Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Rev 161 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
161 magnus 1 
Bug-Debian: https://bugs.debian.org/828512
2 
Description: Support OpenSSL 1.1 API changes
3 
 SSL_CTX_set_tmp_rsa_callback() (used for export-weakened keys) no longer does anything.
4 
 
5 
--- a/lib/ssl.c
6 
+++ b/lib/ssl.c
7 
@@ -78,17 +78,6 @@ static void os_initialize_prng(struct ss
8 
     int totbytes = 0;
9 
     int bytes;
10 
 
11 
-    if (ssl_config->egd_socket) {
12 
-        if ((bytes = RAND_egd(ssl_config->egd_socket)) == -1) {
13 
-            log_fatal("EGD Socket %s failed", ssl_config->egd_socket);
14 
-        } else {
15 
-            totbytes += bytes;
16 
-            log_debug("Snagged %d random bytes from EGD Socket %s",
17 
-                      bytes, ssl_config->egd_socket);
18 
-            goto SEEDED;        /* ditto */
19 
-        }
20 
-    }
21 
-
22 
     /* Try the good-old default /dev/urandom, if available  */
23 
     totbytes += add_rand_file("/dev/urandom");
24 
     if (prng_seeded(totbytes)) {
25 
@@ -212,6 +201,8 @@ static int new_session_cb(SSL * ssl, SSL
26 
     unsigned char *data = NULL, *asn;
27 
     time_t expire;
28 
     int ret = -1;
29 
+    unsigned int session_id_length;
30 
+    unsigned char *session_id = SSL_SESSION_get_id(sess, &session_id_length);
31 
 
32 
     if (!sess_dbopen)
33 
         return 0;
34 
@@ -241,8 +232,7 @@ static int new_session_cb(SSL * ssl, SSL
35 
     if (data && len) {
36 
         /* store the session in our database */
37 
         do {
38 
-            ret = DB->store(sessdb, (void *) sess->session_id,
39 
-                            sess->session_id_length,
40 
+            ret = DB->store(sessdb, (void *) session_id, session_id_length,
41 
                             (void *) data, len + sizeof(time_t), NULL);
42 
         }
43 
         while (ret == MYDB_AGAIN);
44 
@@ -255,8 +245,8 @@ static int new_session_cb(SSL * ssl, SSL
45 
     if (ssl_verbose_logging) {
46 
         int i;
47 
         char idstr[SSL_MAX_SSL_SESSION_ID_LENGTH * 2 + 1];
48 
-        for (i = 0; i < sess->session_id_length; i++)
49 
-            sprintf(idstr + i * 2, "%02X", sess->session_id[i]);
50 
+        for (i = 0; i < session_id_length; i++)
51 
+            sprintf(idstr + i * 2, "%02X", session_id[i]);
52 
 
53 
         log_debug("new SSL session: id=%s, expire=%s, status=%s",
54 
                   idstr, ctime(&expire), ret ? "failed" : "ok");
55 
@@ -298,7 +288,10 @@ static void remove_session(unsigned char
56 
  */
57 
 static void remove_session_cb(SSL_CTX * ctx, SSL_SESSION * sess)
58 
 {
59 
-    remove_session(sess->session_id, sess->session_id_length);
60 
+    unsigned int session_id_length;
61 
+    unsigned char *session_id = SSL_SESSION_get_id(sess, &session_id_length);
62 
+
63 
+    remove_session(session_id, session_id_length);
64 
 }
65 
 
66 
 /*
67 
@@ -398,9 +391,6 @@ void ssl_context_init(struct ssl_config
68 
     /* SSLv3 now also obsolete */
69 
     SSL_CTX_set_options(client_ctx, SSL_OP_NO_SSLv3);
70 
 
71 
-    if (SSL_CTX_need_tmp_RSA(client_ctx))
72 
-        SSL_CTX_set_tmp_rsa_callback(client_ctx, rsa_callback);
73 
-
74 
     /* Don't bother with session cache for client side: not enough
75 
      * connections to worry about caching */
76 
     SSL_CTX_set_session_cache_mode(client_ctx, SSL_SESS_CACHE_OFF);
77 
@@ -509,10 +499,6 @@ void ssl_context_init(struct ssl_config
78 
         log_fatal("SSL_CTX_set_options(SSL_OP_CIPHER_SERVER_PREFERENCE)"
79 
                   "failed");
80 
 
81 
-    /* Set up RSA temporary key callback routine */
82 
-    if (SSL_CTX_need_tmp_RSA(server_ctx))
83 
-        SSL_CTX_set_tmp_rsa_callback(server_ctx, rsa_callback);
84 
-
85 
     /* Initialise RSA temporary key (will take a couple of secs to complete) */
86 
     ssl_init_rsakey(ssl_config);
87 
 }
88 
@@ -621,7 +607,7 @@ void *ssl_start_server(int fd, unsigned
89 
     else
90 
         log_debug("SSL: No client certificate");
91 
 
92 
-    switch (ssl->session->ssl_version) {
93 
+    switch (SSL_version(ssl)) {
94 
     case SSL2_VERSION:
95 
         ver = "SSLv2";
96 
         break;
97 
@@ -680,7 +666,7 @@ void *ssl_start_client(int fd, unsigned
98 
 
99 
     /* Verify certificate here? Need local context to play with? */
100 
 
101 
-    switch (((SSL *) ssl)->session->ssl_version) {
102 
+    switch (SSL_version(ssl)) {
103 
     case SSL2_VERSION:
104 
         ver = "SSLv2";
105 
         break;
106 
--- a/shared/config.c
107 
+++ b/shared/config.c
108 
@@ -455,9 +455,9 @@ static struct {
109 
     "draft_att_total_max", config_number, OFFSET(draft_att_total_max)}
110 
     , {
111 
     "dualuse", config_bool, OFFSET(dualuse)}
112 
-    , {
113 
+    , /*{
114 
     "egd_socket", config_path, OFFSET(egd_socket)}
115 
-    , {
116 
+    , */{
117 
     "expunge_on_exit", config_bool, OFFSET(expunge_on_exit)}
118 
     , {
119 
     "fatal_dump_core", config_bool, OFFSET(fatal_dump_core)}