1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
|
diff --git a/doc/xio.help b/doc/xio.help
index 3a6eb8d..f005b1c 100644
--- a/doc/xio.help
+++ b/doc/xio.help
@@ -4566,19 +4566,6 @@ must contain certificates in PEM format and their hashes (see OpenSSL
documentation)
-Option: openssl-egd=file
-Aliases: egd
-
-Type: FILENAME
-Option group: OPENSSL
-Phase: SPEC
-Platforms: (depends on openssl installation)
-
-On some systems, openssl requires an explicit source of random data. Specify
-the socket name where an entropy gathering daemon like egd provides random
-data, e.g. /dev/egd-pool.
-
-
Option: openssl-pseudo
Aliases: pseudo
diff --git a/sslcls.c b/sslcls.c
index 6ddc077..3f7c6a0 100644
--- a/sslcls.c
+++ b/sslcls.c
@@ -55,6 +55,7 @@ const SSL_METHOD *sycSSLv2_server_method(void) {
}
#endif
+#ifdef HAVE_SSLv3_client_method
const SSL_METHOD *sycSSLv3_client_method(void) {
const SSL_METHOD *result;
Debug("SSLv3_client_method()");
@@ -62,7 +63,9 @@ const SSL_METHOD *sycSSLv3_client_method(void) {
Debug1("SSLv3_client_method() -> %p", result);
return result;
}
+#endif
+#ifdef HAVE_SSLv3_server_method
const SSL_METHOD *sycSSLv3_server_method(void) {
const SSL_METHOD *result;
Debug("SSLv3_server_method()");
@@ -70,6 +73,7 @@ const SSL_METHOD *sycSSLv3_server_method(void) {
Debug1("SSLv3_server_method() -> %p", result);
return result;
}
+#endif
const SSL_METHOD *sycSSLv23_client_method(void) {
const SSL_METHOD *result;
@@ -331,14 +335,6 @@ void sycSSL_free(SSL *ssl) {
return;
}
-int sycRAND_egd(const char *path) {
- int result;
- Debug1("RAND_egd(\"%s\")", path);
- result = RAND_egd(path);
- Debug1("RAND_egd() -> %d", result);
- return result;
-}
-
DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) {
DH *result;
Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)",
@@ -375,7 +371,7 @@ int sycFIPS_mode_set(int onoff) {
}
#endif /* WITH_FIPS */
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl) {
const COMP_METHOD *result;
Debug1("SSL_get_current_compression(%p)", ssl);
diff --git a/sslcls.h b/sslcls.h
index aece28a..7ed2283 100644
--- a/sslcls.h
+++ b/sslcls.h
@@ -47,7 +47,6 @@ X509 *sycSSL_get_peer_certificate(SSL *ssl);
int sycSSL_shutdown(SSL *ssl);
void sycSSL_CTX_free(SSL_CTX *ctx);
void sycSSL_free(SSL *ssl);
-int sycRAND_egd(const char *path);
DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
@@ -55,7 +54,7 @@ BIO *sycBIO_new_file(const char *filename, const char *mode);
int sycFIPS_mode_set(int onoff);
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl);
const COMP_METHOD *sycSSL_get_current_expansion(SSL *ssl);
const char *sycSSL_COMP_get_name(const COMP_METHOD *comp);
@@ -98,7 +97,6 @@ const char *sycSSL_COMP_get_name(const COMP_METHOD *comp);
#define sycSSL_shutdown(s) SSL_shutdown(s)
#define sycSSL_CTX_free(c) SSL_CTX_free(c)
#define sycSSL_free(s) SSL_free(s)
-#define sycRAND_egd(p) RAND_egd(p)
#define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u)
diff --git a/xio-openssl.c b/xio-openssl.c
index b7e95c1..b77d340 100644
--- a/xio-openssl.c
+++ b/xio-openssl.c
@@ -108,7 +108,6 @@ const struct optdesc opt_openssl_key = { "openssl-key", "key",
const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
-const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC };
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC };
@@ -147,7 +146,7 @@ int xio_reset_fips_mode(void) {
static void openssl_conn_loginfo(SSL *ssl) {
Notice1("SSL connection using %s", SSL_get_cipher(ssl));
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
{
const COMP_METHOD *comp, *expansion;
@@ -722,7 +721,6 @@ int
char *opt_dhparam = NULL; /* file name of DH params */
char *opt_cafile = NULL; /* certificate authority file */
char *opt_capath = NULL; /* certificate authority directory */
- char *opt_egd = NULL; /* entropy gathering daemon socket path */
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
char *opt_compress = NULL; /* compression method */
#endif
@@ -741,7 +739,6 @@ int
retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath);
retropt_string(opts, OPT_OPENSSL_KEY, &opt_key);
retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam);
- retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd);
retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo);
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress);
@@ -877,10 +874,6 @@ int
}
}
- if (opt_egd) {
- sycRAND_egd(opt_egd);
- }
-
if (opt_pseudo) {
long int randdata;
/* initialize libc random from actual microseconds */
@@ -1105,7 +1098,7 @@ static int openssl_SSL_ERROR_SSL(int level, const char *funcname) {
if (e == ((ERR_LIB_RAND<<24)|
(RAND_F_SSLEAY_RAND_BYTES<<12)|
(RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) {
- Error("too few entropy; use options \"egd\" or \"pseudo\"");
+ Error("too few entropy; use option \"pseudo\"");
stat = STAT_NORETRY;
} else {
Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf));
diff --git a/xio-openssl.h b/xio-openssl.h
index 9cad8f4..cc20e36 100644
--- a/xio-openssl.h
+++ b/xio-openssl.h
@@ -21,7 +21,6 @@ extern const struct optdesc opt_openssl_key;
extern const struct optdesc opt_openssl_dhparam;
extern const struct optdesc opt_openssl_cafile;
extern const struct optdesc opt_openssl_capath;
-extern const struct optdesc opt_openssl_egd;
extern const struct optdesc opt_openssl_pseudo;
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
extern const struct optdesc opt_openssl_compress;
diff --git a/xioopts.c b/xioopts.c
index 3b0f300..b1b5943 100644
--- a/xioopts.c
+++ b/xioopts.c
@@ -412,7 +412,6 @@ const struct optname optionnames[] = {
#ifdef ECHOPRT
IF_TERMIOS("echoprt", &opt_echoprt)
#endif
- IF_OPENSSL("egd", &opt_openssl_egd)
IF_ANY ("end-close", &opt_end_close)
IF_TERMIOS("eof", &opt_veof)
IF_TERMIOS("eol", &opt_veol)
@@ -1102,7 +1101,6 @@ const struct optname optionnames[] = {
IF_OPENSSL("openssl-compress", &opt_openssl_compress)
#endif
IF_OPENSSL("openssl-dhparam", &opt_openssl_dhparam)
- IF_OPENSSL("openssl-egd", &opt_openssl_egd)
#if WITH_FIPS
IF_OPENSSL("openssl-fips", &opt_openssl_fips)
#endif
diff --git a/xioopts.h b/xioopts.h
index ebcf315..d569c30 100644
--- a/xioopts.h
+++ b/xioopts.h
@@ -478,7 +478,6 @@ enum e_optcode {
OPT_OPENSSL_COMPRESS,
#endif
OPT_OPENSSL_DHPARAM,
- OPT_OPENSSL_EGD,
OPT_OPENSSL_FIPS,
OPT_OPENSSL_KEY,
OPT_OPENSSL_METHOD,
|
