|
@ -0,0 +1,160 @@ |
|
|
|
|
|
--- a/src/session.c
|
|
|
|
|
|
+++ b/src/session.c
|
|
|
|
|
|
@@ -1372,11 +1372,11 @@ tls_thread_id_func(CRYPTO_THREADID *tid)
|
|
|
|
|
|
static void |
|
|
|
|
|
nc_tls_init(void) |
|
|
|
|
|
{ |
|
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
|
|
|
|
|
|
SSL_load_error_strings(); |
|
|
|
|
|
ERR_load_BIO_strings(); |
|
|
|
|
|
SSL_library_init(); |
|
|
|
|
|
|
|
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
|
|
|
|
|
|
int i; |
|
|
|
|
|
|
|
|
|
|
|
tls_locks = malloc(CRYPTO_num_locks() * sizeof *tls_locks); |
|
|
|
|
|
@@ -1400,6 +1400,7 @@ nc_tls_init(void)
|
|
|
|
|
|
static void |
|
|
|
|
|
nc_tls_destroy(void) |
|
|
|
|
|
{ |
|
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
|
|
|
|
|
|
FIPS_mode_set(0); |
|
|
|
|
|
CRYPTO_cleanup_all_ex_data(); |
|
|
|
|
|
nc_thread_destroy(); |
|
|
|
|
|
@@ -1411,7 +1412,6 @@ nc_tls_destroy(void)
|
|
|
|
|
|
SSL_COMP_free_compression_methods(); |
|
|
|
|
|
#endif |
|
|
|
|
|
|
|
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
|
|
|
|
|
|
int i; |
|
|
|
|
|
|
|
|
|
|
|
CRYPTO_THREADID_set_callback(NULL); |
|
|
|
|
|
@@ -1434,13 +1434,13 @@ nc_tls_destroy(void)
|
|
|
|
|
|
static void |
|
|
|
|
|
nc_ssh_tls_init(void) |
|
|
|
|
|
{ |
|
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
|
|
|
|
|
|
SSL_load_error_strings(); |
|
|
|
|
|
ERR_load_BIO_strings(); |
|
|
|
|
|
SSL_library_init(); |
|
|
|
|
|
|
|
|
|
|
|
nc_ssh_init(); |
|
|
|
|
|
|
|
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
|
|
|
|
|
|
CRYPTO_set_dynlock_create_callback(tls_dyn_create_func); |
|
|
|
|
|
CRYPTO_set_dynlock_lock_callback(tls_dyn_lock_func); |
|
|
|
|
|
CRYPTO_set_dynlock_destroy_callback(tls_dyn_destroy_func); |
|
|
|
|
|
@@ -1450,6 +1450,7 @@ nc_ssh_tls_init(void)
|
|
|
|
|
|
static void |
|
|
|
|
|
nc_ssh_tls_destroy(void) |
|
|
|
|
|
{ |
|
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
|
|
|
|
|
|
ERR_free_strings(); |
|
|
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10002000L // < 1.0.2 |
|
|
|
|
|
sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); |
|
|
|
|
|
@@ -1459,7 +1460,6 @@ nc_ssh_tls_destroy(void)
|
|
|
|
|
|
|
|
|
|
|
|
nc_ssh_destroy(); |
|
|
|
|
|
|
|
|
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
|
|
|
|
|
|
CRYPTO_set_dynlock_create_callback(NULL); |
|
|
|
|
|
CRYPTO_set_dynlock_lock_callback(NULL); |
|
|
|
|
|
CRYPTO_set_dynlock_destroy_callback(NULL); |
|
|
|
|
|
--- a/src/session_client_tls.c
|
|
|
|
|
|
+++ b/src/session_client_tls.c
|
|
|
|
|
|
@@ -29,6 +29,10 @@
|
|
|
|
|
|
#include "session_client_ch.h" |
|
|
|
|
|
#include "libnetconf.h" |
|
|
|
|
|
|
|
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
|
|
|
|
+#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject
|
|
|
|
|
|
+#endif
|
|
|
|
|
|
+
|
|
|
|
|
|
struct nc_client_context *nc_client_context_location(void); |
|
|
|
|
|
int nc_session_new_ctx( struct nc_session *session, struct ly_ctx *ctx); |
|
|
|
|
|
|
|
|
|
|
|
@@ -74,7 +78,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
|
|
|
|
|
store_ctx = X509_STORE_CTX_new(); |
|
|
|
|
|
obj = X509_OBJECT_new(); |
|
|
|
|
|
X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL); |
|
|
|
|
|
- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
|
|
|
|
|
|
+ rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
|
|
|
|
|
|
X509_STORE_CTX_free(store_ctx); |
|
|
|
|
|
crl = X509_OBJECT_get0_X509_CRL(obj); |
|
|
|
|
|
if (rc > 0 && crl) { |
|
|
|
|
|
@@ -113,7 +117,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
|
|
|
|
|
store_ctx = X509_STORE_CTX_new(); |
|
|
|
|
|
obj = X509_OBJECT_new(); |
|
|
|
|
|
X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL); |
|
|
|
|
|
- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
|
|
|
|
|
|
+ rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
|
|
|
|
|
|
X509_STORE_CTX_free(store_ctx); |
|
|
|
|
|
crl = X509_OBJECT_get0_X509_CRL(obj); |
|
|
|
|
|
if (rc > 0 && crl) { |
|
|
|
|
|
@@ -169,7 +173,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
|
|
|
|
|
* the current certificate in order to verify it's integrity */ |
|
|
|
|
|
memset((char *)&obj, 0, sizeof obj); |
|
|
|
|
|
X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL); |
|
|
|
|
|
- rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
|
|
|
|
|
|
+ rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
|
|
|
|
|
|
X509_STORE_CTX_cleanup(&store_ctx); |
|
|
|
|
|
crl = obj.data.crl; |
|
|
|
|
|
if (rc > 0 && crl) { |
|
|
|
|
|
@@ -207,7 +211,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
|
|
|
|
|
* the current certificate in order to check for revocation */ |
|
|
|
|
|
memset((char *)&obj, 0, sizeof obj); |
|
|
|
|
|
X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL); |
|
|
|
|
|
- rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
|
|
|
|
|
|
+ rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
|
|
|
|
|
|
X509_STORE_CTX_cleanup(&store_ctx); |
|
|
|
|
|
crl = obj.data.crl; |
|
|
|
|
|
if (rc > 0 && crl) { |
|
|
|
|
|
--- a/src/session_server_tls.c
|
|
|
|
|
|
+++ b/src/session_server_tls.c
|
|
|
|
|
|
@@ -28,6 +28,10 @@
|
|
|
|
|
|
#include "session_server_ch.h" |
|
|
|
|
|
#include "libnetconf.h" |
|
|
|
|
|
|
|
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
|
|
|
|
+#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject
|
|
|
|
|
|
+#endif
|
|
|
|
|
|
+
|
|
|
|
|
|
struct nc_server_tls_opts tls_ch_opts; |
|
|
|
|
|
pthread_mutex_t tls_ch_opts_lock = PTHREAD_MUTEX_INITIALIZER; |
|
|
|
|
|
extern struct nc_server_opts server_opts; |
|
|
|
|
|
@@ -563,7 +567,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
|
|
|
|
|
store_ctx = X509_STORE_CTX_new(); |
|
|
|
|
|
obj = X509_OBJECT_new(); |
|
|
|
|
|
X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL); |
|
|
|
|
|
- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
|
|
|
|
|
|
+ rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
|
|
|
|
|
|
X509_STORE_CTX_free(store_ctx); |
|
|
|
|
|
crl = X509_OBJECT_get0_X509_CRL(obj); |
|
|
|
|
|
if (rc > 0 && crl) { |
|
|
|
|
|
@@ -616,7 +620,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
|
|
|
|
|
store_ctx = X509_STORE_CTX_new(); |
|
|
|
|
|
obj = X509_OBJECT_new(); |
|
|
|
|
|
X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL); |
|
|
|
|
|
- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
|
|
|
|
|
|
+ rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
|
|
|
|
|
|
X509_STORE_CTX_free(store_ctx); |
|
|
|
|
|
crl = X509_OBJECT_get0_X509_CRL(obj); |
|
|
|
|
|
if (rc > 0 && crl) { |
|
|
|
|
|
@@ -776,7 +780,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
|
|
|
|
|
* the current certificate in order to verify it's integrity */ |
|
|
|
|
|
memset((char *)&obj, 0, sizeof(obj)); |
|
|
|
|
|
X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL); |
|
|
|
|
|
- rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
|
|
|
|
|
|
+ rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
|
|
|
|
|
|
X509_STORE_CTX_cleanup(&store_ctx); |
|
|
|
|
|
crl = obj.data.crl; |
|
|
|
|
|
if (rc > 0 && crl) { |
|
|
|
|
|
@@ -828,7 +832,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
|
|
|
|
|
* the current certificate in order to check for revocation */ |
|
|
|
|
|
memset((char *)&obj, 0, sizeof(obj)); |
|
|
|
|
|
X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL); |
|
|
|
|
|
- rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
|
|
|
|
|
|
+ rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
|
|
|
|
|
|
X509_STORE_CTX_cleanup(&store_ctx); |
|
|
|
|
|
crl = obj.data.crl; |
|
|
|
|
|
if (rc > 0 && crl) { |