1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
OPENSSL deprecated several cleanup functions since
[quote]
... the OpenSSL libraries now normally do all thread initialisation and
deinitialisation automatically (see OPENSSL_init_crypto).
[end of quote]
To hint the appropriate API version exposed by openssl, the opensslconf.h
suggests:
[quote]
/*
* Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
* declarations of functions deprecated in or before <version>. Otherwise, they
* still won't see them if the library has been built to disable deprecated
* functions.
*/
[end of quote]
Due to -Werror the deprecation warnings lead to compilation errors so
let's just specify that we want OpenSSL API version >= 1.1.x in the
Makefile (and retain the old, pre OpenSSL-1.0, code for now).
All tests in Crypt-OpenSSL-VerifyX509-0.10 pass for me.
--- Crypt-OpenSSL-VerifyX509-0.10.orig/Makefile.PL 2017-05-10 20:08:03.338777954 +0200
+++ Crypt-OpenSSL-VerifyX509-0.10/Makefile.PL 2017-05-10 19:30:13.250719288 +0200
@@ -54,7 +54,7 @@ if (-d "/usr/include/openssl") {
}
cc_lib_links('crypto');
-cc_optimize_flags('-O3 -Wall -Werror');
+cc_optimize_flags('-O3 -Wall -Werror -DOPENSSL_API_COMPAT=0x10100000L');
requires 'Crypt::OpenSSL::X509';
--- Crypt-OpenSSL-VerifyX509-0.10.orig/VerifyX509.xs 2017-05-10 15:45:17.838331883 +0200
+++ Crypt-OpenSSL-VerifyX509-0.10/VerifyX509.xs 2017-05-10 20:06:03.094774846 +0200
@@ -17,7 +17,7 @@ typedef X509* Crypt__OpenSSL__X509;
static int verify_cb(int ok, X509_STORE_CTX *ctx) {
if (!ok)
- switch (ctx->error) {
+ switch (X509_STORE_CTX_get_error (ctx)) {
case X509_V_ERR_CERT_HAS_EXPIRED:
/* case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: */
case X509_V_ERR_INVALID_CA:
@@ -37,13 +37,20 @@ static const char *ssl_error(void) {
}
static const char *ctx_error(X509_STORE_CTX *ctx) {
- return X509_verify_cert_error_string(ctx->error);
+ return X509_verify_cert_error_string(X509_STORE_CTX_get_error (ctx));
}
MODULE = Crypt::OpenSSL::VerifyX509 PACKAGE = Crypt::OpenSSL::VerifyX509
PROTOTYPES: DISABLE
+#if OPENSSL_API_COMPAT >= 0x10100000L
+#undef ERR_load_crypto_strings
+#define ERR_load_crypto_strings() /* nothing */
+#undef OpenSSL_add_all_algorithms
+# define OpenSSL_add_all_algorithms() /* nothing */
+#endif
+
BOOT:
ERR_load_crypto_strings();
ERR_load_ERR_strings();
@@ -134,6 +141,15 @@ DESTROY(store)
if (store) X509_STORE_free(store); store = 0;
+
+#if OPENSSL_API_COMPAT >= 0x10100000L
+void
+__X509_cleanup(void)
+ PPCODE:
+
+ /* deinitialisation is done automatically */
+
+#else
void
__X509_cleanup(void)
PPCODE:
@@ -142,3 +158,6 @@ __X509_cleanup(void)
ERR_free_strings();
ERR_remove_state(0);
EVP_cleanup();
+
+#endif
+
|