From ce91bebc39a649511bf85ee75b5323bbdfa55655 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <tingping@tingping.se>
Date: Thu, 15 Jun 2017 00:26:43 -0400
Subject: [PATCH] Fix OpenSSL 1.1 deprecations

---
 meson.build      |  6 ++++++
 src/common/ssl.c | 21 ++++++++++++++++++---
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/meson.build b/meson.build
index 462673fb..15eaa390 100644
--- a/meson.build
+++ b/meson.build
@@ -64,6 +64,12 @@ if libssl_dep.found()
   config_h.set('HAVE_DH_SET0_KEY',
     cc.has_function('DH_set0_key', dependencies: libssl_dep)
   )
+  config_h.set('HAVE_ERR_REMOVE_THREAD_STATE',
+    cc.has_function('ERR_remove_thread_state', dependencies: libssl_dep)
+  )
+  config_h.set('HAVE_ASN1_STRING_GET0_DATA',
+    cc.has_function('ASN1_STRING_get0_data', dependencies: libssl_dep)
+  )
 endif
 
 configure_file(output: 'config.h', configuration: config_h)
diff --git a/src/common/ssl.c b/src/common/ssl.c
index 76fea7b4..0eb78bd7 100644
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -349,7 +349,14 @@ _SSL_close (SSL * ssl)
 {
 	SSL_set_shutdown (ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
 	SSL_free (ssl);
-	ERR_remove_state (0);		  /* free state buffer */
+#ifdef HAVE_ERR_REMOVE_THREAD_STATE
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L
+	/* OpenSSL handles this itself in 1.1+ and this is a no-op */
+	ERR_remove_thread_state (NULL);
+#endif
+#else
+	ERR_remove_state (0);
+#endif
 }
 
 /* Hostname validation code based on OpenBSD's libtls. */
@@ -438,13 +445,17 @@ _SSL_check_subject_altname (X509 *cert, const char *host)
 
 		if (type == GEN_DNS)
 		{
-			unsigned char *data;
+			const unsigned char *data;
 			int format;
 
 			format = ASN1_STRING_type (altname->d.dNSName);
 			if (format == V_ASN1_IA5STRING)
 			{
+#ifdef HAVE_ASN1_STRING_GET0_DATA
+				data = ASN1_STRING_get0_data (altname->d.dNSName);
+#else
 				data = ASN1_STRING_data (altname->d.dNSName);
+#endif
 
 				if (ASN1_STRING_length (altname->d.dNSName) != (int)strlen(data))
 				{
@@ -465,12 +476,16 @@ _SSL_check_subject_altname (X509 *cert, const char *host)
 		}
 		else if (type == GEN_IPADD)
 		{
-			unsigned char *data;
+			const unsigned char *data;
 			const guint8 *addr_bytes;
 			int datalen, addr_len;
 
 			datalen = ASN1_STRING_length (altname->d.iPAddress);
+#ifdef HAVE_ASN1_STRING_GET0_DATA
+			data = ASN1_STRING_get0_data (altname->d.iPAddress);
+#else
 			data = ASN1_STRING_data (altname->d.iPAddress);
+#endif
 
 			addr_bytes = g_inet_address_to_bytes (addr);
 			addr_len = (int)g_inet_address_get_native_size (addr);