Date: Tue, 16 Oct 2018 20:03:55 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r482245 - head/sysutils/tlsdate/files Message-ID: <201810162003.w9GK3tld009908@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Tue Oct 16 20:03:54 2018 New Revision: 482245 URL: https://svnweb.freebsd.org/changeset/ports/482245 Log: Fix build with OpenSSL 1.1.x Obtained from: https://chromium-review.googlesource.com/c/chromiumos/third_party/tlsdate/+/549533 Added: head/sysutils/tlsdate/files/patch-src_openssl__compat.h (contents, props changed) head/sysutils/tlsdate/files/patch-src_proxy-bio.c (contents, props changed) head/sysutils/tlsdate/files/patch-src_test-bio.c (contents, props changed) Modified: head/sysutils/tlsdate/files/patch-src_tlsdate-helper.c Added: head/sysutils/tlsdate/files/patch-src_openssl__compat.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/tlsdate/files/patch-src_openssl__compat.h Tue Oct 16 20:03:54 2018 (r482245) @@ -0,0 +1,36 @@ +Obtained from: https://chromium-review.googlesource.com/c/chromiumos/third_party/tlsdate/+/549533 + +--- src/openssl_compat.h.orig 2018-10-16 13:25:06 UTC ++++ src/openssl_compat.h +@@ -0,0 +1,31 @@ ++/* ++ * openssl_compat.h - OpenSSL 1.1 Compatability Layer ++ * Copyright 2017 The Chromium OS Authors. All rights reserved. ++ * Use of this source code is governed by a BSD-style license that can be ++ * found in the LICENSE file. ++ */ ++#ifndef SRC_OPENSSL_COMPAT_H_ ++#define SRC_OPENSSL_COMPAT_H_ ++ ++#include <openssl/bio.h> ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++static inline void BIO_set_data(BIO *a, void *ptr) ++{ ++ a->ptr = ptr; ++} ++ ++static inline void *BIO_get_data(BIO *a) ++{ ++ return a ? a->ptr : NULL; ++} ++ ++static inline void BIO_set_init(BIO *a, int init) ++{ ++ a->init = init; ++} ++ ++#endif ++ ++#endif /* SRC_OPENSSL_COMPAT_H_ */ Added: head/sysutils/tlsdate/files/patch-src_proxy-bio.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/tlsdate/files/patch-src_proxy-bio.c Tue Oct 16 20:03:54 2018 (r482245) @@ -0,0 +1,332 @@ +Obtained from: https://chromium-review.googlesource.com/c/chromiumos/third_party/tlsdate/+/549533 + +--- src/proxy-bio.c.orig 2015-05-28 18:49:40 UTC ++++ src/proxy-bio.c +@@ -35,6 +35,7 @@ + #include "src/common/strnlen.h" + #endif + ++#include "src/openssl_compat.h" + #include "src/proxy-bio.h" + + int socks4a_connect (BIO *b); +@@ -50,29 +51,29 @@ int proxy_new (BIO *b) + ctx->connect = NULL; + ctx->host = NULL; + ctx->port = 0; +- b->init = 1; +- b->flags = 0; +- b->ptr = ctx; ++ BIO_set_init(b, 1); ++ BIO_clear_flags(b, ~0); ++ BIO_set_data(b, ctx); + return 1; + } + + int proxy_free (BIO *b) + { + struct proxy_ctx *c; +- if (!b || !b->ptr) ++ if (!b || !BIO_get_data(b)) + return 1; +- c = (struct proxy_ctx *) b->ptr; ++ c = (struct proxy_ctx *) BIO_get_data(b); + if (c->host) + free (c->host); + c->host = NULL; +- b->ptr = NULL; ++ BIO_set_data(b, NULL); + free (c); + return 1; + } + + int socks4a_connect (BIO *b) + { +- struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; ++ struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b); + int r; + unsigned char buf[NI_MAXHOST + 16]; + uint16_t port_n = htons (ctx->port); +@@ -102,13 +103,13 @@ int socks4a_connect (BIO *b) + + memcpy (buf + sz, ctx->host, strlen (ctx->host) + 1); + sz += strlen (ctx->host) + 1; +- r = BIO_write (b->next_bio, buf, sz); ++ r = BIO_write (BIO_next(b), buf, sz); + if ( -1 == r ) + return -1; + if ( (size_t) r != sz) + return 0; + /* server reply: 1 + 1 + 2 + 4 */ +- r = BIO_read (b->next_bio, buf, 8); ++ r = BIO_read (BIO_next(b), buf, 8); + if ( -1 == r ) + return -1; + if ( (size_t) r != 8) +@@ -126,7 +127,7 @@ int socks5_connect (BIO *b) + { + unsigned char buf[NI_MAXHOST + 16]; + int r; +- struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; ++ struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b); + uint16_t port_n = htons (ctx->port); + size_t sz = 0; + /* the length for SOCKS addresses is only one byte. */ +@@ -145,10 +146,10 @@ int socks5_connect (BIO *b) + buf[0] = 0x05; + buf[1] = 0x01; + buf[2] = 0x00; +- r = BIO_write (b->next_bio, buf, 3); ++ r = BIO_write (BIO_next(b), buf, 3); + if (r != 3) + return 0; +- r = BIO_read (b->next_bio, buf, 2); ++ r = BIO_read (BIO_next(b), buf, 2); + if (r != 2) + return 0; + if (buf[0] != 0x05 || buf[1] != 0x00) +@@ -175,7 +176,7 @@ int socks5_connect (BIO *b) + sz += strlen (ctx->host); + memcpy (buf + sz, &port_n, sizeof (port_n)); + sz += sizeof (port_n); +- r = BIO_write (b->next_bio, buf, sz); ++ r = BIO_write (BIO_next(b), buf, sz); + if ( -1 == r ) + return -1; + if ( (size_t) r != sz) +@@ -190,7 +191,7 @@ int socks5_connect (BIO *b) + * 2b: port, network byte order + */ + /* grab up through the addr type */ +- r = BIO_read (b->next_bio, buf, 4); ++ r = BIO_read (BIO_next(b), buf, 4); + if ( -1 == r ) + return -1; + if (r != 4) +@@ -203,14 +204,14 @@ int socks5_connect (BIO *b) + if (buf[3] == 0x03) + { + unsigned int len; +- r = BIO_read (b->next_bio, buf + 4, 1); ++ r = BIO_read (BIO_next(b), buf + 4, 1); + if (r != 1) + return 0; + /* host (buf[4] bytes) + port (2 bytes) */ + len = buf[4] + 2; + while (len) + { +- r = BIO_read (b->next_bio, buf + 5, min (len, sizeof (buf))); ++ r = BIO_read (BIO_next(b), buf + 5, min (len, sizeof (buf))); + if (r <= 0) + return 0; + len -= min (len, r); +@@ -219,7 +220,7 @@ int socks5_connect (BIO *b) + else if (buf[3] == 0x01) + { + /* 4 bytes ipv4 addr, 2 bytes port */ +- r = BIO_read (b->next_bio, buf + 4, 6); ++ r = BIO_read (BIO_next(b), buf + 4, 6); + if (r != 6) + return 0; + } +@@ -248,30 +249,30 @@ int sock_gets (BIO *b, char *buf, size_t + int http_connect (BIO *b) + { + int r; +- struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; ++ struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b); + char buf[4096]; + int retcode; + snprintf (buf, sizeof (buf), "CONNECT %s:%d HTTP/1.1\r\n", + ctx->host, ctx->port); +- r = BIO_write (b->next_bio, buf, strlen (buf)); ++ r = BIO_write (BIO_next(b), buf, strlen (buf)); + if ( -1 == r ) + return -1; + if ( (size_t) r != strlen(buf)) + return 0; + /* required by RFC 2616 14.23 */ + snprintf (buf, sizeof (buf), "Host: %s:%d\r\n", ctx->host, ctx->port); +- r = BIO_write (b->next_bio, buf, strlen (buf)); ++ r = BIO_write (BIO_next(b), buf, strlen (buf)); + if ( -1 == r ) + return -1; + if ( (size_t) r != strlen(buf)) + return 0; + strcpy (buf, "\r\n"); +- r = BIO_write (b->next_bio, buf, strlen (buf)); ++ r = BIO_write (BIO_next(b), buf, strlen (buf)); + if ( -1 == r ) + return -1; + if ( (size_t) r != strlen(buf)) + return 0; +- r = sock_gets (b->next_bio, buf, sizeof (buf)); ++ r = sock_gets (BIO_next(b), buf, sizeof (buf)); + if (r) + return 0; + /* use %*s to ignore the version */ +@@ -279,7 +280,7 @@ int http_connect (BIO *b) + return 0; + if (retcode < 200 || retcode > 299) + return 0; +- while (! (r = sock_gets (b->next_bio, buf, sizeof (buf)))) ++ while (! (r = sock_gets (BIO_next(b), buf, sizeof (buf)))) + { + if (!strcmp (buf, "\r\n")) + { +@@ -294,12 +295,12 @@ int http_connect (BIO *b) + int proxy_write (BIO *b, const char *buf, int sz) + { + int r; +- struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; ++ struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b); + + assert (buf); + if (sz <= 0) + return 0; +- if (!b->next_bio) ++ if (!BIO_next(b)) + return 0; + if (!ctx->connected) + { +@@ -307,7 +308,7 @@ int proxy_write (BIO *b, const char *buf + if (!ctx->connect (b)) + return 0; + } +- r = BIO_write (b->next_bio, buf, sz); ++ r = BIO_write (BIO_next(b), buf, sz); + BIO_clear_retry_flags (b); + BIO_copy_next_retry (b); + return r; +@@ -316,10 +317,10 @@ int proxy_write (BIO *b, const char *buf + int proxy_read (BIO *b, char *buf, int sz) + { + int r; +- struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; ++ struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b); + + assert (buf); +- if (!b->next_bio) ++ if (!BIO_next(b)) + return 0; + if (!ctx->connected) + { +@@ -327,7 +328,7 @@ int proxy_read (BIO *b, char *buf, int s + if (!ctx->connect (b)) + return 0; + } +- r = BIO_read (b->next_bio, buf, sz); ++ r = BIO_read (BIO_next(b), buf, sz); + BIO_clear_retry_flags (b); + BIO_copy_next_retry (b); + return r; +@@ -337,43 +338,45 @@ long proxy_ctrl (BIO *b, int cmd, long n + { + long ret; + struct proxy_ctx *ctx; +- if (!b->next_bio) ++ if (!BIO_next(b)) + return 0; +- ctx = (struct proxy_ctx *) b->ptr; ++ ctx = (struct proxy_ctx *) BIO_get_data(b); + assert (ctx); + switch (cmd) + { + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags (b); +- ret = BIO_ctrl (b->next_bio, cmd, num, ptr); ++ ret = BIO_ctrl (BIO_next(b), cmd, num, ptr); + BIO_copy_next_retry (b); + break; + case BIO_CTRL_DUP: + ret = 0; + break; + default: +- ret = BIO_ctrl (b->next_bio, cmd, num, ptr); ++ ret = BIO_ctrl (BIO_next(b), cmd, num, ptr); + } + return ret; + } + + int proxy_gets (BIO *b, char *buf, int size) + { +- return BIO_gets (b->next_bio, buf, size); ++ return BIO_gets (BIO_next(b), buf, size); + } + + int proxy_puts (BIO *b, const char *str) + { +- return BIO_puts (b->next_bio, str); ++ return BIO_puts (BIO_next(b), str); + } + + long proxy_callback_ctrl (BIO *b, int cmd, bio_info_cb *fp) + { +- if (!b->next_bio) ++ if (!BIO_next(b)) + return 0; +- return BIO_callback_ctrl (b->next_bio, cmd, fp); ++ return BIO_callback_ctrl (BIO_next(b), cmd, fp); + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ + BIO_METHOD proxy_methods = + { + BIO_TYPE_MEM, +@@ -393,6 +396,29 @@ BIO_METHOD *BIO_f_proxy() + return &proxy_methods; + } + ++#else ++ ++static BIO_METHOD *proxy_methods; ++ ++BIO_METHOD *BIO_f_proxy() ++{ ++ if (!proxy_methods) { ++ proxy_methods = BIO_meth_new(BIO_TYPE_MEM, "proxy"); ++ BIO_meth_set_write(proxy_methods, proxy_write); ++ BIO_meth_set_read(proxy_methods, proxy_read); ++ BIO_meth_set_puts(proxy_methods, proxy_puts); ++ BIO_meth_set_gets(proxy_methods, proxy_gets); ++ BIO_meth_set_ctrl(proxy_methods, proxy_ctrl); ++ BIO_meth_set_create(proxy_methods, proxy_new); ++ BIO_meth_set_destroy(proxy_methods, proxy_free); ++ BIO_meth_set_callback_ctrl(proxy_methods, proxy_callback_ctrl); ++ } ++ ++ return proxy_methods; ++} ++ ++#endif ++ + /* API starts here */ + + BIO API *BIO_new_proxy() +@@ -402,7 +428,7 @@ BIO API *BIO_new_proxy() + + int API BIO_proxy_set_type (BIO *b, const char *type) + { +- struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; ++ struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b); + if (!strcmp (type, "socks5")) + ctx->connect = socks5_connect; + else if (!strcmp (type, "socks4a")) +@@ -416,7 +442,7 @@ int API BIO_proxy_set_type (BIO *b, cons + + int API BIO_proxy_set_host (BIO *b, const char *host) + { +- struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; ++ struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b); + if (strnlen (host, NI_MAXHOST) == NI_MAXHOST) + return 1; + ctx->host = strdup (host); +@@ -425,6 +451,6 @@ int API BIO_proxy_set_host (BIO *b, cons + + void API BIO_proxy_set_port (BIO *b, uint16_t port) + { +- struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; ++ struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b); + ctx->port = port; + } Added: head/sysutils/tlsdate/files/patch-src_test-bio.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/tlsdate/files/patch-src_test-bio.c Tue Oct 16 20:03:54 2018 (r482245) @@ -0,0 +1,81 @@ +Obtained from: https://chromium-review.googlesource.com/c/chromiumos/third_party/tlsdate/+/549533 + +--- src/test-bio.c.orig 2015-05-28 18:49:40 UTC ++++ src/test-bio.c +@@ -15,6 +15,7 @@ + #include <assert.h> + #include <string.h> + ++#include "src/openssl_compat.h" + #include "src/test-bio.h" + #include "src/util.h" + +@@ -34,7 +35,7 @@ struct test_ctx + + static struct test_ctx *bio_ctx (BIO *b) + { +- struct test_ctx *ctx = b->ptr; ++ struct test_ctx *ctx = BIO_get_data(b); + assert (ctx->magic == kMagic); + return ctx; + } +@@ -70,16 +71,16 @@ int test_new (BIO *b) + ctx->insz = 0; + ctx->out = NULL; + ctx->outsz = 0; +- b->init = 1; +- b->flags = 0; +- b->ptr = ctx; ++ BIO_set_init(b, 1); ++ BIO_clear_flags(b, ~0); ++ BIO_set_data(b, ctx); + return 1; + } + + int test_free (BIO *b) + { + struct test_ctx *ctx; +- if (!b || !b->ptr) ++ if (!b || !BIO_get_data(b)) + return 1; + ctx = bio_ctx (b); + free (ctx->in); +@@ -114,6 +115,8 @@ long test_callback_ctrl (BIO *b, int cmd + return 0; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ + BIO_METHOD test_methods = + { + BIO_TYPE_SOCKET, +@@ -133,6 +136,29 @@ BIO_METHOD *BIO_s_test() + return &test_methods; + } + ++#else ++ ++static BIO_METHOD *test_methods; ++ ++BIO_METHOD *BIO_s_test() ++{ ++ if (!test_methods) { ++ test_methods = BIO_meth_new(BIO_TYPE_SOCKET, "test"); ++ BIO_meth_set_write(test_methods, test_write); ++ BIO_meth_set_read(test_methods, test_read); ++ BIO_meth_set_puts(test_methods, NULL); ++ BIO_meth_set_gets(test_methods, NULL); ++ BIO_meth_set_ctrl(test_methods, test_ctrl); ++ BIO_meth_set_create(test_methods, test_new); ++ BIO_meth_set_destroy(test_methods, test_free); ++ BIO_meth_set_callback_ctrl(test_methods, test_callback_ctrl); ++ } ++ ++ return test_methods; ++} ++ ++#endif ++ + BIO API *BIO_new_test() + { + return BIO_new (BIO_s_test()); Modified: head/sysutils/tlsdate/files/patch-src_tlsdate-helper.c ============================================================================== --- head/sysutils/tlsdate/files/patch-src_tlsdate-helper.c Tue Oct 16 20:03:46 2018 (r482244) +++ head/sysutils/tlsdate/files/patch-src_tlsdate-helper.c Tue Oct 16 20:03:54 2018 (r482245) @@ -1,15 +1,201 @@ +Obtained from: