|
|
- --- a/src/dane-openssl.c
- +++ b/src/dane-openssl.c
- @@ -1098,8 +1098,8 @@ if (dane->selectors[DANESSL_USAGE_DANE_T
- * Check that setting the untrusted chain updates the expected
- * structure member at the expected offset.
- */
- - X509_STORE_CTX_trusted_stack(ctx, dane->roots);
- - X509_STORE_CTX_set_chain(ctx, dane->chain);
- + X509_STORE_CTX_set0_trusted_stack(ctx, dane->roots);
- + X509_STORE_CTX_set0_untrusted(ctx, dane->chain);
- OPENSSL_assert(dane->chain == X509_STORE_CTX_get0_untrusted(ctx));
- }
- }
- --- a/src/pdkim/signing.c
- +++ b/src/pdkim/signing.c
- @@ -699,7 +699,6 @@ return NULL;
- void
- exim_dkim_init(void)
- {
- -ERR_load_crypto_strings();
- }
-
-
- --- a/src/tls-openssl.c
- +++ b/src/tls-openssl.c
- @@ -22,7 +22,10 @@ functions from the OpenSSL library. */
- #include <openssl/lhash.h>
- #include <openssl/ssl.h>
- #include <openssl/err.h>
- +#include <openssl/bn.h>
- +#include <openssl/dh.h>
- #include <openssl/rand.h>
- +#include <openssl/rsa.h>
- #ifndef OPENSSL_NO_ECDH
- # include <openssl/ec.h>
- #endif
- @@ -1462,8 +1465,8 @@ if (!EVP_PKEY_assign_RSA(pkey, rsa))
-
- X509_set_version(x509, 2); /* N+1 - version 3 */
- ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
- -X509_gmtime_adj(X509_get_notBefore(x509), 0);
- -X509_gmtime_adj(X509_get_notAfter(x509), (long)60 * 60); /* 1 hour */
- +X509_gmtime_adj(X509_getm_notBefore(x509), 0);
- +X509_gmtime_adj(X509_getm_notAfter(x509), (long)60 * 60); /* 1 hour */
- X509_set_pubkey(x509, pkey);
-
- name = X509_get_subject_name(x509);
- @@ -3900,8 +3903,8 @@ fprintf(f, "Library version: OpenSSL: Co
- " Runtime: %s\n"
- " : %s\n",
- OPENSSL_VERSION_TEXT,
- - SSLeay_version(SSLEAY_VERSION),
- - SSLeay_version(SSLEAY_BUILT_ON));
- + OpenSSL_version(OPENSSL_VERSION),
- + OpenSSL_version(OPENSSL_BUILT_ON));
- /* third line is 38 characters for the %s and the line is 73 chars long;
- the OpenSSL output includes a "built on: " prefix already. */
- }
- @@ -3943,8 +3946,6 @@ if (pidnow != pidlast)
- is unique for each thread", this doesn't apparently apply across processes,
- so our own warning from vaguely_random_number_fallback() applies here too.
- Fix per PostgreSQL. */
- - if (pidlast != 0)
- - RAND_cleanup();
- pidlast = pidnow;
- }
-
- --- a/src/tlscert-openssl.c
- +++ b/src/tlscert-openssl.c
- @@ -217,13 +217,13 @@ return mod ? tls_field_from_dn(cp, mod)
- uschar *
- tls_cert_not_before(void * cert, uschar * mod)
- {
- -return asn1_time_copy(X509_get_notBefore((X509 *)cert), mod);
- +return asn1_time_copy(X509_getm_notBefore((X509 *)cert), mod);
- }
-
- uschar *
- tls_cert_not_after(void * cert, uschar * mod)
- {
- -return asn1_time_copy(X509_get_notAfter((X509 *)cert), mod);
- +return asn1_time_copy(X509_getm_notAfter((X509 *)cert), mod);
- }
-
- uschar *
|