1 files changed, 100 insertions, 0 deletions

diff --git a/community/xchat/xchat-2.8.8-openssl-1.1.0.patch b/community/xchat/xchat-2.8.8-openssl-1.1.0.patch
new file mode 100644
index 0000000000..4223b1f299
--- /dev/null
+++ b/community/xchat/xchat-2.8.8-openssl-1.1.0.patch
@@ -0,0 +1,100 @@
+diff --git a/src/common/server.c b/src/common/server.c
+index 87f9f02..96f30ab 100644
+--- a/src/common/server.c
++++ b/src/common/server.c
+@@ -593,14 +593,16 @@ ssl_cb_info (SSL * s, int where, int ret)
+ static int
+ ssl_cb_verify (int ok, X509_STORE_CTX * ctx)
+ {
++	X509 *current_cert;
+ 	char subject[256];
+ 	char issuer[256];
+ 	char buf[512];
+ 
+ 
+-	X509_NAME_oneline (X509_get_subject_name (ctx->current_cert), subject,
++	current_cert = X509_STORE_CTX_get_current_cert (ctx);
++	X509_NAME_oneline (X509_get_subject_name (current_cert), subject,
+ 							 sizeof (subject));
+-	X509_NAME_oneline (X509_get_issuer_name (ctx->current_cert), issuer,
++	X509_NAME_oneline (X509_get_issuer_name (current_cert), issuer,
+ 							 sizeof (issuer));
+ 
+ 	snprintf (buf, sizeof (buf), "* Subject: %s", subject);
+@@ -751,7 +753,12 @@ ssl_do_connect (server * serv)
+ 		return (0);					  /* remove it (0) */
+ 	} else
+ 	{
+-		if (serv->ssl->session && serv->ssl->session->time + SSLTMOUT < time (NULL))
++		SSL_SESSION *session;
++		long session_time;
++
++		session = SSL_get_session (serv->ssl);
++		session_time = SSL_SESSION_get_time (session);
++		if (session && session_time + SSLTMOUT < time (NULL))
+ 		{
+ 			snprintf (buf, sizeof (buf), "SSL handshake timed out");
+ 			EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, buf, NULL,
+diff --git a/src/common/ssl.c b/src/common/ssl.c
+index a18ad47..348dbb4 100644
+--- a/src/common/ssl.c
++++ b/src/common/ssl.c
+@@ -70,7 +70,7 @@ _SSL_context_init (void (*info_cb_func), int server)
+ 
+ 	SSLeay_add_ssl_algorithms ();
+ 	SSL_load_error_strings ();
+-	ctx = SSL_CTX_new (server ? SSLv3_server_method() : SSLv3_client_method ());
++	ctx = SSL_CTX_new (server ? TLS_server_method() : TLS_client_method ());
+ 
+ 	SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_BOTH);
+ 	SSL_CTX_set_timeout (ctx, 300);
+@@ -136,6 +136,8 @@ int
+ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
+ {
+ 	X509 *peer_cert;
++	X509_PUBKEY *peer_pub_key;
++	ASN1_OBJECT *algorithm;
+ 	EVP_PKEY *peer_pkey;
+ 	/* EVP_PKEY *ca_pkey; */
+ 	/* EVP_PKEY *tmp_pkey; */
+@@ -155,8 +157,10 @@ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
+ 	broke_oneline (cert_info->subject, cert_info->subject_word);
+ 	broke_oneline (cert_info->issuer, cert_info->issuer_word);
+ 
+-	alg = OBJ_obj2nid (peer_cert->cert_info->key->algor->algorithm);
+-	sign_alg = OBJ_obj2nid (peer_cert->sig_alg->algorithm);
++	peer_pub_key = X509_get_X509_PUBKEY (peer_cert);
++	X509_PUBKEY_get0_param (&algorithm, NULL, NULL, NULL, peer_pub_key);
++	alg = OBJ_obj2nid (algorithm);
++	sign_alg = X509_get_signature_type (peer_cert);
+ 	ASN1_TIME_snprintf (notBefore, sizeof (notBefore),
+ 							  X509_get_notBefore (peer_cert));
+ 	ASN1_TIME_snprintf (notAfter, sizeof (notAfter),
+@@ -199,7 +203,7 @@ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
+ struct chiper_info *
+ _SSL_get_cipher_info (SSL * ssl)
+ {
+-	SSL_CIPHER *c;
++	const SSL_CIPHER *c;
+ 
+ 
+ 	c = SSL_get_current_cipher (ssl);
+@@ -274,6 +278,7 @@ SSL *
+ _SSL_socket (SSL_CTX *ctx, int sd)
+ {
+ 	SSL *ssl;
++	SSL_METHOD *method;
+ 
+ 
+ 	if (!(ssl = SSL_new (ctx)))
+@@ -281,7 +286,9 @@ _SSL_socket (SSL_CTX *ctx, int sd)
+ 		__SSL_critical_error ("SSL_new");
+ 
+ 	SSL_set_fd (ssl, sd);
+-	if (ctx->method == SSLv3_client_method())
++
++	method = SSL_CTX_get_ssl_method (ctx);
++	if (method == SSLv23_client_method())
+ 		SSL_set_connect_state (ssl);
+ 	else
+ 	        SSL_set_accept_state(ssl);