]>
Commit | Line | Data |
---|---|---|
c5fceb03 AM |
1 | From 6ce3be71ed60e4fe41ea255b74119ded47bd4ca2 Mon Sep 17 00:00:00 2001 |
2 | From: TAKAHASHI Tamotsu <ttakah@lapis.plala.or.jp> | |
3 | Date: Wed, 7 Sep 2016 20:00:04 -0700 | |
4 | Subject: [PATCH] Fix openssl 1.1 compilation issues. (closes #3870) | |
5 | ||
6 | With these changes, Mutt will no longer compile for versions less than | |
7 | 0.9.6. | |
8 | --- | |
9 | configure.ac | 7 +++++-- | |
10 | mutt_ssl.c | 24 ++++++++---------------- | |
11 | 2 files changed, 13 insertions(+), 18 deletions(-) | |
12 | ||
13 | diff --git a/configure.ac b/configure.ac | |
14 | index aff9479c7..b84b531cb 100644 | |
15 | --- a/configure.ac | |
16 | +++ b/configure.ac | |
17 | @@ -689,13 +689,16 @@ AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl@<:@=PFX@:>@],[Enable TLS support usi | |
18 | ||
19 | crypto_libs="" | |
20 | AC_CHECK_LIB(z, deflate, [crypto_libs=-lz]) | |
21 | - AC_CHECK_LIB(crypto, X509_new, | |
22 | - [crypto_libs="-lcrypto $crypto_libs"],, [$crypto_libs]) | |
23 | + AC_CHECK_LIB(crypto, X509_STORE_CTX_new, | |
24 | + [crypto_libs="-lcrypto $crypto_libs"], | |
25 | + AC_MSG_ERROR([Unable to find SSL library]), [$crypto_libs]) | |
26 | AC_CHECK_LIB(ssl, SSL_new,, | |
27 | AC_MSG_ERROR([Unable to find SSL library]), [$crypto_libs]) | |
28 | ||
29 | LIBS="$LIBS $crypto_libs" | |
30 | AC_CHECK_FUNCS(RAND_status RAND_egd) | |
31 | + AC_CHECK_DECLS([SSL_set_mode, SSL_MODE_AUTO_RETRY],, | |
32 | + AC_MSG_ERROR([Unable to find decent SSL header]), [[#include <openssl/ssl.h>]]) | |
33 | ||
34 | AC_DEFINE(USE_SSL,1,[ Define if you want support for SSL. ]) | |
35 | AC_DEFINE(USE_SSL_OPENSSL,1,[ Define if you want support for SSL via OpenSSL. ]) | |
36 | diff --git a/mutt_ssl.c b/mutt_ssl.c | |
37 | index 35cb5135c..791b1c631 100644 | |
38 | --- a/mutt_ssl.c | |
39 | +++ b/mutt_ssl.c | |
40 | @@ -37,12 +37,6 @@ | |
41 | #include "mutt_ssl.h" | |
42 | #include "mutt_idna.h" | |
43 | ||
44 | -#if OPENSSL_VERSION_NUMBER >= 0x00904000L | |
45 | -#define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL, NULL) | |
46 | -#else | |
47 | -#define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL) | |
48 | -#endif | |
49 | - | |
50 | /* Just in case OpenSSL doesn't define DEVRANDOM */ | |
51 | #ifndef DEVRANDOM | |
52 | #define DEVRANDOM "/dev/urandom" | |
53 | @@ -406,11 +400,7 @@ static int ssl_negotiate (CONNECTION *conn, sslsockdata* ssldata) | |
54 | int err; | |
55 | const char* errmsg; | |
56 | ||
57 | -#if OPENSSL_VERSION_NUMBER >= 0x00906000L | |
58 | - /* This only exists in 0.9.6 and above. Without it we may get interrupted | |
59 | - * reads or writes. Bummer. */ | |
60 | SSL_set_mode (ssldata->ssl, SSL_MODE_AUTO_RETRY); | |
61 | -#endif | |
62 | ||
63 | if ((err = SSL_connect (ssldata->ssl)) != 1) | |
64 | { | |
65 | @@ -631,7 +621,7 @@ static char *asn1time_to_string (ASN1_UTCTIME *tm) | |
66 | ||
67 | static int check_certificate_by_signer (X509 *peercert) | |
68 | { | |
69 | - X509_STORE_CTX xsc; | |
70 | + X509_STORE_CTX *xsc; | |
71 | X509_STORE *ctx; | |
72 | int pass = 0, i; | |
73 | ||
74 | @@ -661,23 +651,25 @@ static int check_certificate_by_signer (X509 *peercert) | |
75 | return 0; | |
76 | } | |
77 | ||
78 | - X509_STORE_CTX_init (&xsc, ctx, peercert, SslSessionCerts); | |
79 | + xsc = X509_STORE_CTX_new(); | |
80 | + if (xsc == NULL) return 0; | |
81 | + X509_STORE_CTX_init (xsc, ctx, peercert, SslSessionCerts); | |
82 | ||
83 | - pass = (X509_verify_cert (&xsc) > 0); | |
84 | + pass = (X509_verify_cert (xsc) > 0); | |
85 | #ifdef DEBUG | |
86 | if (! pass) | |
87 | { | |
88 | char buf[SHORT_STRING]; | |
89 | int err; | |
90 | ||
91 | - err = X509_STORE_CTX_get_error (&xsc); | |
92 | + err = X509_STORE_CTX_get_error (xsc); | |
93 | snprintf (buf, sizeof (buf), "%s (%d)", | |
94 | X509_verify_cert_error_string(err), err); | |
95 | dprint (2, (debugfile, "X509_verify_cert: %s\n", buf)); | |
96 | dprint (2, (debugfile, " [%s]\n", peercert->name)); | |
97 | } | |
98 | #endif | |
99 | - X509_STORE_CTX_cleanup (&xsc); | |
100 | + X509_STORE_CTX_free (xsc); | |
101 | X509_STORE_free (ctx); | |
102 | ||
103 | return pass; | |
104 | @@ -766,7 +758,7 @@ static int check_certificate_by_digest (X509 *peercert) | |
105 | return 0; | |
106 | } | |
107 | ||
108 | - while ((cert = READ_X509_KEY (fp, &cert)) != NULL) | |
109 | + while ((cert = PEM_read_X509 (fp, &cert, NULL, NULL)) != NULL) | |
110 | { | |
111 | pass = compare_certificates (cert, peercert, peermd, peermdlen) ? 0 : 1; | |
112 |