_for_pkey():OSSL_DECODER_CTX*\n", dhParamsFile);
+			throw Poco::NullPointerException(Poco::Crypto::getError(err));
+		}
+
+		if (!OSSL_DECODER_CTX_get_num_decoders(pOSSLDecodeCtx))
+		{
+			OSSL_DECODER_CTX_free(pOSSLDecodeCtx);
+			throw Poco::Crypto::OpenSSLException(
+				Poco::format("Context::initDH(%s):OSSL_DECODER_CTX_get_num_decoders()=0",
+					dhParamsFile));
+		}
+
+		FILE* pFile = fopen(dhParamsFile.c_str(), "r");
+		if (!pFile)
+		{
+			OSSL_DECODER_CTX_free(pOSSLDecodeCtx);
+			throw Poco::NullPointerException(
+				Poco::format("Context::initDH(%s):fopen()\n%s",
+					dhParamsFile, Poco::Error::getMessage(Poco::Error::last())));
+		}
+
+		if (!OSSL_DECODER_from_fp(pOSSLDecodeCtx, pFile))
+		{
+			fclose(pFile);
+			OSSL_DECODER_CTX_free(pOSSLDecodeCtx);
+			std::string err = Poco::format(
+					"Context::initDH(%s):OSSL_DECODER_from_fp()\n%s", dhParamsFile);
+			throw Poco::Crypto::OpenSSLException(Poco::Crypto::getError(err));
+		}
+		fclose(pFile);
+		OSSL_DECODER_CTX_free(pOSSLDecodeCtx);
+
+		if (!pKey)
+		{
+			std::string err = Poco::format(
+					"Context::initDH(%s):OSSL_DECODER_CTX_new_for_pkey():EVP_PKEY*\n", dhParamsFile);
+			throw Poco::NullPointerException(Poco::Crypto::getError(err));
+		}
+	}
+	else
+	{
+		pKeyCtx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL);
+		if (!pKeyCtx)
+		{
+			std::string err = "Context::initDH():EVP_PKEY_CTX_new_from_name()\n";
+			throw Poco::NullPointerException(Poco::Crypto::getError(err));
+		}
+
+		size_t keyLength = use2048Bits ? 256 : 160;
+		unsigned char* pDH_p = const_cast<unsigned char*>(use2048Bits ? dh2048_p : dh1024_p);
+		std::size_t sz_p = use2048Bits ? sizeof(dh2048_p) : sizeof(dh1024_p);
+		unsigned char* pDH_g = const_cast<unsigned char*>(use2048Bits ? dh2048_g : dh1024_g);
+		std::size_t sz_g = use2048Bits ? sizeof(dh2048_g) : sizeof(dh1024_g);
+		OSSL_PARAM params[]
+		{
+			OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &keyLength),
+			OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, pDH_p, sz_p),
+			OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, pDH_g, sz_g),
+			OSSL_PARAM_END
+		};
+
+		if (1 != EVP_PKEY_fromdata_init(pKeyCtx))
+		{
+			EVP_PKEY_CTX_free(pKeyCtx);
+			std::string err = "Context::initDH():EVP_PKEY_fromdata_init()\n";
+			throw SSLContextException(Poco::Crypto::getError(err));
+		}
+
+		if (1 != EVP_PKEY_fromdata(pKeyCtx, &pKey, EVP_PKEY_KEYPAIR, params))
+		{
+			EVP_PKEY_CTX_free(pKeyCtx);
+			std::string err = "Context::initDH():EVP_PKEY_fromdata()\n";
+			throw SSLContextException(Poco::Crypto::getError(err));
+		}
+		EVP_PKEY_CTX_free(pKeyCtx);
+	}
+
+	if (!pKey)
+	{
+		throw SSLContextException(Poco::format("Context::initDH(%s):EVP_PKEY*", dhParamsFile));
+	}
+
+	SSL_CTX_set0_tmp_dh_pkey(_pSSLContext, pKey);
+	SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_DH_USE);
+
+	if (freeEVPPKey) EVP_PKEY_free(pKey);
+
+#else // OPENSSL_VERSION_NUMBER >= 0x30000000L
+
 	DH* dh = 0;
 	if (!dhParamsFile.empty())
 	{
@@ -752,7 +863,9 @@ void Context::initDH(bool use2048Bits, const std::string& dhParamsFile)
 			std::string msg = Utility::getLastError();
 			throw SSLContextException("Error creating Diffie-Hellman parameters", msg);
 		}
+
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+
 		BIGNUM* p = nullptr;
 		BIGNUM* g = nullptr;
 		if (use2048Bits)
@@ -774,7 +887,9 @@ void Context::initDH(bool use2048Bits, const std::string& dhParamsFile)
 			DH_free(dh);
 			throw SSLContextException("Error creating Diffie-Hellman parameters");
 		}
-#else
+
+#else // OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+
 		if (use2048Bits)
 		{
 			dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), 0);
@@ -792,15 +907,23 @@ void Context::initDH(bool use2048Bits, const std::string& dhParamsFile)
 			DH_free(dh);
 			throw SSLContextException("Error creating Diffie-Hellman parameters");
 		}
-#endif
+
+#endif // OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+
 	}
 	SSL_CTX_set_tmp_dh(_pSSLContext, dh);
 	SSL_CTX_set_options(_pSSLContext, SSL_OP_SINGLE_DH_USE);
 	DH_free(dh);
-#else
+
+#endif // OPENSSL_VERSION_NUMBER >= 0x30000000L
+
+#else // OPENSSL_NO_DH
+
 	if (!dhParamsFile.empty())
-		throw SSLContextException("OpenSSL does not support DH");
+		throw SSLContextException("Implementation does not support DH");
-#endif
+
+#endif // OPENSSL_NO_DH
+
 }
 
