Log In
Log In
Places
All Projects
Status Monitor
Collapse sidebar
infoserver
jabberd
0003-sx-ssl.c-adapt-to-openssl-1.1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0003-sx-ssl.c-adapt-to-openssl-1.1.patch of Package jabberd
From da388416df1dbacb690ec754c65503a206eb2f88 Mon Sep 17 00:00:00 2001 From: Adrian Reber <adrian@lisas.de> Date: Fri, 2 Dec 2016 15:33:48 +0100 Subject: [PATCH 3/3] sx/ssl.c: adapt to openssl-1.1 Adding #ifdefs to use the new openssl-1.1 API if detected. Signed-off-by: Adrian Reber <adrian@lisas.de> --- sx/ssl.c | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/sx/ssl.c b/sx/ssl.c index 208ebb6..5ff8618 100644 --- a/sx/ssl.c +++ b/sx/ssl.c @@ -70,7 +70,7 @@ static int _sx_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx) */ if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); + X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256); _sx_debug(ZONE, "issuer= %s\n", buf); } @@ -115,12 +115,29 @@ static DH *sx_ssl_make_dh_params(BIGNUM *(*const get_prime)(BIGNUM *), const cha if (!dh) return NULL; +#if OPENSSL_VERSION_NUMBER < 0x10100005L + dh->p = get_prime(NULL); BN_dec2bn(&dh->g, gen); if (!dh->p || !dh->g) { DH_free(dh); return NULL; } +#else + { + BIGNUM *p, *g; + p = get_prime(NULL); + BN_dec2bn(&g, gen); + + if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) { + DH_free(dh); + BN_free(p); + BN_free(g); + return NULL; + } + } +#endif + return dh; } @@ -134,7 +151,7 @@ static void sx_ssl_free_dh_params(void) { static DH *_sx_ssl_tmp_dh_callback(SSL *ssl, int export, int keylen) { EVP_PKEY *pkey = SSL_get_privatekey(ssl); - int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE; + int type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE; unsigned i; if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) @@ -351,7 +368,11 @@ static void _sx_ssl_get_external_id(sx_t s, _sx_ssl_conn_t sc) { } else if (altname->type == GEN_DNS) { len = ASN1_STRING_length(altname->d.dNSName); sc->external_id[id] = (char *) malloc(sizeof(char) * (len + 1)); +#if OPENSSL_VERSION_NUMBER < 0x10100005L memcpy(sc->external_id[id], ASN1_STRING_data(altname->d.dNSName), len); +#else + memcpy(sc->external_id[id], ASN1_STRING_get0_data(altname->d.dNSName), len); +#endif sc->external_id[id][len] = '\0'; // just to make sure _sx_debug(ZONE, "external_id: Found(%d) subjectAltName/dNSName: '%s'", id, sc->external_id[id]); id++; @@ -728,11 +749,15 @@ static void _sx_ssl_client(sx_t s, sx_plugin_t p) { SSL_set_bio(sc->ssl, sc->rbio, sc->wbio); SSL_set_connect_state(sc->ssl); SSL_set_options(sc->ssl, SSL_OP_NO_TICKET); +#if OPENSSL_VERSION_NUMBER < 0x10100005L #ifdef ENABLE_EXPERIMENTAL SSL_set_ssl_method(sc->ssl, TLSv1_2_client_method()); #else SSL_set_ssl_method(sc->ssl, TLSv1_client_method()); #endif +#else + SSL_set_ssl_method(sc->ssl, TLS_client_method()); +#endif /* empty external_id */ for (i = 0; i < SX_CONN_EXTERNAL_ID_MAX_COUNT; i++) @@ -761,8 +786,8 @@ static void _sx_ssl_client(sx_t s, sx_plugin_t p) { } /* set callback giving a password for pemfile */ - SSL_CTX_set_default_passwd_cb_userdata(sc->ssl->ctx, (void *)pemfile_password); - SSL_CTX_set_default_passwd_cb(sc->ssl->ctx, &_sx_pem_passwd_callback); + SSL_CTX_set_default_passwd_cb_userdata(ctx, (void *)pemfile_password); + SSL_CTX_set_default_passwd_cb(ctx, &_sx_pem_passwd_callback); /* load the private key */ ret = SSL_use_PrivateKey_file(sc->ssl, pemfile, SSL_FILETYPE_PEM); @@ -977,11 +1002,15 @@ int sx_ssl_server_addcert(sx_plugin_t p, const char *name, const char *pemfile, ERR_clear_error(); /* create the context */ +#if OPENSSL_VERSION_NUMBER < 0x10100005L #ifdef ENABLE_EXPERIMENTAL ctx = SSL_CTX_new(TLSv1_2_method()); #else ctx = SSL_CTX_new(SSLv23_method()); #endif +#else + ctx = SSL_CTX_new(TLS_method()); +#endif if(ctx == NULL) { _sx_debug(ZONE, "ssl context creation failed; %s", ERR_error_string(ERR_get_error(), NULL)); return 1; @@ -1063,7 +1092,11 @@ int sx_ssl_server_addcert(sx_plugin_t p, const char *name, const char *pemfile, /* try to read DH params from pem file */ if((dhparams = sx_ssl_get_DHparams(pemfile))) { SSL_CTX_set_tmp_dh(ctx, dhparams); +#if OPENSSL_VERSION_NUMBER < 0x10100005L _sx_debug(ZONE, "custom DH parameters loaded from certificate", BN_num_bits(dhparams->p)); +#else + _sx_debug(ZONE, "custom DH parameters loaded from certificate", DH_bits(dhparams)); +#endif } /* try to read ECDH params from pem file */ -- 2.9.3
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Contact
Support
@OBShq
The Open Build Service is an
openSUSE project
.
Log In
Places
Places
All Projects
Status Monitor