Fix OpenSSL 1.1 deprecations

This commit is contained in:
Patrick Griffis 2017-06-15 00:26:43 -04:00
parent 27fd9b3fd6
commit ce91bebc39
2 changed files with 24 additions and 3 deletions

View File

@ -64,6 +64,12 @@ if libssl_dep.found()
config_h.set('HAVE_DH_SET0_KEY', config_h.set('HAVE_DH_SET0_KEY',
cc.has_function('DH_set0_key', dependencies: libssl_dep) cc.has_function('DH_set0_key', dependencies: libssl_dep)
) )
config_h.set('HAVE_ERR_REMOVE_THREAD_STATE',
cc.has_function('ERR_remove_thread_state', dependencies: libssl_dep)
)
config_h.set('HAVE_ASN1_STRING_GET0_DATA',
cc.has_function('ASN1_STRING_get0_data', dependencies: libssl_dep)
)
endif endif
configure_file(output: 'config.h', configuration: config_h) configure_file(output: 'config.h', configuration: config_h)

View File

@ -349,7 +349,14 @@ _SSL_close (SSL * ssl)
{ {
SSL_set_shutdown (ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); SSL_set_shutdown (ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
SSL_free (ssl); SSL_free (ssl);
ERR_remove_state (0); /* free state buffer */ #ifdef HAVE_ERR_REMOVE_THREAD_STATE
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L
/* OpenSSL handles this itself in 1.1+ and this is a no-op */
ERR_remove_thread_state (NULL);
#endif
#else
ERR_remove_state (0);
#endif
} }
/* Hostname validation code based on OpenBSD's libtls. */ /* Hostname validation code based on OpenBSD's libtls. */
@ -438,13 +445,17 @@ _SSL_check_subject_altname (X509 *cert, const char *host)
if (type == GEN_DNS) if (type == GEN_DNS)
{ {
unsigned char *data; const unsigned char *data;
int format; int format;
format = ASN1_STRING_type (altname->d.dNSName); format = ASN1_STRING_type (altname->d.dNSName);
if (format == V_ASN1_IA5STRING) if (format == V_ASN1_IA5STRING)
{ {
#ifdef HAVE_ASN1_STRING_GET0_DATA
data = ASN1_STRING_get0_data (altname->d.dNSName);
#else
data = ASN1_STRING_data (altname->d.dNSName); data = ASN1_STRING_data (altname->d.dNSName);
#endif
if (ASN1_STRING_length (altname->d.dNSName) != (int)strlen(data)) if (ASN1_STRING_length (altname->d.dNSName) != (int)strlen(data))
{ {
@ -465,12 +476,16 @@ _SSL_check_subject_altname (X509 *cert, const char *host)
} }
else if (type == GEN_IPADD) else if (type == GEN_IPADD)
{ {
unsigned char *data; const unsigned char *data;
const guint8 *addr_bytes; const guint8 *addr_bytes;
int datalen, addr_len; int datalen, addr_len;
datalen = ASN1_STRING_length (altname->d.iPAddress); datalen = ASN1_STRING_length (altname->d.iPAddress);
#ifdef HAVE_ASN1_STRING_GET0_DATA
data = ASN1_STRING_get0_data (altname->d.iPAddress);
#else
data = ASN1_STRING_data (altname->d.iPAddress); data = ASN1_STRING_data (altname->d.iPAddress);
#endif
addr_bytes = g_inet_address_to_bytes (addr); addr_bytes = g_inet_address_to_bytes (addr);
addr_len = (int)g_inet_address_get_native_size (addr); addr_len = (int)g_inet_address_get_native_size (addr);