 

NetSSL_OpenSSL/src/Utility.cpp

@@ -15,6 +15,7 @@
 #include "Poco/Net/Utility.h"
 #include "Poco/String.h"
 #include "Poco/Util/OptionException.h"
+#include "Poco/Crypto/Crypto.h"
 #include <openssl/err.h>
 
 
@@ -51,14 +52,9 @@ std::string Utility::convertCertificateError(long errCode)
 
 std::string Utility::getLastError()
 {
-	unsigned long errCode = ERR_get_error();
+	std::string msg;
-	if (errCode != 0)
+	Poco::Crypto::getError(msg);
-	{
+	return msg;
-		char buffer[256];
-		ERR_error_string_n(errCode, buffer, sizeof(buffer));
-		return std::string(buffer);
-	}
-	else return "No error";
 }
 
 

NetSSL_OpenSSL/testsuite/CMakeLists.txt

@@ -33,6 +33,7 @@ else()
 		TARGET NetSSL-testrunner POST_BUILD
 		COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/any.pem ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}
 		COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/rootcert.pem ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}
+		COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/dhparams.pem ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}
 		COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/testrunner.xml ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/NetSSL-testrunner.xml
 	)
 endif()

NetSSL_OpenSSL/testsuite/dhparams.pem

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA2ncCy9PIXgKy5X0ZPnJQPWGiOrJId9EenTSNh8DVM6pBitGo34za
+AxeQ/DvwWkurbrs6wP5W3uwEi/3BmyoBRMt8uCaXTGzdrNY508+oV9dnkY+zsMMd
+oblInuDm+jeF1VI60O1T6Yg6B0zVlJyHwG7brBeU3JSJm/Wmic744wNPlcuRLihI
+9YcQgBF2cyNwrjMXPkd2gr7ReTXjZnrghWfC7eDyitpP2lJlNPuKIkheDJ65UrmI
+JZamGyIzPQPtKhofbrv1qjsMuWF66EFc28yDMpbY0zwThYVx/c2XVAJd7uQCkYIJ
+MrRtznUp8yPo+4goNLNJPa8/VEwD/DpVVwIBAg==
+-----END DH PARAMETERS-----

NetSSL_OpenSSL/testsuite/src/Driver.cpp

@@ -37,7 +37,8 @@ public:
 	{
 		CppUnit::TestRunner runner;
 		runner.addTest("NetSSLTestSuite", NetSSLTestSuite::suite());
-		return runner.run(_targs) ? 0 : 1;
+		CppUnitPocoExceptionText (exc);
+		return runner.run(_targs, exc) ? 0 : 1;
 	}
 	
 	void setup(int argc, char** argv)

NetSSL_OpenSSL/testsuite/src/HTTPSClientSessionTest.cpp

@@ -33,8 +33,7 @@
 #include "Poco/DateTimeFormat.h"
 #include "Poco/Thread.h"
 #include "HTTPSTestServer.h"
-#include <istream>
+#include <iostream>
-#include <ostream>
 #include <sstream>
 
 

NetSSL_OpenSSL/testsuite/testrunner.xml

@@ -26,6 +26,7 @@
 			<verificationDepth>9</verificationDepth>
 			<loadDefaultCAFile>true</loadDefaultCAFile>
 			<cypherList>ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH</cypherList>
+			<dhParamsFile>${application.configDir}dhparams.pem</dhParamsFile>
 			<privateKeyPassphraseHandler>
 				<name>KeyFileHandler</name>
 				<options>

VERSION

@@ -1 +1 @@
-1.11.2
+1.11.3

doc/99100-ReleaseNotes.page

@@ -1,6 +1,13 @@
 POCO C++ Libraries Release Notes
 AAAIntroduction
 
+!!!Release 1.11.3
+
+!!Summary of Changes
+
+  - TODO
+
+
 !!!Release 1.11.2
 
 !!Summary of Changes

libversion

@@ -1 +1 @@
-82
+83