From 6ce3be71ed60e4fe41ea255b74119ded47bd4ca2 Mon Sep 17 00:00:00 2001 From: TAKAHASHI Tamotsu Date: Wed, 7 Sep 2016 20:00:04 -0700 Subject: [PATCH] Fix openssl 1.1 compilation issues. (closes #3870) With these changes, Mutt will no longer compile for versions less than 0.9.6. --- configure.ac | 7 +++++-- mutt_ssl.c | 24 ++++++++---------------- 2 files changed, 13 insertions(+), 18 deletions(-) diff --git a/configure.ac b/configure.ac index aff9479c7..b84b531cb 100644 --- a/configure.ac +++ b/configure.ac @@ -689,13 +689,16 @@ AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl@<:@=PFX@:>@],[Enable TLS support usi crypto_libs="" AC_CHECK_LIB(z, deflate, [crypto_libs=-lz]) - AC_CHECK_LIB(crypto, X509_new, - [crypto_libs="-lcrypto $crypto_libs"],, [$crypto_libs]) + AC_CHECK_LIB(crypto, X509_STORE_CTX_new, + [crypto_libs="-lcrypto $crypto_libs"], + AC_MSG_ERROR([Unable to find SSL library]), [$crypto_libs]) AC_CHECK_LIB(ssl, SSL_new,, AC_MSG_ERROR([Unable to find SSL library]), [$crypto_libs]) LIBS="$LIBS $crypto_libs" AC_CHECK_FUNCS(RAND_status RAND_egd) + AC_CHECK_DECLS([SSL_set_mode, SSL_MODE_AUTO_RETRY],, + AC_MSG_ERROR([Unable to find decent SSL header]), [[#include ]]) AC_DEFINE(USE_SSL,1,[ Define if you want support for SSL. ]) AC_DEFINE(USE_SSL_OPENSSL,1,[ Define if you want support for SSL via OpenSSL. ]) diff --git a/mutt_ssl.c b/mutt_ssl.c index 35cb5135c..791b1c631 100644 --- a/mutt_ssl.c +++ b/mutt_ssl.c @@ -37,12 +37,6 @@ #include "mutt_ssl.h" #include "mutt_idna.h" -#if OPENSSL_VERSION_NUMBER >= 0x00904000L -#define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL, NULL) -#else -#define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL) -#endif - /* Just in case OpenSSL doesn't define DEVRANDOM */ #ifndef DEVRANDOM #define DEVRANDOM "/dev/urandom" @@ -406,11 +400,7 @@ static int ssl_negotiate (CONNECTION *conn, sslsockdata* ssldata) int err; const char* errmsg; -#if OPENSSL_VERSION_NUMBER >= 0x00906000L - /* This only exists in 0.9.6 and above. Without it we may get interrupted - * reads or writes. Bummer. */ SSL_set_mode (ssldata->ssl, SSL_MODE_AUTO_RETRY); -#endif if ((err = SSL_connect (ssldata->ssl)) != 1) { @@ -631,7 +621,7 @@ static char *asn1time_to_string (ASN1_UTCTIME *tm) static int check_certificate_by_signer (X509 *peercert) { - X509_STORE_CTX xsc; + X509_STORE_CTX *xsc; X509_STORE *ctx; int pass = 0, i; @@ -661,23 +651,25 @@ static int check_certificate_by_signer (X509 *peercert) return 0; } - X509_STORE_CTX_init (&xsc, ctx, peercert, SslSessionCerts); + xsc = X509_STORE_CTX_new(); + if (xsc == NULL) return 0; + X509_STORE_CTX_init (xsc, ctx, peercert, SslSessionCerts); - pass = (X509_verify_cert (&xsc) > 0); + pass = (X509_verify_cert (xsc) > 0); #ifdef DEBUG if (! pass) { char buf[SHORT_STRING]; int err; - err = X509_STORE_CTX_get_error (&xsc); + err = X509_STORE_CTX_get_error (xsc); snprintf (buf, sizeof (buf), "%s (%d)", X509_verify_cert_error_string(err), err); dprint (2, (debugfile, "X509_verify_cert: %s\n", buf)); dprint (2, (debugfile, " [%s]\n", peercert->name)); } #endif - X509_STORE_CTX_cleanup (&xsc); + X509_STORE_CTX_free (xsc); X509_STORE_free (ctx); return pass; @@ -766,7 +758,7 @@ static int check_certificate_by_digest (X509 *peercert) return 0; } - while ((cert = READ_X509_KEY (fp, &cert)) != NULL) + while ((cert = PEM_read_X509 (fp, &cert, NULL, NULL)) != NULL) { pass = compare_certificates (cert, peercert, peermd, peermdlen) ? 0 : 1;