LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27333 Commits
1 Branch
46 MiB
Tree: 24ad5359fe
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '24ad5359fe'
${ noResults }
openwrt-packages-dist/net/ratched/patches/0002-openssl-fix-compilatio...

86 lines
2.7 KiB
Raw Normal View History

ratched: add new package Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
4 years ago
treewide: Run refresh on all packages The crude loop I wrote to come up with this changeset: find -L package/feeds/packages/ -name patches | \ sed 's/patches$/refresh/' | sort | xargs make Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
4 years ago
ratched: add new package Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
4 years ago
treewide: Run refresh on all packages The crude loop I wrote to come up with this changeset: find -L package/feeds/packages/ -name patches | \ sed 's/patches$/refresh/' | sort | xargs make Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
4 years ago
ratched: add new package Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
4 years ago
treewide: Run refresh on all packages The crude loop I wrote to come up with this changeset: find -L package/feeds/packages/ -name patches | \ sed 's/patches$/refresh/' | sort | xargs make Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
4 years ago
ratched: add new package Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
4 years ago
 
  1. From fa8f6fcd33e829cbe3ef3e4a92fa34cba3f20c91 Mon Sep 17 00:00:00 2001
  2. From: Rosen Penev <rosenp@gmail.com>
  3. Date: Sun, 20 Sep 2020 20:18:18 -0700
  4. Subject: [PATCH] openssl: fix compilation without deprecated APIs
  5. 

  6. Added missing headers, removed initialization, and fixed APIs.
  7. 

  8. Signed-off-by: Rosen Penev <rosenp@gmail.com>
  9. ---

  10.  openssl.c       | 8 ++------
  11.  openssl_certs.c | 9 +++++----
  12.  openssl_tls.c   | 5 -----
  13.  3 files changed, 7 insertions(+), 15 deletions(-)
  14. 

  15. --- a/openssl.c

  16. +++ b/openssl.c

  17. @@ -22,21 +22,17 @@

  18.  **/
  19.  
  20.  #include <openssl/ssl.h>
  21. +#include <openssl/bn.h>

  22. +#include <openssl/rsa.h>

  23.  #include <openssl/err.h>
  24.  
  25.  #include "openssl.h"
  26.  #include "errstack.h"
  27.  
  28.  void openssl_init(void) {
  29. -	SSL_load_error_strings();

  30. -    OpenSSL_add_ssl_algorithms();

  31.  }
  32.  
  33.  void openssl_deinit(void) {
  34. -	EVP_cleanup();

  35. -	CRYPTO_cleanup_all_ex_data();

  36. -	SSL_COMP_free_compression_methods();

  37. -	ERR_free_strings();

  38.  }
  39.  
  40.  static void errstack_free_X509(struct errstack_element_t *element) {
  41. --- a/openssl_certs.c

  42. +++ b/openssl_certs.c

  43. @@ -27,6 +27,7 @@

  44.  #include <openssl/ssl.h>
  45.  #include <openssl/err.h>
  46.  #include <openssl/bn.h>
  47. +#include <openssl/rsa.h>

  48.  #include <openssl/x509v3.h>
  49.  
  50.  #include "ipfwd.h"
  51. @@ -280,8 +281,8 @@ X509* openssl_create_certificate(const s

  52.  	BN_free(serial);
  53.  
  54.  	/* Set lifetime */
  55. -	X509_gmtime_adj(X509_get_notBefore(cert), -spec->validity_predate_seconds);

  56. -	X509_gmtime_adj(X509_get_notAfter(cert), spec->validity_seconds);

  57. +	X509_gmtime_adj(X509_getm_notBefore(cert), -spec->validity_predate_seconds);

  58. +	X509_gmtime_adj(X509_getm_notAfter(cert), spec->validity_seconds);

  59.  
  60.  	/* Set public key */
  61.  	X509_set_pubkey(cert, spec->subject_pubkey);
  62. @@ -357,8 +358,8 @@ X509* openssl_create_certificate(const s

  63.  	return cert;
  64.  }
  65.  
  66. -static bool is_certificate_expired(X509 *cert) {

  67. -	return X509_cmp_current_time(X509_get_notAfter(cert)) <= 0;

  68. +static bool is_certificate_expired(const X509 *cert) {

  69. +	return X509_cmp_current_time(X509_get0_notAfter(cert)) <= 0;

  70.  }
  71.  
  72.  X509* openssl_load_stored_certificate(const struct certificatespec_t *certspec, const char *filename, bool recreate_when_expired, bool recreate_when_key_mismatch) {
  73. --- a/openssl_tls.c

  74. +++ b/openssl_tls.c

  75. @@ -146,11 +146,6 @@ struct tls_connection_t openssl_tls_conn

  76.  		SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER, NULL);
  77.  		SSL_CTX_set_cert_verify_callback(sslctx, cert_verify_callback, &result);
  78.  	}
  79. -	if (!SSL_CTX_set_ecdh_auto(sslctx, 1)) {

  80. -		logmsgext(LLVL_ERROR, FLAG_OPENSSL_ERROR, "openssl_tls %s: SSL_CTX_set_ecdh_auto() failed.", request->is_server ? "server" : "client");

  81. -		SSL_CTX_free(sslctx);

  82. -		return result;

  83. -	}

  84.  
  85.  	if (request->config && request->config->cert) {
  86.  		if (SSL_CTX_use_certificate(sslctx, request->config->cert) != 1) {