|
 |
6f6344 |
From 5e1a2130340ea4fabc4095b412c8b3836d112828 Mon Sep 17 00:00:00 2001
|
|
|
6f6344 |
From: Quentin Armitage <quentin@armitage.org.uk>
|
|
|
6f6344 |
Date: Wed, 13 Mar 2019 09:46:27 +0000
|
|
|
6f6344 |
Subject: [PATCH 2/3] Fix genhash re OPENSSL_init_crypto bug and improve
|
|
|
6f6344 |
configure.ac
|
|
|
6f6344 |
|
|
|
6f6344 |
Commit fe6d6ac (Fix OpenSSL init failure with OpenSSL v1.1.1) didn't
|
|
|
6f6344 |
update the identical code in genhash/ssl.c. Also, an improvement for
|
|
|
6f6344 |
the test in configure.ac was suggested.
|
|
|
6f6344 |
|
|
|
6f6344 |
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
|
|
|
6f6344 |
---
|
|
|
6f6344 |
configure.ac | 12 +++++-------
|
|
|
6f6344 |
genhash/ssl.c | 6 ++++++
|
|
|
6f6344 |
2 files changed, 11 insertions(+), 7 deletions(-)
|
|
|
6f6344 |
|
|
|
6f6344 |
diff --git a/configure.ac b/configure.ac
|
|
|
6f6344 |
index 504b9b92..c964a11e 100644
|
|
|
6f6344 |
--- a/configure.ac
|
|
|
6f6344 |
+++ b/configure.ac
|
|
|
6f6344 |
@@ -813,16 +813,14 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
|
|
|
6f6344 |
# SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a
|
|
|
6f6344 |
AC_CHECK_FUNCS([SSL_CTX_set_verify_depth])
|
|
|
6f6344 |
|
|
|
6f6344 |
-# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0
|
|
|
6f6344 |
-AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto])
|
|
|
6f6344 |
-
|
|
|
6f6344 |
-# TLS_method() introduced OpenSSL v1.1.0
|
|
|
6f6344 |
-AC_CHECK_FUNCS([TLS_method])
|
|
|
6f6344 |
+# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0
|
|
|
6f6344 |
+AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto TLS_method])
|
|
|
6f6344 |
|
|
|
6f6344 |
# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with
|
|
|
6f6344 |
# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b.
|
|
|
6f6344 |
-AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = .yes],
|
|
|
6f6344 |
+AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes],
|
|
|
6f6344 |
[
|
|
|
6f6344 |
+ AS_IF([test .$ac_cv_func_TLS_method = .yes], [method_func=TLS_method], [method_func=SSLv23_method])
|
|
|
6f6344 |
AC_RUN_IFELSE(
|
|
|
6f6344 |
[AC_LANG_PROGRAM(
|
|
|
6f6344 |
[[#include <openssl/ssl.h>]],
|
|
|
6f6344 |
@@ -834,7 +832,7 @@ AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method =
|
|
|
6f6344 |
return 1;
|
|
|
6f6344 |
|
|
|
6f6344 |
/* Initialize SSL context */
|
|
|
6f6344 |
- meth = TLS_method();
|
|
|
6f6344 |
+ meth = $method_func();
|
|
|
6f6344 |
if (!(ctx = SSL_CTX_new(meth)))
|
|
|
6f6344 |
return 1;
|
|
|
6f6344 |
return 0;
|
|
|
6f6344 |
diff --git a/genhash/ssl.c b/genhash/ssl.c
|
|
|
6f6344 |
index 8e9162c8..96f51201 100644
|
|
|
6f6344 |
--- a/genhash/ssl.c
|
|
|
6f6344 |
+++ b/genhash/ssl.c
|
|
|
6f6344 |
@@ -45,8 +45,14 @@ init_ssl(void)
|
|
|
6f6344 |
{
|
|
|
6f6344 |
/* Library initialization */
|
|
|
6f6344 |
#if HAVE_OPENSSL_INIT_CRYPTO
|
|
|
6f6344 |
+#ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG
|
|
|
6f6344 |
+ /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails.
|
|
|
6f6344 |
+ * It works in v1.1.0h and v1.1.1b.
|
|
|
6f6344 |
+ * It transpires that it works without setting NO_LOAD_CONFIG, but it is
|
|
|
6f6344 |
+ * presumably more efficient not to load it. */
|
|
|
6f6344 |
if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL))
|
|
|
6f6344 |
fprintf(stderr, "OPENSSL_init_crypto failed\n");
|
|
|
6f6344 |
+#endif
|
|
|
6f6344 |
#else
|
|
|
6f6344 |
SSL_library_init();
|
|
|
6f6344 |
SSL_load_error_strings();
|
|
|
6f6344 |
--
|
|
|
6f6344 |
2.20.1
|
|
|
6f6344 |
|