From 5e1a2130340ea4fabc4095b412c8b3836d112828 Mon Sep 17 00:00:00 2001 From: Quentin Armitage Date: Wed, 13 Mar 2019 09:46:27 +0000 Subject: [PATCH 2/3] Fix genhash re OPENSSL_init_crypto bug and improve configure.ac Commit fe6d6ac (Fix OpenSSL init failure with OpenSSL v1.1.1) didn't update the identical code in genhash/ssl.c. Also, an improvement for the test in configure.ac was suggested. Signed-off-by: Quentin Armitage --- configure.ac | 12 +++++------- genhash/ssl.c | 6 ++++++ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 504b9b92..c964a11e 100644 --- a/configure.ac +++ b/configure.ac @@ -813,16 +813,14 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[ # SSL_CTX_set_verify_depth() introduced OpenSSL v0.9.5a AC_CHECK_FUNCS([SSL_CTX_set_verify_depth]) -# SSL_set0_rbio(), SSL_set0_wbio() and OPENSSL_init_crypto() introduced OpenSSL v1.1.0 -AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto]) - -# TLS_method() introduced OpenSSL v1.1.0 -AC_CHECK_FUNCS([TLS_method]) +# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0 +AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto TLS_method]) # In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with # OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b. -AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = .yes], +AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes], [ + AS_IF([test .$ac_cv_func_TLS_method = .yes], [method_func=TLS_method], [method_func=SSLv23_method]) AC_RUN_IFELSE( [AC_LANG_PROGRAM( [[#include ]], @@ -834,7 +832,7 @@ AS_IF([test .$ac_cv_func_OPENSSL_init_crypto = .yes -a .$ac_cv_func_TLS_method = return 1; /* Initialize SSL context */ - meth = TLS_method(); + meth = $method_func(); if (!(ctx = SSL_CTX_new(meth))) return 1; return 0; diff --git a/genhash/ssl.c b/genhash/ssl.c index 8e9162c8..96f51201 100644 --- a/genhash/ssl.c +++ b/genhash/ssl.c @@ -45,8 +45,14 @@ init_ssl(void) { /* Library initialization */ #if HAVE_OPENSSL_INIT_CRYPTO +#ifndef HAVE_OPENSSL_INIT_NO_LOAD_CONFIG_BUG + /* In OpenSSL v1.1.1 if the following is called, SSL_CTX_new() below fails. + * It works in v1.1.0h and v1.1.1b. + * It transpires that it works without setting NO_LOAD_CONFIG, but it is + * presumably more efficient not to load it. */ if (!OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)) fprintf(stderr, "OPENSSL_init_crypto failed\n"); +#endif #else SSL_library_init(); SSL_load_error_strings(); -- 2.20.1