1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
From d583ca7d922e5ac6ff466df2e4411b1303a3a2a3 Mon Sep 17 00:00:00 2001
From: Florian Stinglmayr <florian@n0la.org>
Date: Tue, 13 Dec 2016 18:41:43 +0100
Subject: [PATCH] Use AC_CHECK_FUNCS to find functions not in LibreSSL
LibreSSL might not have all functions of OpenSSL 1.1.0 so use
AC_CHECK_FUNCS to find them first before using them.
Closes #1899
Fixes #1898
---
configure.ac | 2 ++
src/common/ssl.c | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 34e6def..1f442c5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -374,6 +374,8 @@ AS_IF([test "$openssl" != no], [
openssl=yes
COMMON_LIBS="$COMMON_LIBS $OPENSSL_LIBS"
COMMON_CFLAGS="$COMMON_CFLAGS $OPENSSL_CFLAGS"
+ dnl Test for various functions that are not available in LibreSSL
+ AC_CHECK_FUNCS([SSL_CTX_get_ssl_method X509_get_signature_nid])
], [
unset openssl_path ac_cv_lib_ssl_SSL_new ac_cv_header_openssl_ssl_h
AS_IF([test "$openssl" != yes], [
diff --git a/src/common/ssl.c b/src/common/ssl.c
index cb58ce2..76fea7b 100644
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -176,7 +176,7 @@ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
return 1;
alg = OBJ_obj2nid (algor->algorithm);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifndef HAVE_X509_GET_SIGNATURE_NID
sign_alg = OBJ_obj2nid (peer_cert->sig_alg->algorithm);
#else
sign_alg = X509_get_signature_nid (peer_cert);
@@ -306,7 +306,7 @@ _SSL_socket (SSL_CTX *ctx, int sd)
SSL_set_fd (ssl, sd);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifndef HAVE_SSL_CTX_GET_SSL_METHOD
method = ctx->method;
#else
method = SSL_CTX_get_ssl_method (ctx);
From aa7080f8fe63939d7ff4a0d0b1ec60f0c3eb31be Mon Sep 17 00:00:00 2001
From: Patrick Griffis <tingping@tingping.se>
Date: Tue, 13 Dec 2016 17:29:26 -0500
Subject: [PATCH] Fix building fishlim against libressl also
Also part of #1898
---
configure.ac | 2 +-
plugins/fishlim/dh1080.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 1f442c5..10a1550 100644
--- a/configure.ac
+++ b/configure.ac
@@ -375,7 +375,7 @@ AS_IF([test "$openssl" != no], [
COMMON_LIBS="$COMMON_LIBS $OPENSSL_LIBS"
COMMON_CFLAGS="$COMMON_CFLAGS $OPENSSL_CFLAGS"
dnl Test for various functions that are not available in LibreSSL
- AC_CHECK_FUNCS([SSL_CTX_get_ssl_method X509_get_signature_nid])
+ AC_CHECK_FUNCS([SSL_CTX_get_ssl_method X509_get_signature_nid DH_set0_pqg DH_get0_key DH_set0_key])
], [
unset openssl_path ac_cv_lib_ssl_SSL_new ac_cv_header_openssl_ssl_h
AS_IF([test "$openssl" != yes], [
diff --git a/plugins/fishlim/dh1080.c b/plugins/fishlim/dh1080.c
index ff6e579..3611758 100644
--- a/plugins/fishlim/dh1080.c
+++ b/plugins/fishlim/dh1080.c
@@ -74,7 +74,7 @@ dh1080_init (void)
BN_set_word (g, 2);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifndef HAVE_DH_SET0_PQG
g_dh->p = p;
g_dh->g = g;
#else
@@ -162,7 +162,7 @@ dh1080_generate_key (char **priv_key, char **pub_key)
return 0;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifndef HAVE_DH_GET0_KEY
dh_pub_key = dh->pub_key;
dh_priv_key = dh->priv_key;
#else
@@ -213,7 +213,7 @@ dh1080_compute_key (const char *priv_key, const char *pub_key, char **secret_key
priv_key_data = dh1080_decode_b64 (priv_key, &priv_key_len);
priv_key_num = BN_bin2bn(priv_key_data, priv_key_len, NULL);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifndef HAVE_DH_SET0_KEY
dh->priv_key = priv_key_num;
#else
DH_set0_key (dh, NULL, priv_key_num);
|
