| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | --- a/src/dane-openssl.c |
| 2 | +++ b/src/dane-openssl.c |
| 3 | @@ -1098,8 +1098,8 @@ if (dane->selectors[DANESSL_USAGE_DANE_T |
| 4 | * Check that setting the untrusted chain updates the expected |
| 5 | * structure member at the expected offset. |
| 6 | */ |
| 7 | - X509_STORE_CTX_trusted_stack(ctx, dane->roots); |
| 8 | - X509_STORE_CTX_set_chain(ctx, dane->chain); |
| 9 | + X509_STORE_CTX_set0_trusted_stack(ctx, dane->roots); |
| 10 | + X509_STORE_CTX_set0_untrusted(ctx, dane->chain); |
| 11 | OPENSSL_assert(dane->chain == X509_STORE_CTX_get0_untrusted(ctx)); |
| 12 | } |
| 13 | } |
| 14 | --- a/src/pdkim/signing.c |
| 15 | +++ b/src/pdkim/signing.c |
| 16 | @@ -703,7 +703,6 @@ return NULL; |
| 17 | void |
| 18 | exim_dkim_init(void) |
| 19 | { |
| 20 | -ERR_load_crypto_strings(); |
| 21 | } |
| 22 | |
| 23 | |
| 24 | --- a/src/tls-openssl.c |
| 25 | +++ b/src/tls-openssl.c |
| 26 | @@ -22,7 +22,10 @@ functions from the OpenSSL library. */ |
| 27 | #include <openssl/lhash.h> |
| 28 | #include <openssl/ssl.h> |
| 29 | #include <openssl/err.h> |
| 30 | +#include <openssl/bn.h> |
| 31 | +#include <openssl/dh.h> |
| 32 | #include <openssl/rand.h> |
| 33 | +#include <openssl/rsa.h> |
| 34 | #ifndef OPENSSL_NO_ECDH |
| 35 | # include <openssl/ec.h> |
| 36 | #endif |
| 37 | @@ -885,8 +888,9 @@ pkey = EVP_RSA_gen(2048); |
| 38 | |
| 39 | X509_set_version(x509, 2); /* N+1 - version 3 */ |
| 40 | ASN1_INTEGER_set(X509_get_serialNumber(x509), 1); |
| 41 | -X509_gmtime_adj(X509_get_notBefore(x509), 0); |
| 42 | -X509_gmtime_adj(X509_get_notAfter(x509), (long)2 * 60 * 60); /* 2 hour */ |
| 43 | +X509_gmtime_adj(X509_getm_notBefore(x509), 0); |
| 44 | +X509_gmtime_adj(X509_getm_notAfter(x509), (long)2 * 60 * 60); /* 2 hour */ |
| 45 | + |
| 46 | X509_set_pubkey(x509, pkey); |
| 47 | |
| 48 | name = X509_get_subject_name(x509); |
| 49 | @@ -4670,8 +4674,8 @@ return string_fmt_append(g, |
| 50 | " Runtime: %s\n" |
| 51 | " : %s\n", |
| 52 | OPENSSL_VERSION_TEXT, |
| 53 | - SSLeay_version(SSLEAY_VERSION), |
| 54 | - SSLeay_version(SSLEAY_BUILT_ON)); |
| 55 | + OpenSSL_version(OPENSSL_VERSION), |
| 56 | + OpenSSL_version(OPENSSL_BUILT_ON)); |
| 57 | /* third line is 38 characters for the %s and the line is 73 chars long; |
| 58 | the OpenSSL output includes a "built on: " prefix already. */ |
| 59 | } |
| 60 | @@ -4713,8 +4717,6 @@ if (pidnow != pidlast) |
| 61 | is unique for each thread", this doesn't apparently apply across processes, |
| 62 | so our own warning from vaguely_random_number_fallback() applies here too. |
| 63 | Fix per PostgreSQL. */ |
| 64 | - if (pidlast != 0) |
| 65 | - RAND_cleanup(); |
| 66 | pidlast = pidnow; |
| 67 | } |
| 68 | |
| 69 | --- a/src/tlscert-openssl.c |
| 70 | +++ b/src/tlscert-openssl.c |
| 71 | @@ -218,13 +218,13 @@ return mod ? tls_field_from_dn(cp, mod) |
| 72 | uschar * |
| 73 | tls_cert_not_before(void * cert, uschar * mod) |
| 74 | { |
| 75 | -return asn1_time_copy(X509_get_notBefore((X509 *)cert), mod); |
| 76 | +return asn1_time_copy(X509_getm_notBefore((X509 *)cert), mod); |
| 77 | } |
| 78 | |
| 79 | uschar * |
| 80 | tls_cert_not_after(void * cert, uschar * mod) |
| 81 | { |
| 82 | -return asn1_time_copy(X509_get_notAfter((X509 *)cert), mod); |
| 83 | +return asn1_time_copy(X509_getm_notAfter((X509 *)cert), mod); |
| 84 | } |
| 85 | |
| 86 | uschar * |