Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Rev 161 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
161 magnus 1
Bug-Debian: https://bugs.debian.org/828512
2
Description: Support OpenSSL 1.1 API changes
3
 SSL_CTX_set_tmp_rsa_callback() (used for export-weakened keys) no longer does anything.
4
 
5
--- a/lib/ssl.c
6
+++ b/lib/ssl.c
7
@@ -78,17 +78,6 @@ static void os_initialize_prng(struct ss
8
     int totbytes = 0;
9
     int bytes;
10
 
11
-    if (ssl_config->egd_socket) {
12
-        if ((bytes = RAND_egd(ssl_config->egd_socket)) == -1) {
13
-            log_fatal("EGD Socket %s failed", ssl_config->egd_socket);
14
-        } else {
15
-            totbytes += bytes;
16
-            log_debug("Snagged %d random bytes from EGD Socket %s",
17
-                      bytes, ssl_config->egd_socket);
18
-            goto SEEDED;        /* ditto */
19
-        }
20
-    }
21
-
22
     /* Try the good-old default /dev/urandom, if available  */
23
     totbytes += add_rand_file("/dev/urandom");
24
     if (prng_seeded(totbytes)) {
25
@@ -212,6 +201,8 @@ static int new_session_cb(SSL * ssl, SSL
26
     unsigned char *data = NULL, *asn;
27
     time_t expire;
28
     int ret = -1;
29
+    unsigned int session_id_length;
30
+    unsigned char *session_id = SSL_SESSION_get_id(sess, &session_id_length);
31
 
32
     if (!sess_dbopen)
33
         return 0;
34
@@ -241,8 +232,7 @@ static int new_session_cb(SSL * ssl, SSL
35
     if (data && len) {
36
         /* store the session in our database */
37
         do {
38
-            ret = DB->store(sessdb, (void *) sess->session_id,
39
-                            sess->session_id_length,
40
+            ret = DB->store(sessdb, (void *) session_id, session_id_length,
41
                             (void *) data, len + sizeof(time_t), NULL);
42
         }
43
         while (ret == MYDB_AGAIN);
44
@@ -255,8 +245,8 @@ static int new_session_cb(SSL * ssl, SSL
45
     if (ssl_verbose_logging) {
46
         int i;
47
         char idstr[SSL_MAX_SSL_SESSION_ID_LENGTH * 2 + 1];
48
-        for (i = 0; i < sess->session_id_length; i++)
49
-            sprintf(idstr + i * 2, "%02X", sess->session_id[i]);
50
+        for (i = 0; i < session_id_length; i++)
51
+            sprintf(idstr + i * 2, "%02X", session_id[i]);
52
 
53
         log_debug("new SSL session: id=%s, expire=%s, status=%s",
54
                   idstr, ctime(&expire), ret ? "failed" : "ok");
55
@@ -298,7 +288,10 @@ static void remove_session(unsigned char
56
  */
57
 static void remove_session_cb(SSL_CTX * ctx, SSL_SESSION * sess)
58
 {
59
-    remove_session(sess->session_id, sess->session_id_length);
60
+    unsigned int session_id_length;
61
+    unsigned char *session_id = SSL_SESSION_get_id(sess, &session_id_length);
62
+
63
+    remove_session(session_id, session_id_length);
64
 }
65
 
66
 /*
67
@@ -398,9 +391,6 @@ void ssl_context_init(struct ssl_config
68
     /* SSLv3 now also obsolete */
69
     SSL_CTX_set_options(client_ctx, SSL_OP_NO_SSLv3);
70
 
71
-    if (SSL_CTX_need_tmp_RSA(client_ctx))
72
-        SSL_CTX_set_tmp_rsa_callback(client_ctx, rsa_callback);
73
-
74
     /* Don't bother with session cache for client side: not enough
75
      * connections to worry about caching */
76
     SSL_CTX_set_session_cache_mode(client_ctx, SSL_SESS_CACHE_OFF);
77
@@ -509,10 +499,6 @@ void ssl_context_init(struct ssl_config
78
         log_fatal("SSL_CTX_set_options(SSL_OP_CIPHER_SERVER_PREFERENCE)"
79
                   "failed");
80
 
81
-    /* Set up RSA temporary key callback routine */
82
-    if (SSL_CTX_need_tmp_RSA(server_ctx))
83
-        SSL_CTX_set_tmp_rsa_callback(server_ctx, rsa_callback);
84
-
85
     /* Initialise RSA temporary key (will take a couple of secs to complete) */
86
     ssl_init_rsakey(ssl_config);
87
 }
88
@@ -621,7 +607,7 @@ void *ssl_start_server(int fd, unsigned
89
     else
90
         log_debug("SSL: No client certificate");
91
 
92
-    switch (ssl->session->ssl_version) {
93
+    switch (SSL_version(ssl)) {
94
     case SSL2_VERSION:
95
         ver = "SSLv2";
96
         break;
97
@@ -680,7 +666,7 @@ void *ssl_start_client(int fd, unsigned
98
 
99
     /* Verify certificate here? Need local context to play with? */
100
 
101
-    switch (((SSL *) ssl)->session->ssl_version) {
102
+    switch (SSL_version(ssl)) {
103
     case SSL2_VERSION:
104
         ver = "SSLv2";
105
         break;
106
--- a/shared/config.c
107
+++ b/shared/config.c
108
@@ -455,9 +455,9 @@ static struct {
109
     "draft_att_total_max", config_number, OFFSET(draft_att_total_max)}
110
     , {
111
     "dualuse", config_bool, OFFSET(dualuse)}
112
-    , {
113
+    , /*{
114
     "egd_socket", config_path, OFFSET(egd_socket)}
115
-    , {
116
+    , */{
117
     "expunge_on_exit", config_bool, OFFSET(expunge_on_exit)}
118
     , {
119
     "fatal_dump_core", config_bool, OFFSET(fatal_dump_core)}