- --- a/src/ssl_sock.c
- +++ b/src/ssl_sock.c
- @@ -39,6 +39,7 @@
- #include <netdb.h>
- #include <netinet/tcp.h>
-
- +#include <openssl/bn.h>
- #include <openssl/crypto.h>
- #include <openssl/ssl.h>
- #include <openssl/x509.h>
- @@ -60,6 +61,17 @@
- #include <openssl/async.h>
- #endif
-
- +#ifndef OPENSSL_VERSION
- +#define OPENSSL_VERSION SSLEAY_VERSION
- +#define OpenSSL_version(x) SSLeay_version(x)
- +#define OpenSSL_version_num SSLeay
- +#endif
- +
- +#if OPENSSL_VERSION_NUMBER < 0x10100000L
- +#define X509_getm_notBefore X509_get_notBefore
- +#define X509_getm_notAfter X509_get_notAfter
- +#endif
- +
- #include <import/lru.h>
- #include <import/xxhash.h>
-
- @@ -217,7 +229,7 @@ static struct {
- .capture_cipherlist = 0,
- };
-
- -#ifdef USE_THREAD
- +#if defined(USE_THREAD) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
-
- static HA_RWLOCK_T *ssl_rwlocks;
-
- @@ -1716,8 +1728,8 @@ ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL
- ASN1_INTEGER_set(X509_get_serialNumber(newcrt), HA_ATOMIC_ADD(&ssl_ctx_serial, 1));
-
- /* Set duration for the certificate */
- - if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) ||
- - !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365))
- + if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) ||
- + !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365))
- goto mkcert_error;
-
- /* set public key in the certificate */
- @@ -6299,7 +6311,7 @@ smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char
- goto out;
-
- smp_trash = get_trash_chunk();
- - if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0)
- + if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0)
- goto out;
-
- smp->data.u.str = *smp_trash;
- @@ -6399,7 +6411,7 @@ smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char
- goto out;
-
- smp_trash = get_trash_chunk();
- - if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0)
- + if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0)
- goto out;
-
- smp->data.u.str = *smp_trash;
- @@ -8976,10 +8988,12 @@ static void __ssl_sock_init(void)
- #endif
-
- xprt_register(XPRT_SSL, &ssl_sock);
- +#if OPENSSL_VERSION_NUMBER < 0x10100000L
- SSL_library_init();
- +#endif
- cm = SSL_COMP_get_compression_methods();
- sk_SSL_COMP_zero(cm);
- -#ifdef USE_THREAD
- +#if defined(USE_THREAD) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
- ssl_locking_init();
- #endif
- #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER)
- @@ -9008,8 +9022,8 @@ static void __ssl_sock_init(void)
- #else /* OPENSSL_IS_BORINGSSL */
- OPENSSL_VERSION_TEXT
- "\nRunning on OpenSSL version : %s%s",
- - SSLeay_version(SSLEAY_VERSION),
- - ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : "");
- + OpenSSL_version(OPENSSL_VERSION),
- + ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : "");
- #endif
- memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : "
- #if OPENSSL_VERSION_NUMBER < 0x00907000L
- @@ -9100,12 +9114,14 @@ static void __ssl_sock_deinit(void)
- }
- #endif
-
- +#if OPENSSL_VERSION_NUMBER < 0x10100000L
- ERR_remove_state(0);
- ERR_free_strings();
-
- EVP_cleanup();
- +#endif
-
- -#if OPENSSL_VERSION_NUMBER >= 0x00907000L
- +#if OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L
- CRYPTO_cleanup_all_ex_data();
- #endif
- }
|