File 0003-sx-ssl.c-adapt-to-openssl-1.1.patch of Package jabberd

Overview Repositories Revisions Requests Users Attributes Meta

File 0003-sx-ssl.c-adapt-to-openssl-1.1.patch of Package jabberd

From da388416df1dbacb690ec754c65503a206eb2f88 Mon Sep 17 00:00:00 2001
From: Adrian Reber <adrian@lisas.de>
Date: Fri, 2 Dec 2016 15:33:48 +0100
Subject: [PATCH 3/3] sx/ssl.c: adapt to openssl-1.1

Adding #ifdefs to use the new openssl-1.1 API if detected.

Signed-off-by: Adrian Reber <adrian@lisas.de>
---
 sx/ssl.c | 41 +++++++++++++++++++++++++++++++++++++----
 1 file changed, 37 insertions(+), 4 deletions(-)

diff --git a/sx/ssl.c b/sx/ssl.c
index 208ebb6..5ff8618 100644
--- a/sx/ssl.c
+++ b/sx/ssl.c
@@ -70,7 +70,7 @@ static int _sx_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
      */
     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
     {
-      X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+      X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
       _sx_debug(ZONE, "issuer= %s\n", buf);
     }
 
@@ -115,12 +115,29 @@ static DH *sx_ssl_make_dh_params(BIGNUM *(*const get_prime)(BIGNUM *), const cha
     if (!dh)
         return NULL;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+
     dh->p = get_prime(NULL);
     BN_dec2bn(&dh->g, gen);
     if (!dh->p || !dh->g) {
         DH_free(dh);
         return NULL;
     }
+#else
+    {
+        BIGNUM *p, *g;
+        p = get_prime(NULL);
+        BN_dec2bn(&g, gen);
+
+        if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) {
+            DH_free(dh);
+            BN_free(p);
+            BN_free(g);
+            return NULL;
+        }
+    }
+#endif
+
     return dh;
 }
 
@@ -134,7 +151,7 @@ static void sx_ssl_free_dh_params(void) {
 
 static DH *_sx_ssl_tmp_dh_callback(SSL *ssl, int export, int keylen) {
     EVP_PKEY *pkey = SSL_get_privatekey(ssl);
-    int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
+    int type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
     unsigned i;
 
     if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA)
@@ -351,7 +368,11 @@ static void _sx_ssl_get_external_id(sx_t s, _sx_ssl_conn_t sc) {
             } else if (altname->type == GEN_DNS) {
                 len = ASN1_STRING_length(altname->d.dNSName);
                 sc->external_id[id] = (char *) malloc(sizeof(char) *  (len + 1));
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
                 memcpy(sc->external_id[id], ASN1_STRING_data(altname->d.dNSName), len);
+#else
+                memcpy(sc->external_id[id], ASN1_STRING_get0_data(altname->d.dNSName), len);
+#endif
                 sc->external_id[id][len] = '\0'; // just to make sure
                 _sx_debug(ZONE, "external_id: Found(%d) subjectAltName/dNSName: '%s'", id, sc->external_id[id]);
                 id++;
@@ -728,11 +749,15 @@ static void _sx_ssl_client(sx_t s, sx_plugin_t p) {
     SSL_set_bio(sc->ssl, sc->rbio, sc->wbio);
     SSL_set_connect_state(sc->ssl);
     SSL_set_options(sc->ssl, SSL_OP_NO_TICKET);
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
 #ifdef ENABLE_EXPERIMENTAL
     SSL_set_ssl_method(sc->ssl, TLSv1_2_client_method());
 #else
     SSL_set_ssl_method(sc->ssl, TLSv1_client_method());
 #endif
+#else
+    SSL_set_ssl_method(sc->ssl, TLS_client_method());
+#endif
 
     /* empty external_id */
     for (i = 0; i < SX_CONN_EXTERNAL_ID_MAX_COUNT; i++)
@@ -761,8 +786,8 @@ static void _sx_ssl_client(sx_t s, sx_plugin_t p) {
         }
 
         /* set callback giving a password for pemfile */
-        SSL_CTX_set_default_passwd_cb_userdata(sc->ssl->ctx, (void *)pemfile_password);
-        SSL_CTX_set_default_passwd_cb(sc->ssl->ctx, &_sx_pem_passwd_callback);
+        SSL_CTX_set_default_passwd_cb_userdata(ctx, (void *)pemfile_password);
+        SSL_CTX_set_default_passwd_cb(ctx, &_sx_pem_passwd_callback);
 
         /* load the private key */
         ret = SSL_use_PrivateKey_file(sc->ssl, pemfile, SSL_FILETYPE_PEM);
@@ -977,11 +1002,15 @@ int sx_ssl_server_addcert(sx_plugin_t p, const char *name, const char *pemfile,
     ERR_clear_error();
 
     /* create the context */
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
 #ifdef ENABLE_EXPERIMENTAL
     ctx = SSL_CTX_new(TLSv1_2_method());
 #else
     ctx = SSL_CTX_new(SSLv23_method());
 #endif
+#else
+    ctx = SSL_CTX_new(TLS_method());
+#endif
     if(ctx == NULL) {
         _sx_debug(ZONE, "ssl context creation failed; %s", ERR_error_string(ERR_get_error(), NULL));
         return 1;
@@ -1063,7 +1092,11 @@ int sx_ssl_server_addcert(sx_plugin_t p, const char *name, const char *pemfile,
     /* try to read DH params from pem file */
     if((dhparams = sx_ssl_get_DHparams(pemfile))) {
         SSL_CTX_set_tmp_dh(ctx, dhparams);
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
         _sx_debug(ZONE, "custom DH parameters loaded from certificate", BN_num_bits(dhparams->p));
+#else
+        _sx_debug(ZONE, "custom DH parameters loaded from certificate", DH_bits(dhparams));
+#endif
     }
 
     /* try to read ECDH params from pem file */
-- 
2.9.3

Places

File 0003-sx-ssl.c-adapt-to-openssl-1.1.patch of Package jabberd

Places