Blob Blame Raw
diff -up openwsman-2.6.2/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.2/src/lib/wsman-curl-client-transport.c
--- openwsman-2.6.2/src/lib/wsman-curl-client-transport.c.orig	2015-10-19 15:27:46.000000000 +0200
+++ openwsman-2.6.2/src/lib/wsman-curl-client-transport.c	2017-01-09 15:12:40.823514921 +0100
@@ -239,12 +239,16 @@ write_handler( void *ptr, size_t size, s
 static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
 {
 	unsigned char *thumbprint = (unsigned char *)arg;
-	X509 *cert = ctx->cert;
 	EVP_MD                                  *tempDigest;
 
 	unsigned char   tempFingerprint[EVP_MAX_MD_SIZE];
 	unsigned int      tempFingerprintLen;
 	tempDigest = (EVP_MD*)EVP_sha1( );
+
+	X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+	if(!cert)
+		return 0;
+
 	if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
 		return 0;
 	if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
diff -up openwsman-2.6.2/src/server/shttpd/config.c.orig openwsman-2.6.2/src/server/shttpd/config.c
--- openwsman-2.6.2/src/server/shttpd/config.c.orig	2015-10-19 15:27:46.000000000 +0200
+++ openwsman-2.6.2/src/server/shttpd/config.c	2017-01-09 15:13:03.561467272 +0100
@@ -91,26 +91,16 @@ set_ssl(struct shttpd_ctx *ctx, void *ar
 
 	arg = NULL;	/* Unused */
 
-	/* Load SSL library dynamically */
-	if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
-		elog(E_FATAL, NULL, "set_ssl: cannot load %s", SSL_LIB);
-                ctx->ssl_ctx = NULL;
-                return;
-        }
-
-	for (fp = ssl_sw; fp->name != NULL; fp++) {
-		if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) {
-                        elog(E_FATAL, NULL,"set_ssl: cannot find %s", fp->name);
-                  ctx->ssl_ctx = NULL;
-                  return;
-                }
-        }
-
 	/* Initialize SSL crap */
 	static int ssl_library_initialized = 0;
 	if(!ssl_library_initialized) {
 		debug("Initialize SSL");
+		SSL_load_error_strings();
+		#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		SSL_library_init();
+		#else
+		OPENSSL_init_ssl(0, NULL);
+		#endif
 		ssl_library_initialized = 1;
 	}
 	if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) {
@@ -150,7 +140,7 @@ set_ssl(struct shttpd_ctx *ctx, void *ar
           for (idx = 0; protocols[idx].name ; ++idx) {
             if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
               debug("SSL: disable %s protocol", protocols[idx].name);
-              SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);                      
+              SSL_CTX_set_options(CTX, protocols[idx].opt);
               break;
             }
           }
diff -up openwsman-2.6.2/src/server/shttpd/io_ssl.c.orig openwsman-2.6.2/src/server/shttpd/io_ssl.c
--- openwsman-2.6.2/src/server/shttpd/io_ssl.c.orig	2015-10-19 15:27:46.000000000 +0200
+++ openwsman-2.6.2/src/server/shttpd/io_ssl.c	2017-01-09 15:12:40.824514919 +0100
@@ -11,26 +11,6 @@
 #include "shttpd_defs.h"
 
 #if !defined(NO_SSL)
-struct ssl_func	ssl_sw[] = {
-	{"SSL_free",			{0}},
-	{"SSL_accept",			{0}},
-	{"SSL_connect",			{0}},
-	{"SSL_read",			{0}},
-	{"SSL_write",			{0}},
-	{"SSL_get_error",		{0}},
-	{"SSL_set_fd",			{0}},
-	{"SSL_new",			{0}},
-	{"SSL_CTX_new",			{0}},
-	{"SSLv23_server_method",	{0}},
-	{"SSL_library_init",		{0}},
-	{"SSL_CTX_use_PrivateKey_file",	{0}},
-	{"SSL_CTX_use_certificate_file",{0}},
-	{"SSL_CTX_free", {0}},
-	{"SSL_pending", {0}},
-	{"SSL_CTX_use_certificate_chain_file",{0}},
-	{"SSL_CTX_ctrl", {0}},
-	{NULL,				{0}}
-};
 
 void
 ssl_handshake(struct stream *stream)
diff -up openwsman-2.6.2/src/server/shttpd/ssl.h.orig openwsman-2.6.2/src/server/shttpd/ssl.h
--- openwsman-2.6.2/src/server/shttpd/ssl.h.orig	2015-10-19 15:27:46.000000000 +0200
+++ openwsman-2.6.2/src/server/shttpd/ssl.h	2017-01-09 15:12:40.824514919 +0100
@@ -12,56 +12,4 @@
 
 # include <openssl/ssl.h>
 
-#else
-
-/*
- * Snatched from OpenSSL includes. I put the prototypes here to be independent
- * from the OpenSSL source installation. Having this, shttpd + SSL can be
- * built on any system with binary SSL libraries installed.
- */
-
-typedef struct ssl_st SSL;
-typedef struct ssl_method_st SSL_METHOD;
-typedef struct ssl_ctx_st SSL_CTX;
-
-#define	SSL_ERROR_WANT_READ	2
-#define	SSL_ERROR_WANT_WRITE	3
-#define SSL_ERROR_SYSCALL               5
-#define SSL_FILETYPE_PEM	1
-
 #endif
-
-/*
- * Dynamically loaded SSL functionality
- */
-struct ssl_func {
-	const char	*name;		/* SSL function name	*/
-	union variant	ptr;		/* Function pointer	*/
-};
-
-extern struct ssl_func	ssl_sw[];
-
-#define	FUNC(x)	ssl_sw[x].ptr.v_func
-
-#define	SSL_free(x)	(* (void (*)(SSL *)) FUNC(0))(x)
-#define	SSL_accept(x)	(* (int (*)(SSL *)) FUNC(1))(x)
-#define	SSL_connect(x)	(* (int (*)(SSL *)) FUNC(2))(x)
-#define	SSL_read(x,y,z)	(* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z))
-#define	SSL_write(x,y,z) \
-	(* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z))
-#define	SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
-#define	SSL_set_fd(x,y)	(* (int (*)(SSL *, int)) FUNC(6))((x), (y))
-#define	SSL_new(x)	(* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
-#define	SSL_CTX_new(x)	(* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x)
-#define	SSLv23_server_method()	(* (SSL_METHOD * (*)(void)) FUNC(9))()
-#define	SSL_library_init() (* (int (*)(void)) FUNC(10))()
-#define	SSL_CTX_use_PrivateKey_file(x,y,z)	(* (int (*)(SSL_CTX *, \
-		const char *, int)) FUNC(11))((x), (y), (z))
-#define	SSL_CTX_use_certificate_file(x,y,z)	(* (int (*)(SSL_CTX *, \
-		const char *, int)) FUNC(12))((x), (y), (z))
-#define SSL_CTX_use_certificate_chain_file(x,y)	(* (int (*)(SSL_CTX *, \
-		const char *)) FUNC(15))((x), (y))
-#define	SSL_CTX_free(x)	(*(void (*)(SSL_CTX *)) FUNC(13))(x)
-#define	SSL_pending(x) (*(int (*)(SSL *)) FUNC(14))(x)
-#define SSL_CTX_ctrl(w,x,y,z) (*(long (*)(SSL_CTX *,int,long,void *)) FUNC(16))((w),(x),(y),(z))
-