| --- a/src/main/threads.c |
| +++ b/src/main/threads.c |
| @@ -298,6 +298,7 @@ static void ssl_locking_function(int mod |
| */ |
| int tls_mutexes_init(void) |
| { |
| +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
| int i; |
| |
| ssl_mutexes = rad_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); |
| @@ -316,6 +317,7 @@ int tls_mutexes_init(void) |
| #ifdef HAVE_CRYPTO_SET_LOCKING_CALLBACK |
| CRYPTO_set_locking_callback(ssl_locking_function); |
| #endif |
| +#endif |
| |
| return 0; |
| } |
| --- a/src/main/tls.c |
| +++ b/src/main/tls.c |
| @@ -55,6 +55,7 @@ USES_APPLE_DEPRECATED_API /* OpenSSL API |
| # include <openssl/evp.h> |
| # endif |
| # include <openssl/ssl.h> |
| +# include <openssl/dh.h> |
| |
| #define LOG_PREFIX "tls" |
| |
| @@ -2133,7 +2134,7 @@ int cbtls_verify(int ok, X509_STORE_CTX |
| int my_ok = ok; |
| |
| ASN1_INTEGER *sn = NULL; |
| - ASN1_TIME *asn_time = NULL; |
| + const ASN1_TIME *asn_time = NULL; |
| VALUE_PAIR **certs; |
| char **identity; |
| #ifdef HAVE_OPENSSL_OCSP_H |
| @@ -2207,7 +2208,7 @@ int cbtls_verify(int ok, X509_STORE_CTX |
| * Get the Expiration Date |
| */ |
| buf[0] = '\0'; |
| - asn_time = X509_get_notAfter(client_cert); |
| + asn_time = X509_get0_notAfter(client_cert); |
| if (certs && (lookup <= 1) && asn_time && |
| (asn_time->length < (int) sizeof(buf))) { |
| memcpy(buf, (char*) asn_time->data, asn_time->length); |
| @@ -2220,7 +2221,7 @@ int cbtls_verify(int ok, X509_STORE_CTX |
| * Get the Valid Since Date |
| */ |
| buf[0] = '\0'; |
| - asn_time = X509_get_notBefore(client_cert); |
| + asn_time = X509_get0_notBefore(client_cert); |
| if (certs && (lookup <= 1) && asn_time && |
| (asn_time->length < (int) sizeof(buf))) { |
| memcpy(buf, (char*) asn_time->data, asn_time->length); |
| @@ -2690,10 +2691,12 @@ static int set_ecdh_curve(SSL_CTX *ctx, |
| */ |
| int tls_global_init(bool spawn_flag, bool check) |
| { |
| +#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| SSL_load_error_strings(); /* readable error messages (examples show call before library_init) */ |
| SSL_library_init(); /* initialize library */ |
| OpenSSL_add_all_algorithms(); /* required for SHA2 in OpenSSL < 0.9.8o and 1.0.0.a */ |
| CONF_modules_load_file(NULL, NULL, 0); |
| +#endif |
| |
| /* |
| * Initialize the index for the certificates. |
| @@ -2769,6 +2772,7 @@ int tls_global_version_check(char const |
| */ |
| void tls_global_cleanup(void) |
| { |
| +#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| #if OPENSSL_VERSION_NUMBER < 0x10000000L |
| ERR_remove_state(0); |
| #elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
| @@ -2781,6 +2785,7 @@ void tls_global_cleanup(void) |
| ERR_free_strings(); |
| EVP_cleanup(); |
| CRYPTO_cleanup_all_ex_data(); |
| +#endif |
| } |
| |
| |
| --- a/src/main/version.c |
| +++ b/src/main/version.c |
| @@ -54,7 +54,7 @@ int ssl_check_consistency(void) |
| { |
| long ssl_linked; |
| |
| - ssl_linked = SSLeay(); |
| + ssl_linked = OpenSSL_version_num(); |
| |
| /* |
| * Major and minor versions mismatch, that's bad. |
| @@ -152,7 +152,7 @@ char const *ssl_version_num(void) |
| { |
| long ssl_linked; |
| |
| - ssl_linked = SSLeay(); |
| + ssl_linked = OpenSSL_version_num(); |
| return ssl_version_by_num((uint32_t)ssl_linked); |
| } |
| |
| @@ -188,10 +188,10 @@ char const *ssl_version(void) |
| { |
| static char buffer[256]; |
| |
| - uint32_t v = SSLeay(); |
| + uint32_t v = OpenSSL_version_num(); |
| |
| snprintf(buffer, sizeof(buffer), "%s 0x%.8x (%s)", |
| - SSLeay_version(SSLEAY_VERSION), /* Not all builds include a useful version number */ |
| + OpenSSL_version(OPENSSL_VERSION), /* Not all builds include a useful version number */ |
| v, |
| ssl_version_by_num(v)); |
| |