|
|
@ -0,0 +1,95 @@ |
|
|
|
From fa8f6fcd33e829cbe3ef3e4a92fa34cba3f20c91 Mon Sep 17 00:00:00 2001 |
|
|
|
From: Rosen Penev <rosenp@gmail.com> |
|
|
|
Date: Sun, 20 Sep 2020 20:18:18 -0700 |
|
|
|
Subject: [PATCH] openssl: fix compilation without deprecated APIs |
|
|
|
|
|
|
|
Added missing headers, removed initialization, and fixed APIs. |
|
|
|
|
|
|
|
Signed-off-by: Rosen Penev <rosenp@gmail.com> |
|
|
|
---
|
|
|
|
openssl.c | 8 ++------ |
|
|
|
openssl_certs.c | 9 +++++---- |
|
|
|
openssl_tls.c | 5 ----- |
|
|
|
3 files changed, 7 insertions(+), 15 deletions(-) |
|
|
|
|
|
|
|
diff --git a/openssl.c b/openssl.c
|
|
|
|
index ba097a5..76c817b 100644
|
|
|
|
--- a/openssl.c
|
|
|
|
+++ b/openssl.c
|
|
|
|
@@ -22,21 +22,17 @@
|
|
|
|
**/ |
|
|
|
|
|
|
|
#include <openssl/ssl.h> |
|
|
|
+#include <openssl/bn.h>
|
|
|
|
+#include <openssl/rsa.h>
|
|
|
|
#include <openssl/err.h> |
|
|
|
|
|
|
|
#include "openssl.h" |
|
|
|
#include "errstack.h" |
|
|
|
|
|
|
|
void openssl_init(void) { |
|
|
|
- SSL_load_error_strings();
|
|
|
|
- OpenSSL_add_ssl_algorithms();
|
|
|
|
} |
|
|
|
|
|
|
|
void openssl_deinit(void) { |
|
|
|
- EVP_cleanup();
|
|
|
|
- CRYPTO_cleanup_all_ex_data();
|
|
|
|
- SSL_COMP_free_compression_methods();
|
|
|
|
- ERR_free_strings();
|
|
|
|
} |
|
|
|
|
|
|
|
static void errstack_free_X509(struct errstack_element_t *element) { |
|
|
|
diff --git a/openssl_certs.c b/openssl_certs.c
|
|
|
|
index 021b573..a062a24 100644
|
|
|
|
--- a/openssl_certs.c
|
|
|
|
+++ b/openssl_certs.c
|
|
|
|
@@ -27,6 +27,7 @@
|
|
|
|
#include <openssl/ssl.h> |
|
|
|
#include <openssl/err.h> |
|
|
|
#include <openssl/bn.h> |
|
|
|
+#include <openssl/rsa.h>
|
|
|
|
#include <openssl/x509v3.h> |
|
|
|
|
|
|
|
#include "ipfwd.h" |
|
|
|
@@ -280,8 +281,8 @@ X509* openssl_create_certificate(const struct certificatespec_t *spec) {
|
|
|
|
BN_free(serial); |
|
|
|
|
|
|
|
/* Set lifetime */ |
|
|
|
- X509_gmtime_adj(X509_get_notBefore(cert), -spec->validity_predate_seconds);
|
|
|
|
- X509_gmtime_adj(X509_get_notAfter(cert), spec->validity_seconds);
|
|
|
|
+ X509_gmtime_adj(X509_getm_notBefore(cert), -spec->validity_predate_seconds);
|
|
|
|
+ X509_gmtime_adj(X509_getm_notAfter(cert), spec->validity_seconds);
|
|
|
|
|
|
|
|
/* Set public key */ |
|
|
|
X509_set_pubkey(cert, spec->subject_pubkey); |
|
|
|
@@ -357,8 +358,8 @@ X509* openssl_create_certificate(const struct certificatespec_t *spec) {
|
|
|
|
return cert; |
|
|
|
} |
|
|
|
|
|
|
|
-static bool is_certificate_expired(X509 *cert) {
|
|
|
|
- return X509_cmp_current_time(X509_get_notAfter(cert)) <= 0;
|
|
|
|
+static bool is_certificate_expired(const X509 *cert) {
|
|
|
|
+ return X509_cmp_current_time(X509_get0_notAfter(cert)) <= 0;
|
|
|
|
} |
|
|
|
|
|
|
|
X509* openssl_load_stored_certificate(const struct certificatespec_t *certspec, const char *filename, bool recreate_when_expired, bool recreate_when_key_mismatch) { |
|
|
|
diff --git a/openssl_tls.c b/openssl_tls.c
|
|
|
|
index 4ba19a3..96a12ec 100644
|
|
|
|
--- a/openssl_tls.c
|
|
|
|
+++ b/openssl_tls.c
|
|
|
|
@@ -146,11 +146,6 @@ struct tls_connection_t openssl_tls_connect(const struct tls_connection_request_
|
|
|
|
SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER, NULL); |
|
|
|
SSL_CTX_set_cert_verify_callback(sslctx, cert_verify_callback, &result); |
|
|
|
} |
|
|
|
- if (!SSL_CTX_set_ecdh_auto(sslctx, 1)) {
|
|
|
|
- logmsgext(LLVL_ERROR, FLAG_OPENSSL_ERROR, "openssl_tls %s: SSL_CTX_set_ecdh_auto() failed.", request->is_server ? "server" : "client");
|
|
|
|
- SSL_CTX_free(sslctx);
|
|
|
|
- return result;
|
|
|
|
- }
|
|
|
|
|
|
|
|
if (request->config && request->config->cert) { |
|
|
|
if (SSL_CTX_use_certificate(sslctx, request->config->cert) != 1) { |
|
|
|
--
|
|
|
|
2.20.1 |
|
|
|
|