|
|
- From fa8f6fcd33e829cbe3ef3e4a92fa34cba3f20c91 Mon Sep 17 00:00:00 2001
- From: Rosen Penev <rosenp@gmail.com>
- Date: Sun, 20 Sep 2020 20:18:18 -0700
- Subject: [PATCH] openssl: fix compilation without deprecated APIs
-
- Added missing headers, removed initialization, and fixed APIs.
-
- Signed-off-by: Rosen Penev <rosenp@gmail.com>
- ---
- openssl.c | 8 ++------
- openssl_certs.c | 9 +++++----
- openssl_tls.c | 5 -----
- 3 files changed, 7 insertions(+), 15 deletions(-)
-
- --- a/openssl.c
- +++ b/openssl.c
- @@ -22,21 +22,17 @@
- **/
-
- #include <openssl/ssl.h>
- +#include <openssl/bn.h>
- +#include <openssl/rsa.h>
- #include <openssl/err.h>
-
- #include "openssl.h"
- #include "errstack.h"
-
- void openssl_init(void) {
- - SSL_load_error_strings();
- - OpenSSL_add_ssl_algorithms();
- }
-
- void openssl_deinit(void) {
- - EVP_cleanup();
- - CRYPTO_cleanup_all_ex_data();
- - SSL_COMP_free_compression_methods();
- - ERR_free_strings();
- }
-
- static void errstack_free_X509(struct errstack_element_t *element) {
- --- a/openssl_certs.c
- +++ b/openssl_certs.c
- @@ -27,6 +27,7 @@
- #include <openssl/ssl.h>
- #include <openssl/err.h>
- #include <openssl/bn.h>
- +#include <openssl/rsa.h>
- #include <openssl/x509v3.h>
-
- #include "ipfwd.h"
- @@ -280,8 +281,8 @@ X509* openssl_create_certificate(const s
- BN_free(serial);
-
- /* Set lifetime */
- - X509_gmtime_adj(X509_get_notBefore(cert), -spec->validity_predate_seconds);
- - X509_gmtime_adj(X509_get_notAfter(cert), spec->validity_seconds);
- + X509_gmtime_adj(X509_getm_notBefore(cert), -spec->validity_predate_seconds);
- + X509_gmtime_adj(X509_getm_notAfter(cert), spec->validity_seconds);
-
- /* Set public key */
- X509_set_pubkey(cert, spec->subject_pubkey);
- @@ -357,8 +358,8 @@ X509* openssl_create_certificate(const s
- return cert;
- }
-
- -static bool is_certificate_expired(X509 *cert) {
- - return X509_cmp_current_time(X509_get_notAfter(cert)) <= 0;
- +static bool is_certificate_expired(const X509 *cert) {
- + return X509_cmp_current_time(X509_get0_notAfter(cert)) <= 0;
- }
-
- X509* openssl_load_stored_certificate(const struct certificatespec_t *certspec, const char *filename, bool recreate_when_expired, bool recreate_when_key_mismatch) {
- --- a/openssl_tls.c
- +++ b/openssl_tls.c
- @@ -146,11 +146,6 @@ struct tls_connection_t openssl_tls_conn
- SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER, NULL);
- SSL_CTX_set_cert_verify_callback(sslctx, cert_verify_callback, &result);
- }
- - if (!SSL_CTX_set_ecdh_auto(sslctx, 1)) {
- - logmsgext(LLVL_ERROR, FLAG_OPENSSL_ERROR, "openssl_tls %s: SSL_CTX_set_ecdh_auto() failed.", request->is_server ? "server" : "client");
- - SSL_CTX_free(sslctx);
- - return result;
- - }
-
- if (request->config && request->config->cert) {
- if (SSL_CTX_use_certificate(sslctx, request->config->cert) != 1) {
|