From e64a7d229fdcb5c190064b7860ade50124dcc735 Mon Sep 17 00:00:00 2001
From: Aurelien David <aurelien.david@telecom-paristech.fr>
Date: Fri, 6 Oct 2017 16:46:18 +0200
Subject: [PATCH] compatibility with OpenSSL 1.1.x (#616)

---
 src/utils/downloader.c | 40 +++++++++++++++++++++++++++++-----------
 1 file changed, 29 insertions(+), 11 deletions(-)

diff --git a/src/utils/downloader.c b/src/utils/downloader.c
index b8c923b88..3b7d37b41 100644
--- a/src/utils/downloader.c
+++ b/src/utils/downloader.c
@@ -204,7 +204,7 @@ struct __gf_download_manager
 	u32 limit_data_rate, read_buf_size;
 	u64 max_cache_size;
 	Bool allow_broken_certificate;
-	
+
 	GF_List *skip_proxy_servers;
 	GF_List *credentials;
 	GF_List *cache_entries;
@@ -392,10 +392,18 @@ static Bool init_ssl_lib() {
 		GF_LOG(GF_LOG_ERROR, GF_LOG_NETWORK, ("[HTTPS] Error while initializing Random Number generator, failed to init SSL !\n"));
 		return GF_TRUE;
 	}
+
+	/* per https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html
+	** As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required.
+	** Similarly it will also automatically deinitialise as required.
+	*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_library_init();
 	SSL_load_error_strings();
 	SSLeay_add_all_algorithms();
 	SSLeay_add_ssl_algorithms();
+#endif
+
 	_ssl_is_initialized = GF_TRUE;
 	GF_LOG(GF_LOG_DEBUG, GF_LOG_NETWORK, ("[HTTPS] Initalization of SSL library complete.\n"));
 	return GF_FALSE;
@@ -422,6 +430,7 @@ static int ssl_init(GF_DownloadManager *dm, u32 mode)
 	}
 
 	switch (mode) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	case 0:
 		meth = SSLv23_client_method();
 		break;
@@ -436,6 +445,11 @@ static int ssl_init(GF_DownloadManager *dm, u32 mode)
 	case 3:
 		meth = TLSv1_client_method();
 		break;
+#else /* for openssl 1.1+ this is the prefered method */
+	case 0:
+		meth = TLS_client_method();
+		break;
+#endif
 	default:
 		goto error;
 	}
@@ -1225,7 +1239,7 @@ static GF_Err gf_dm_read_data(GF_DownloadSession *sess, char *data, u32 data_siz
 		gf_mx_v(sess->mx);
 		return GF_IP_CONNECTION_CLOSED;
 	}
-	
+
 #ifdef GPAC_HAS_SSL
 	if (sess->ssl) {
 		s32 size;
@@ -1451,7 +1465,11 @@ static void gf_dm_connect(GF_DownloadSession *sess)
 							const GENERAL_NAME *altname = sk_GENERAL_NAME_value(altnames, i);
 							if (altname->type == GEN_DNS)
 							{
-								unsigned char *altname_str = ASN1_STRING_data(altname->d.ia5);
+								#if OPENSSL_VERSION_NUMBER < 0x10100000L
+									unsigned char *altname_str = ASN1_STRING_data(altname->d.ia5);
+								#else
+									unsigned char *altname_str = (unsigned char *)ASN1_STRING_get0_data(altname->d.ia5);
+								#endif
 								gf_list_add(valid_names, altname_str);
 							}
 						}