Merge commit 'c0dcd45c3ecac33376e06b7ca470ae56f2ed5e19' into cgilite

diff --combined cgilite/session.sh
index 12788d3eb534292349b8146ac1c50db80118398b,0a2a2e8b6583ad95c1d95735de392f9d64e35615..0a2a2e8b6583ad95c1d95735de392f9d64e35615
--- 1/cgilite/session.sh
--- 2/session.sh
+++ b/cgilite/session.sh
@@@ -24,6 -24,14 +24,14 @@@ slopecode()
    '
  }
  
+ session_mac(){
+   if which openssl >/dev/null; then
+     openssl dgst -sha1 -hmac "$(server_key)" -binary |slopecode
+   else
+     { cat; server_key; } |sha256sum |cut -d\  -f1
+   fi
+ }
+ 
  randomid(){
    dd bs=12 count=1 if=/dev/urandom 2>&- \
    | slopecode
@@@ -49,8 -57,7 +57,7 @@@ transid()
    local file="$1"
    { stat -c %F%i%n%N%s%Y "$file" 2>&-
      printf %s "$SESSION_ID"
-     server_key
-   } | sha256sum | cut -d\  -f1
+   } | session_mac
  }
  
  update_session(){
@@@ -61,8 -68,7 +68,7 @@@
        END
    serverkey="$(server_key)"
    
-   checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)"
-   checksig="${checksig%% *}"
+   checksig="$(printf %s "$sid" "$time" |session_mac)"
    
    if ! [ "$checksig" = "$sig" \
      -a "$time" -ge "$_DATE" \
@@@ -73,8 -79,7 +79,7 @@@
    fi
  
    time=$(( $_DATE + $SESSION_TIMEOUT ))
-   sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)"
-   sig="${sig%% *}"
+   sig="$(printf %s "$sid" "$time" |session_mac)"
    printf %s\\n "${sid}-${time}-${sig}"
  }