Blame SOURCES/openssl3-compatibility.patch

f4f2f7
diff -up ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig ./qpid-proton-0.34.0/c/src/ssl/openssl.c
f4f2f7
--- ./qpid-proton-0.34.0/c/src/ssl/openssl.c.orig	2021-06-01 09:29:27.976842727 +0200
f4f2f7
+++ ./qpid-proton-0.34.0/c/src/ssl/openssl.c	2021-06-01 09:31:05.232015887 +0200
f4f2f7
@@ -353,65 +353,6 @@ static int verify_callback(int preverify
f4f2f7
   return preverify_ok;
f4f2f7
 }
f4f2f7
 
f4f2f7
-// This was introduced in v1.1
f4f2f7
-#if OPENSSL_VERSION_NUMBER < 0x10100000
f4f2f7
-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
f4f2f7
-{
f4f2f7
-  dh->p = p;
f4f2f7
-  dh->q = q;
f4f2f7
-  dh->g = g;
f4f2f7
-  return 1;
f4f2f7
-}
f4f2f7
-#endif
f4f2f7
-
f4f2f7
-// this code was generated using the command:
f4f2f7
-// "openssl dhparam -C -2 2048"
f4f2f7
-static DH *get_dh2048(void)
f4f2f7
-{
f4f2f7
-  static const unsigned char dhp_2048[]={
f4f2f7
-    0xAE,0xF7,0xE9,0x66,0x26,0x7A,0xAC,0x0A,0x6F,0x1E,0xCD,0x81,
f4f2f7
-    0xBD,0x0A,0x10,0x7E,0xFA,0x2C,0xF5,0x2D,0x98,0xD4,0xE7,0xD9,
f4f2f7
-    0xE4,0x04,0x8B,0x06,0x85,0xF2,0x0B,0xA3,0x90,0x15,0x56,0x0C,
f4f2f7
-    0x8B,0xBE,0xF8,0x48,0xBB,0x29,0x63,0x75,0x12,0x48,0x9D,0x7E,
f4f2f7
-    0x7C,0x24,0xB4,0x3A,0x38,0x7E,0x97,0x3C,0x77,0x95,0xB0,0xA2,
f4f2f7
-    0x72,0xB6,0xE9,0xD8,0xB8,0xFA,0x09,0x1B,0xDC,0xB3,0x80,0x6E,
f4f2f7
-    0x32,0x0A,0xDA,0xBB,0xE8,0x43,0x88,0x5B,0xAB,0xC3,0xB2,0x44,
f4f2f7
-    0xE1,0x95,0x85,0x0A,0x0D,0x13,0xE2,0x02,0x1E,0x96,0x44,0xCF,
f4f2f7
-    0xA0,0xD8,0x46,0x32,0x68,0x63,0x7F,0x68,0xB3,0x37,0x52,0xCE,
f4f2f7
-    0x3A,0x4E,0x48,0x08,0x7F,0xD5,0x53,0x00,0x59,0xA8,0x2C,0xCB,
f4f2f7
-    0x51,0x64,0x3D,0x5F,0xEF,0x0E,0x5F,0xE6,0xAF,0xD9,0x1E,0xA2,
f4f2f7
-    0x35,0x64,0x37,0xD7,0x4C,0xC9,0x24,0xFD,0x2F,0x75,0xBB,0x3A,
f4f2f7
-    0x15,0x82,0x76,0x4D,0xC2,0x8B,0x1E,0xB9,0x4B,0xA1,0x33,0xCF,
f4f2f7
-    0xAA,0x3B,0x7C,0xC2,0x50,0x60,0x6F,0x45,0x69,0xD3,0x6B,0x88,
f4f2f7
-    0x34,0x9B,0xE4,0xF8,0xC6,0xC7,0x5F,0x10,0xA1,0xBA,0x01,0x8C,
f4f2f7
-    0xDA,0xD1,0xA3,0x59,0x9C,0x97,0xEA,0xC3,0xF6,0x02,0x55,0x5C,
f4f2f7
-    0x92,0x1A,0x39,0x67,0x17,0xE2,0x9B,0x27,0x8D,0xE8,0x5C,0xE9,
f4f2f7
-    0xA5,0x94,0xBB,0x7E,0x16,0x6F,0x53,0x5A,0x6D,0xD8,0x03,0xC2,
f4f2f7
-    0xAC,0x7A,0xCD,0x22,0x98,0x8E,0x33,0x2A,0xDE,0xAB,0x12,0xC0,
f4f2f7
-    0x0B,0x7C,0x0C,0x20,0x70,0xD9,0x0B,0xAE,0x0B,0x2F,0x20,0x9B,
f4f2f7
-    0xA4,0xED,0xFD,0x49,0x0B,0xE3,0x4A,0xF6,0x28,0xB3,0x98,0xB0,
f4f2f7
-    0x23,0x1C,0x09,0x33,
f4f2f7
-  };
f4f2f7
-  static const unsigned char dhg_2048[]={
f4f2f7
-    0x02,
f4f2f7
-  };
f4f2f7
-  DH *dh = DH_new();
f4f2f7
-  BIGNUM *dhp_bn, *dhg_bn;
f4f2f7
-
f4f2f7
-  if (dh == NULL)
f4f2f7
-    return NULL;
f4f2f7
-  dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
f4f2f7
-  dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
f4f2f7
-  if (dhp_bn == NULL || dhg_bn == NULL
f4f2f7
-      || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
f4f2f7
-    DH_free(dh);
f4f2f7
-    BN_free(dhp_bn);
f4f2f7
-    BN_free(dhg_bn);
f4f2f7
-    return NULL;
f4f2f7
-  }
f4f2f7
-  return dh;
f4f2f7
-}
f4f2f7
-
f4f2f7
 typedef struct {
f4f2f7
   char *id;
f4f2f7
   SSL_SESSION *session;
f4f2f7
@@ -542,13 +483,6 @@ static bool pni_init_ssl_domain( pn_ssl_
f4f2f7
   domain->default_seclevel = SSL_CTX_get_security_level(domain->ctx);
f4f2f7
 # endif
f4f2f7
 
f4f2f7
-  DH *dh = get_dh2048();
f4f2f7
-  if (dh) {
f4f2f7
-    SSL_CTX_set_tmp_dh(domain->ctx, dh);
f4f2f7
-    DH_free(dh);
f4f2f7
-    SSL_CTX_set_options(domain->ctx, SSL_OP_SINGLE_DH_USE);
f4f2f7
-  }
f4f2f7
-
f4f2f7
   return true;
f4f2f7
 }
f4f2f7