--- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -39,6 +39,7 @@ #include #include +#include #include #include #include @@ -60,6 +61,17 @@ #include #endif +#ifndef OPENSSL_VERSION +#define OPENSSL_VERSION SSLEAY_VERSION +#define OpenSSL_version(x) SSLeay_version(x) +#define OpenSSL_version_num SSLeay +#endif + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define X509_getm_notBefore X509_get_notBefore +#define X509_getm_notAfter X509_get_notAfter +#endif + #include #include @@ -217,7 +229,7 @@ static struct { .capture_cipherlist = 0, }; -#ifdef USE_THREAD +#if defined(USE_THREAD) && (OPENSSL_VERSION_NUMBER < 0x10100000L) static HA_RWLOCK_T *ssl_rwlocks; @@ -1711,8 +1723,8 @@ ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL ASN1_INTEGER_set(X509_get_serialNumber(newcrt), HA_ATOMIC_ADD(&ssl_ctx_serial, 1)); /* Set duration for the certificate */ - if (!X509_gmtime_adj(X509_get_notBefore(newcrt), (long)-60*60*24) || - !X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365)) + if (!X509_gmtime_adj(X509_getm_notBefore(newcrt), (long)-60*60*24) || + !X509_gmtime_adj(X509_getm_notAfter(newcrt),(long)60*60*24*365)) goto mkcert_error; /* set public key in the certificate */ @@ -6285,7 +6297,7 @@ smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char goto out; smp_trash = get_trash_chunk(); - if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0) + if (ssl_sock_get_time(X509_getm_notAfter(crt), smp_trash) <= 0) goto out; smp->data.u.str = *smp_trash; @@ -6385,7 +6397,7 @@ smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char goto out; smp_trash = get_trash_chunk(); - if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0) + if (ssl_sock_get_time(X509_getm_notBefore(crt), smp_trash) <= 0) goto out; smp->data.u.str = *smp_trash; @@ -8935,10 +8947,12 @@ static void __ssl_sock_init(void) #endif xprt_register(XPRT_SSL, &ssl_sock); +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_library_init(); +#endif cm = SSL_COMP_get_compression_methods(); sk_SSL_COMP_zero(cm); -#ifdef USE_THREAD +#if defined(USE_THREAD) && (OPENSSL_VERSION_NUMBER < 0x10100000L) ssl_locking_init(); #endif #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL && !defined LIBRESSL_VERSION_NUMBER) @@ -8967,8 +8981,8 @@ static void __ssl_sock_init(void) #else /* OPENSSL_IS_BORINGSSL */ OPENSSL_VERSION_TEXT "\nRunning on OpenSSL version : %s%s", - SSLeay_version(SSLEAY_VERSION), - ((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? " (VERSIONS DIFFER!)" : ""); + OpenSSL_version(OPENSSL_VERSION), + ((OPENSSL_VERSION_NUMBER ^ OpenSSL_version_num()) >> 8) ? " (VERSIONS DIFFER!)" : ""); #endif memprintf(&ptr, "%s\nOpenSSL library supports TLS extensions : " #if OPENSSL_VERSION_NUMBER < 0x00907000L @@ -9059,12 +9073,14 @@ static void __ssl_sock_deinit(void) } #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L ERR_remove_state(0); ERR_free_strings(); EVP_cleanup(); +#endif -#if OPENSSL_VERSION_NUMBER >= 0x00907000L +#if OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L CRYPTO_cleanup_all_ex_data(); #endif }