https://chromium-review.googlesource.com/c/chromiumos/third_party/tlsdate/+/549533 + --- src/tlsdate-helper.c.orig 2015-05-28 18:49:40 UTC +++ src/tlsdate-helper.c -@@ -1133,10 +1133,12 @@ run_ssl (uint32_t *time_map, int time_is +@@ -370,11 +370,29 @@ xfree (void *ptr) + free(ptr); + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++size_t ++SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) ++{ ++ size_t ret = min(outlen, sizeof(uint32_t)); ++ // Per https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_server_random.html ++ // If outlen is 0, return the maximum number of bytes that would be copied. ++ if (!outlen) ++ return sizeof(uint32_t); ++ memcpy(out, ssl->s3->server_random, ret); ++ return ret; ++} ++#endif ++ + void + openssl_time_callback (const SSL* ssl, int where, int ret) + { + if (where == SSL_CB_CONNECT_LOOP && ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + (ssl->state == SSL3_ST_CR_SRVR_HELLO_A || ssl->state == SSL3_ST_CR_SRVR_HELLO_B)) ++#else ++ (SSL_get_state(ssl) == TLS_ST_CR_SRVR_HELLO)) ++#endif { + // XXX TODO: If we want to trust the remote system for time, + // can we just read that time out of the remote system and if the +@@ -387,7 +405,7 @@ openssl_time_callback (const SSL* ssl, i + uint32_t max_reasonable_time = MAX_REASONABLE_TIME; + uint32_t server_time; + verb("V: freezing time for x509 verification"); +- memcpy(&server_time, ssl->s3->server_random, sizeof(uint32_t)); ++ SSL_get_server_random(ssl, (unsigned char *)&server_time, sizeof (uint32_t)); + if (compiled_time < ntohl(server_time) + && + ntohl(server_time) < max_reasonable_time) +@@ -395,7 +413,7 @@ openssl_time_callback (const SSL* ssl, i + verb("V: remote peer provided: %d, preferred over compile time: %d", + ntohl(server_time), compiled_time); + verb("V: freezing time with X509_VERIFY_PARAM_set_time"); +- X509_VERIFY_PARAM_set_time(ssl->ctx->cert_store->param, ++ X509_VERIFY_PARAM_set_time(SSL_get0_param((SSL *)ssl), + (time_t) ntohl(server_time) + 86400); + } else { + die("V: the remote server is a false ticker! server: %d compile: %d", +@@ -404,6 +422,12 @@ openssl_time_callback (const SSL* ssl, i + } + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define EVP_PKEY_BN_bits(p, k) BN_num_bits((p)->pkey.k) ++#else ++#define EVP_PKEY_BN_bits(p, k) EVP_PKEY_bits(p) ++#endif ++ + uint32_t + get_certificate_keybits (EVP_PKEY *public_key) + { +@@ -411,39 +435,39 @@ get_certificate_keybits (EVP_PKEY *publi + In theory, we could use check_bitlen_dsa() and check_bitlen_rsa() + */ + uint32_t key_bits; +- switch (public_key->type) ++ switch (EVP_PKEY_id(public_key)) + { + case EVP_PKEY_RSA: + verb("V: key type: EVP_PKEY_RSA"); +- key_bits = BN_num_bits(public_key->pkey.rsa->n); ++ key_bits = EVP_PKEY_BN_bits(public_key, rsa->n); + break; + case EVP_PKEY_RSA2: + verb("V: key type: EVP_PKEY_RSA2"); +- key_bits = BN_num_bits(public_key->pkey.rsa->n); ++ key_bits = EVP_PKEY_BN_bits(public_key, rsa->n); + break; + case EVP_PKEY_DSA: + verb("V: key type: EVP_PKEY_DSA"); +- key_bits = BN_num_bits(public_key->pkey.dsa->p); ++ key_bits = EVP_PKEY_BN_bits(public_key, dsa->p); + break; + case EVP_PKEY_DSA1: + verb("V: key type: EVP_PKEY_DSA1"); +- key_bits = BN_num_bits(public_key->pkey.dsa->p); ++ key_bits = EVP_PKEY_BN_bits(public_key, dsa->p); + break; + case EVP_PKEY_DSA2: + verb("V: key type: EVP_PKEY_DSA2"); +- key_bits = BN_num_bits(public_key->pkey.dsa->p); ++ key_bits = EVP_PKEY_BN_bits(public_key, dsa->p); + break; + case EVP_PKEY_DSA3: + verb("V: key type: EVP_PKEY_DSA3"); +- key_bits = BN_num_bits(public_key->pkey.dsa->p); ++ key_bits = EVP_PKEY_BN_bits(public_key, dsa->p); + break; + case EVP_PKEY_DSA4: + verb("V: key type: EVP_PKEY_DSA4"); +- key_bits = BN_num_bits(public_key->pkey.dsa->p); ++ key_bits = EVP_PKEY_BN_bits(public_key, dsa->p); + break; + case EVP_PKEY_DH: + verb("V: key type: EVP_PKEY_DH"); +- key_bits = BN_num_bits(public_key->pkey.dh->pub_key); ++ key_bits = EVP_PKEY_BN_bits(public_key, dh->pub_key); + break; + case EVP_PKEY_EC: + verb("V: key type: EVP_PKEY_EC"); +@@ -681,7 +705,9 @@ check_san (SSL *ssl, const char *hostnam + + int j; + void *extvalstr; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + const unsigned char *tmp; ++#endif + + STACK_OF(CONF_VALUE) *val; + CONF_VALUE *nval; +@@ -695,6 +721,7 @@ check_san (SSL *ssl, const char *hostnam + break; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + tmp = ext->value->data; + if (method->it) + { +@@ -703,7 +730,9 @@ check_san (SSL *ssl, const char *hostnam + } else { + extvalstr = method->d2i(NULL, &tmp, ext->value->length); + } +- ++#else ++ extvalstr = X509V3_EXT_d2i(ext); ++#endif + if (!extvalstr) + { + break; +@@ -886,11 +915,11 @@ check_key_length (SSL *ssl) + } + + key_bits = get_certificate_keybits (public_key); +- if (MIN_PUB_KEY_LEN >= key_bits && public_key->type != EVP_PKEY_EC) ++ if (MIN_PUB_KEY_LEN >= key_bits && EVP_PKEY_id(public_key) != EVP_PKEY_EC) + { + die ("Unsafe public key size: %d bits", key_bits); + } else { +- if (public_key->type == EVP_PKEY_EC) ++ if (EVP_PKEY_id(public_key) == EVP_PKEY_EC) + if(key_bits >= MIN_ECC_PUB_KEY_LEN + && key_bits <= MAX_ECC_PUB_KEY_LEN) + { +@@ -1129,20 +1158,34 @@ run_ssl (uint32_t *time_map, int time_is + SSL_library_init(); + + ctx = NULL; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (0 == strcmp("sslv23", protocol)) + { verb ("V: using SSLv23_client_method()"); ctx = SSL_CTX_new(SSLv23_client_method()); -+#ifndef OPENSSL_NO_SSL3 ++#ifndef OPENSSL_NO_SSL3_METHOD } else if (0 == strcmp("sslv3", protocol)) { verb ("V: using SSLv3_client_method()"); ctx = SSL_CTX_new(SSLv3_client_method()); +#endif ++#ifndef OPENSSL_NO_TLS1_METHOD } else if (0 == strcmp("tlsv1", protocol)) { verb ("V: using TLSv1_client_method()"); + ctx = SSL_CTX_new(TLSv1_client_method()); ++#endif + } else + die("Unsupported protocol `%s'", protocol); ++#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ ++ /* ++ * Use general-purpose version-flexible SSL/TLS method. The actual protocol ++ * version used will be negotiated to the highest version mutually supported ++ * by the client and the server. ++ */ ++ verb ("V: using TLS_client_method()\n"); ++ ctx = SSL_CTX_new(TLS_client_method()); ++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + + if (ctx == NULL) + die("OpenSSL failed to support protocol `%s'", protocol); +@@ -1204,7 +1247,7 @@ run_ssl (uint32_t *time_map, int time_is + + // from /usr/include/openssl/ssl3.h + // ssl->s3->server_random is an unsigned char of 32 bits +- memcpy(&result_time, ssl->s3->server_random, sizeof (uint32_t)); ++ SSL_get_server_random(ssl, (unsigned char *)&result_time, sizeof (uint32_t)); + verb("V: In TLS response, T=%lu", (unsigned long)ntohl(result_time)); + + if (http) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810162003.w9GK3tld009908>