rpms / keepalived

Clone
Source Code
GIT

Blame SOURCES/bz1688892-fix-openssl-init-genhash.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   6a7e4c72f66bf5b1b952627764c0aa7fe8e592ab
  2.   SOURCES
  3.   bz1688892-fix-openssl-init-genhash.patch
Blob History Raw
6a7e4c 
From 5e1a2130340ea4fabc4095b412c8b3836d112828 Mon Sep 17 00:00:00 2001
6a7e4c 
From: Quentin Armitage <quentin@armitage.org.uk>
6a7e4c 
Date: Wed, 13 Mar 2019 09:46:27 +0000
6a7e4c 
Subject: [PATCH 2/3] Fix genhash re OPENSSL_init_crypto bug and improve
6a7e4c 
 configure.ac
6a7e4c
6a7e4c 
Commit fe6d6ac (Fix OpenSSL init failure with OpenSSL v1.1.1) didn't
6a7e4c 
update the identical code in genhash/ssl.c. Also, an improvement for
6a7e4c 
the test in configure.ac was suggested.
6a7e4c
6a7e4c 
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
6a7e4c 
---
6a7e4c 
 configure.ac  | 12 +++++-------
6a7e4c 
 genhash/ssl.c |  6 ++++++
6a7e4c 
 2 files changed, 11 insertions(+), 7 deletions(-)
6a7e4c
6a7e4c 
diff --git a/configure.ac b/configure.ac
6a7e4c 
index 504b9b92..c964a11e 100644
6a7e4c 
--- a/configure.ac
6a7e4c 
+++ b/configure.ac
6a7e4c 
@@ -813,16 +813,14 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
6a7e4c 
 # SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a
6a7e4c 
 AC_CHECK_FUNCS([SSL_CTX_set_verify_depth])
6a7e4c
6a7e4c 
-# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0
6a7e4c 
-AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto])
6a7e4c 
-
6a7e4c 
-# TLS_method() introduced OpenSSL v1.1.0
6a7e4c 
-AC_CHECK_FUNCS([TLS_method])
6a7e4c 
+# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0
6a7e4c 
+AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto TLS_method])
6a7e4c
6a7e4c 
 # In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with
6a7e4c 
 # OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b.
6a7e4c 
-AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = .yes],
6a7e4c 
+AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes],
6a7e4c 
       [
6a7e4c 
+        AS_IF([test .$ac_cv_func_TLS_method = .yes], [method_func=TLS_method], [method_func=SSLv23_method])
6a7e4c 
 	AC_RUN_IFELSE(
6a7e4c 
 	  [AC_LANG_PROGRAM(
6a7e4c 
 	    [[#include <openssl/ssl.h>]],
6a7e4c 
@@ -834,7 +832,7 @@ AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method =
6a7e4c 
 		return 1;
6a7e4c
6a7e4c 
 	      /* Initialize SSL context */
6a7e4c 
-	      meth = TLS_method();
6a7e4c 
+	      meth = $method_func();
6a7e4c 
 	      if (!(ctx = SSL_CTX_new(meth)))
6a7e4c 
 		return 1;
6a7e4c 
 	      return 0;
6a7e4c 
diff --git a/genhash/ssl.c b/genhash/ssl.c
6a7e4c 
index 8e9162c8..96f51201 100644
6a7e4c 
--- a/genhash/ssl.c
6a7e4c 
+++ b/genhash/ssl.c
6a7e4c 
@@ -45,8 +45,14 @@ init_ssl(void)
6a7e4c 
 {
6a7e4c 
 	/* Library initialization */
6a7e4c 
 #if HAVE_OPENSSL_INIT_CRYPTO
6a7e4c 
+#ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG
6a7e4c 
+	/* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails.
6a7e4c 
+	 * It works in v1.1.0h and v1.1.1b.
6a7e4c 
+	 * It transpires that it works without setting NO_LOAD_CONFIG, but it is
6a7e4c 
+	 * presumably more efficient not to load it. */
6a7e4c 
 	if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL))
6a7e4c 
 		fprintf(stderr, "OPENSSL_init_crypto failed\n");
6a7e4c 
+#endif
6a7e4c 
 #else
6a7e4c 
 	SSL_library_init();
6a7e4c 
 	SSL_load_error_strings();
6a7e4c 
--
6a7e4c 
2.20.1
6a7e4c

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation