You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

86 lines
2.8 KiB

  1. --- a/src/dane-openssl.c
  2. +++ b/src/dane-openssl.c
  3. @@ -1098,8 +1098,8 @@ if (dane->selectors[DANESSL_USAGE_DANE_T
  4. * Check that setting the untrusted chain updates the expected
  5. * structure member at the expected offset.
  6. */
  7. - X509_STORE_CTX_trusted_stack(ctx, dane->roots);
  8. - X509_STORE_CTX_set_chain(ctx, dane->chain);
  9. + X509_STORE_CTX_set0_trusted_stack(ctx, dane->roots);
  10. + X509_STORE_CTX_set0_untrusted(ctx, dane->chain);
  11. OPENSSL_assert(dane->chain == X509_STORE_CTX_get0_untrusted(ctx));
  12. }
  13. }
  14. --- a/src/pdkim/signing.c
  15. +++ b/src/pdkim/signing.c
  16. @@ -704,7 +704,6 @@ return NULL;
  17. void
  18. exim_dkim_init(void)
  19. {
  20. -ERR_load_crypto_strings();
  21. }
  22. --- a/src/tls-openssl.c
  23. +++ b/src/tls-openssl.c
  24. @@ -22,7 +22,10 @@ functions from the OpenSSL library. */
  25. #include <openssl/lhash.h>
  26. #include <openssl/ssl.h>
  27. #include <openssl/err.h>
  28. +#include <openssl/bn.h>
  29. +#include <openssl/dh.h>
  30. #include <openssl/rand.h>
  31. +#include <openssl/rsa.h>
  32. #ifndef OPENSSL_NO_ECDH
  33. # include <openssl/ec.h>
  34. #endif
  35. @@ -834,8 +837,9 @@ if (!EVP_PKEY_assign_RSA(pkey, rsa))
  36. X509_set_version(x509, 2); /* N+1 - version 3 */
  37. ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
  38. -X509_gmtime_adj(X509_get_notBefore(x509), 0);
  39. -X509_gmtime_adj(X509_get_notAfter(x509), (long)2 * 60 * 60); /* 2 hour */
  40. +X509_gmtime_adj(X509_getm_notBefore(x509), 0);
  41. +X509_gmtime_adj(X509_getm_notAfter(x509), (long)2 * 60 * 60); /* 2 hour */
  42. +
  43. X509_set_pubkey(x509, pkey);
  44. name = X509_get_subject_name(x509);
  45. @@ -4512,8 +4516,8 @@ fprintf(f, "Library version: OpenSSL: Co
  46. " Runtime: %s\n"
  47. " : %s\n",
  48. OPENSSL_VERSION_TEXT,
  49. - SSLeay_version(SSLEAY_VERSION),
  50. - SSLeay_version(SSLEAY_BUILT_ON));
  51. + OpenSSL_version(OPENSSL_VERSION),
  52. + OpenSSL_version(OPENSSL_BUILT_ON));
  53. /* third line is 38 characters for the %s and the line is 73 chars long;
  54. the OpenSSL output includes a "built on: " prefix already. */
  55. }
  56. @@ -4555,8 +4559,6 @@ if (pidnow != pidlast)
  57. is unique for each thread", this doesn't apparently apply across processes,
  58. so our own warning from vaguely_random_number_fallback() applies here too.
  59. Fix per PostgreSQL. */
  60. - if (pidlast != 0)
  61. - RAND_cleanup();
  62. pidlast = pidnow;
  63. }
  64. --- a/src/tlscert-openssl.c
  65. +++ b/src/tlscert-openssl.c
  66. @@ -217,13 +217,13 @@ return mod ? tls_field_from_dn(cp, mod)
  67. uschar *
  68. tls_cert_not_before(void * cert, uschar * mod)
  69. {
  70. -return asn1_time_copy(X509_get_notBefore((X509 *)cert), mod);
  71. +return asn1_time_copy(X509_getm_notBefore((X509 *)cert), mod);
  72. }
  73. uschar *
  74. tls_cert_not_after(void * cert, uschar * mod)
  75. {
  76. -return asn1_time_copy(X509_get_notAfter((X509 *)cert), mod);
  77. +return asn1_time_copy(X509_getm_notAfter((X509 *)cert), mod);
  78. }
  79. uschar *