You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

107 lines
3.4 KiB

  1. --- a/src/ssl_sock.c
  2. +++ b/src/ssl_sock.c
  3. @@ -39,6 +39,7 @@
  4. #include <netdb.h>
  5. #include <netinet/tcp.h>
  6. +#include <openssl/bn.h>
  7. #include <openssl/crypto.h>
  8. #include <openssl/ssl.h>
  9. #include <openssl/x509.h>
  10. @@ -60,6 +61,17 @@
  11. #include <openssl/async.h>
  12. #endif
  13. +#ifndef OPENSSL_VERSION
  14. +#define OPENSSL_VERSION SSLEAY_VERSION
  15. +#define OpenSSL_version(x) SSLeay_version(x)
  16. +#define OpenSSL_version_num SSLeay
  17. +#endif
  18. +
  19. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  20. +#define X509_getm_notBefore X509_get_notBefore
  21. +#define X509_getm_notAfter X509_get_notAfter
  22. +#endif
  23. +
  24. #include <import/lru.h>
  25. #include <import/xxhash.h>
  26. @@ -217,7 +229,7 @@ static struct {
  27. .capture_cipherlist = 0,
  28. };
  29. -#ifdef USE_THREAD
  30. +#if defined(USE_THREAD) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
  31. static HA_RWLOCK_T *ssl_rwlocks;
  32. @@ -1716,8 +1728,8 @@ ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL
  33. ASN1_INTEGER_set(X509_get_serialNumber(newcrt), HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
  34. /* Set duration for the certificate */
  35. - if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) ||
  36. - !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365))
  37. + if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
  38. + !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
  39. goto mkcert_error;
  40. /* set public key in the certificate */
  41. @@ -6299,7 +6311,7 @@ smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char
  42. goto out;
  43. smp_trash = get_trash_chunk();
  44. - if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0)
  45. + if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
  46. goto out;
  47. smp->data.u.str = *smp_trash;
  48. @@ -6399,7 +6411,7 @@ smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char
  49. goto out;
  50. smp_trash = get_trash_chunk();
  51. - if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0)
  52. + if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
  53. goto out;
  54. smp->data.u.str = *smp_trash;
  55. @@ -8976,10 +8988,12 @@ static void __ssl_sock_init(void)
  56. #endif
  57. xprt_register(XPRT_SSL, &ssl_sock);
  58. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  59. SSL_library_init();
  60. +#endif
  61. cm = SSL_COMP_get_compression_methods();
  62. sk_SSL_COMP_zero(cm);
  63. -#ifdef USE_THREAD
  64. +#if defined(USE_THREAD) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
  65. ssl_locking_init();
  66. #endif
  67. #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
  68. @@ -9008,8 +9022,8 @@ static void __ssl_sock_init(void)
  69. #else /* OPENSSL_IS_BORINGSSL */
  70. OPENSSL_VERSION_TEXT
  71. "\nRunning on OpenSSL version : %s%s",
  72. - SSLeay_version(SSLEAY_VERSION),
  73. - ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
  74. + OpenSSL_version(OPENSSL_VERSION),
  75. + ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
  76. #endif
  77. memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
  78. #if OPENSSL_VERSION_NUMBER < 0x00907000L
  79. @@ -9100,12 +9114,14 @@ static void __ssl_sock_deinit(void)
  80. }
  81. #endif
  82. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  83. ERR_remove_state(0);
  84. ERR_free_strings();
  85. EVP_cleanup();
  86. +#endif
  87. -#if OPENSSL_VERSION_NUMBER >= 0x00907000L
  88. +#if OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L
  89. CRYPTO_cleanup_all_ex_data();
  90. #endif
  91. }