| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | --- a/src/osdep/unix/ssl_unix.c |
| 2 | +++ b/src/osdep/unix/ssl_unix.c |
| 3 | @@ -35,6 +35,7 @@ |
| 4 | #include <bio.h> |
| 5 | #include <crypto.h> |
| 6 | #include <rand.h> |
| 7 | +#include <rsa.h> |
| 8 | #undef crypt |
| 9 | |
| 10 | #define SSLBUFLEN 8192 |
| 11 | @@ -90,6 +91,11 @@ static char *start_tls = NIL; /* non-NIL |
| 12 | |
| 13 | static int sslonceonly = 0; |
| 14 | |
| 15 | +#if OPENSSL_API_COMPAT >= 0x10100000L |
| 16 | +#define SSL_CTX_need_tmp_RSA(ctx) 0 |
| 17 | +#define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) |
| 18 | +#endif |
| 19 | + |
| 20 | void ssl_onceonlyinit (void) |
| 21 | { |
| 22 | if (!sslonceonly++) { /* only need to call it once */ |
| 23 | @@ -114,7 +120,6 @@ void ssl_onceonlyinit (void) |
| 24 | /* apply runtime linkage */ |
| 25 | mail_parameters (NIL,SET_SSLDRIVER,(void *) &ssldriver); |
| 26 | mail_parameters (NIL,SET_SSLSTART,(void *) ssl_start); |
| 27 | - SSL_library_init (); /* add all algorithms */ |
| 28 | } |
| 29 | } |
| 30 | � |
| 31 | @@ -220,9 +225,7 @@ static char *ssl_start_work (SSLSTREAM * |
| 32 | (sslclientkey_t) mail_parameters (NIL,GET_SSLCLIENTKEY,NIL); |
| 33 | if (ssl_last_error) fs_give ((void **) &ssl_last_error); |
| 34 | ssl_last_host = host; |
| 35 | - if (!(stream->context = SSL_CTX_new ((flags & NET_TLSCLIENT) ? |
| 36 | - TLSv1_client_method () : |
| 37 | - SSLv23_client_method ()))) |
| 38 | + if (!(stream->context = SSL_CTX_new (TLS_client_method()))) |
| 39 | return "SSL context failed"; |
| 40 | SSL_CTX_set_options (stream->context,0); |
| 41 | /* disable certificate validation? */ |
| 42 | @@ -695,9 +698,6 @@ void ssl_server_init (char *server) |
| 43 | SSLSTREAM *stream = (SSLSTREAM *) memset (fs_get (sizeof (SSLSTREAM)),0, |
| 44 | sizeof (SSLSTREAM)); |
| 45 | ssl_onceonlyinit (); /* make sure algorithms added */ |
| 46 | - ERR_load_crypto_strings (); |
| 47 | - SSL_load_error_strings (); |
| 48 | - /* build specific certificate/key file names */ |
| 49 | sprintf (cert,"%s/%s-%s.pem",SSL_CERT_DIRECTORY,server,tcp_serveraddr ()); |
| 50 | sprintf (key,"%s/%s-%s.pem",SSL_KEY_DIRECTORY,server,tcp_serveraddr ()); |
| 51 | /* use non-specific name if no specific cert */ |
| 52 | @@ -708,9 +708,7 @@ void ssl_server_init (char *server) |
| 53 | if (stat (key,&sbuf)) strcpy (key,cert); |
| 54 | } |
| 55 | /* create context */ |
| 56 | - if (!(stream->context = SSL_CTX_new (start_tls ? |
| 57 | - TLSv1_server_method () : |
| 58 | - SSLv23_server_method ()))) |
| 59 | + if (!(stream->context = SSL_CTX_new (TLS_server_method()))) |
| 60 | syslog (LOG_ALERT,"Unable to create SSL context, host=%.80s", |
| 61 | tcp_clienthost ()); |
| 62 | else { /* set context options */ |