You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

86 lines
2.7 KiB

  1. From fa8f6fcd33e829cbe3ef3e4a92fa34cba3f20c91 Mon Sep 17 00:00:00 2001
  2. From: Rosen Penev <rosenp@gmail.com>
  3. Date: Sun, 20 Sep 2020 20:18:18 -0700
  4. Subject: [PATCH] openssl: fix compilation without deprecated APIs
  5. Added missing headers, removed initialization, and fixed APIs.
  6. Signed-off-by: Rosen Penev <rosenp@gmail.com>
  7. ---
  8. openssl.c | 8 ++------
  9. openssl_certs.c | 9 +++++----
  10. openssl_tls.c | 5 -----
  11. 3 files changed, 7 insertions(+), 15 deletions(-)
  12. --- a/openssl.c
  13. +++ b/openssl.c
  14. @@ -22,21 +22,17 @@
  15. **/
  16. #include <openssl/ssl.h>
  17. +#include <openssl/bn.h>
  18. +#include <openssl/rsa.h>
  19. #include <openssl/err.h>
  20. #include "openssl.h"
  21. #include "errstack.h"
  22. void openssl_init(void) {
  23. - SSL_load_error_strings();
  24. - OpenSSL_add_ssl_algorithms();
  25. }
  26. void openssl_deinit(void) {
  27. - EVP_cleanup();
  28. - CRYPTO_cleanup_all_ex_data();
  29. - SSL_COMP_free_compression_methods();
  30. - ERR_free_strings();
  31. }
  32. static void errstack_free_X509(struct errstack_element_t *element) {
  33. --- a/openssl_certs.c
  34. +++ b/openssl_certs.c
  35. @@ -27,6 +27,7 @@
  36. #include <openssl/ssl.h>
  37. #include <openssl/err.h>
  38. #include <openssl/bn.h>
  39. +#include <openssl/rsa.h>
  40. #include <openssl/x509v3.h>
  41. #include "ipfwd.h"
  42. @@ -280,8 +281,8 @@ X509* openssl_create_certificate(const s
  43. BN_free(serial);
  44. /* Set lifetime */
  45. - X509_gmtime_adj(X509_get_notBefore(cert), -spec->validity_predate_seconds);
  46. - X509_gmtime_adj(X509_get_notAfter(cert), spec->validity_seconds);
  47. + X509_gmtime_adj(X509_getm_notBefore(cert), -spec->validity_predate_seconds);
  48. + X509_gmtime_adj(X509_getm_notAfter(cert), spec->validity_seconds);
  49. /* Set public key */
  50. X509_set_pubkey(cert, spec->subject_pubkey);
  51. @@ -357,8 +358,8 @@ X509* openssl_create_certificate(const s
  52. return cert;
  53. }
  54. -static bool is_certificate_expired(X509 *cert) {
  55. - return X509_cmp_current_time(X509_get_notAfter(cert)) <= 0;
  56. +static bool is_certificate_expired(const X509 *cert) {
  57. + return X509_cmp_current_time(X509_get0_notAfter(cert)) <= 0;
  58. }
  59. X509* openssl_load_stored_certificate(const struct certificatespec_t *certspec, const char *filename, bool recreate_when_expired, bool recreate_when_key_mismatch) {
  60. --- a/openssl_tls.c
  61. +++ b/openssl_tls.c
  62. @@ -146,11 +146,6 @@ struct tls_connection_t openssl_tls_conn
  63. SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER, NULL);
  64. SSL_CTX_set_cert_verify_callback(sslctx, cert_verify_callback, &result);
  65. }
  66. - if (!SSL_CTX_set_ecdh_auto(sslctx, 1)) {
  67. - logmsgext(LLVL_ERROR, FLAG_OPENSSL_ERROR, "openssl_tls %s: SSL_CTX_set_ecdh_auto() failed.", request->is_server ? "server" : "client");
  68. - SSL_CTX_free(sslctx);
  69. - return result;
  70. - }
  71. if (request->config && request->config->cert) {
  72. if (SSL_CTX_use_certificate(sslctx, request->config->cert) != 1) {