rpms / jabberd

Clone
Source Code
GIT

Files

el5 el6 epel7 epel8 epel9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fc6 main rawhide
  1.   f34
  2.   0003-sx-ssl.c-adapt-to-openssl-1.1.patch
Blob Blame History Raw 
From da388416df1dbacb690ec754c65503a206eb2f88 Mon Sep 17 00:00:00 2001
From: Adrian Reber <adrian@lisas.de>
Date: Fri, 2 Dec 2016 15:33:48 +0100
Subject: [PATCH 3/3] sx/ssl.c: adapt to openssl-1.1

Adding #ifdefs to use the new openssl-1.1 API if detected.

Signed-off-by: Adrian Reber <adrian@lisas.de>
---
 sx/ssl.c | 41 +++++++++++++++++++++++++++++++++++++----
 1 file changed, 37 insertions(+), 4 deletions(-)

diff --git a/sx/ssl.c b/sx/ssl.c
index 208ebb6..5ff8618 100644
--- a/sx/ssl.c
+++ b/sx/ssl.c
@@ -70,7 +70,7 @@ static int _sx_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
      */
     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
     {
-      X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+      X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
       _sx_debug(ZONE, "issuer= %s\n", buf);
     }
 
@@ -115,12 +115,29 @@ static DH *sx_ssl_make_dh_params(BIGNUM *(*const get_prime)(BIGNUM *), const cha
     if (!dh)
         return NULL;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+
     dh->p = get_prime(NULL);
     BN_dec2bn(&dh->g, gen);
     if (!dh->p || !dh->g) {
         DH_free(dh);
         return NULL;
     }
+#else
+    {
+        BIGNUM *p, *g;
+        p = get_prime(NULL);
+        BN_dec2bn(&g, gen);
+
+        if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) {
+            DH_free(dh);
+            BN_free(p);
+            BN_free(g);
+            return NULL;
+        }
+    }
+#endif
+
     return dh;
 }
 
@@ -134,7 +151,7 @@ static void sx_ssl_free_dh_params(void) {
 
 static DH *_sx_ssl_tmp_dh_callback(SSL *ssl, int export, int keylen) {
     EVP_PKEY *pkey = SSL_get_privatekey(ssl);
-    int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
+    int type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
     unsigned i;
 
     if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA)
@@ -351,7 +368,11 @@ static void _sx_ssl_get_external_id(sx_t s, _sx_ssl_conn_t sc) {
             } else if (altname->type == GEN_DNS) {
                 len = ASN1_STRING_length(altname->d.dNSName);
                 sc->external_id[id] = (char *) malloc(sizeof(char) *  (len + 1));
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
                 memcpy(sc->external_id[id], ASN1_STRING_data(altname->d.dNSName), len);
+#else
+                memcpy(sc->external_id[id], ASN1_STRING_get0_data(altname->d.dNSName), len);
+#endif
                 sc->external_id[id][len] = '\0'; // just to make sure
                 _sx_debug(ZONE, "external_id: Found(%d) subjectAltName/dNSName: '%s'", id, sc->external_id[id]);
                 id++;
@@ -728,11 +749,15 @@ static void _sx_ssl_client(sx_t s, sx_plugin_t p) {
     SSL_set_bio(sc->ssl, sc->rbio, sc->wbio);
     SSL_set_connect_state(sc->ssl);
     SSL_set_options(sc->ssl, SSL_OP_NO_TICKET);
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
 #ifdef ENABLE_EXPERIMENTAL
     SSL_set_ssl_method(sc->ssl, TLSv1_2_client_method());
 #else
     SSL_set_ssl_method(sc->ssl, TLSv1_client_method());
 #endif
+#else
+    SSL_set_ssl_method(sc->ssl, TLS_client_method());
+#endif
 
     /* empty external_id */
     for (i = 0; i < SX_CONN_EXTERNAL_ID_MAX_COUNT; i++)
@@ -761,8 +786,8 @@ static void _sx_ssl_client(sx_t s, sx_plugin_t p) {
         }
 
         /* set callback giving a password for pemfile */
-        SSL_CTX_set_default_passwd_cb_userdata(sc->ssl->ctx, (void *)pemfile_password);
-        SSL_CTX_set_default_passwd_cb(sc->ssl->ctx, &_sx_pem_passwd_callback);
+        SSL_CTX_set_default_passwd_cb_userdata(ctx, (void *)pemfile_password);
+        SSL_CTX_set_default_passwd_cb(ctx, &_sx_pem_passwd_callback);
 
         /* load the private key */
         ret = SSL_use_PrivateKey_file(sc->ssl, pemfile, SSL_FILETYPE_PEM);
@@ -977,11 +1002,15 @@ int sx_ssl_server_addcert(sx_plugin_t p, const char *name, const char *pemfile,
     ERR_clear_error();
 
     /* create the context */
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
 #ifdef ENABLE_EXPERIMENTAL
     ctx = SSL_CTX_new(TLSv1_2_method());
 #else
     ctx = SSL_CTX_new(SSLv23_method());
 #endif
+#else
+    ctx = SSL_CTX_new(TLS_method());
+#endif
     if(ctx == NULL) {
         _sx_debug(ZONE, "ssl context creation failed; %s", ERR_error_string(ERR_get_error(), NULL));
         return 1;
@@ -1063,7 +1092,11 @@ int sx_ssl_server_addcert(sx_plugin_t p, const char *name, const char *pemfile,
     /* try to read DH params from pem file */
     if((dhparams = sx_ssl_get_DHparams(pemfile))) {
         SSL_CTX_set_tmp_dh(ctx, dhparams);
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
         _sx_debug(ZONE, "custom DH parameters loaded from certificate", BN_num_bits(dhparams->p));
+#else
+        _sx_debug(ZONE, "custom DH parameters loaded from certificate", DH_bits(dhparams));
+#endif
     }
 
     /* try to read ECDH params from pem file */
-- 
2.9.3
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.