INN commit: trunk (13 files)
INN Commit
rra at isc.org
Sun Nov 10 13:13:34 UTC 2013
Date: Sunday, November 10, 2013 @ 05:13:34
Author: iulius
Revision: 9563
improve OpenSSL support
* sync with latest rra-c-util version of openssl.m4
* use HAVE_OPENSSL instead of HAVE_SSL
* fix how --enable-reduced-depends works with OpenSSL support (that
flag behaves the opposite it was supposed to)
* search for the dl library to link with, if needed
Modified:
trunk/innd/nc.c
trunk/lib/innconf.c
trunk/m4/openssl.m4
trunk/nnrpd/article.c
trunk/nnrpd/commands.c
trunk/nnrpd/line.c
trunk/nnrpd/misc.c
trunk/nnrpd/nnrpd.c
trunk/nnrpd/nnrpd.h
trunk/nnrpd/perm.c
trunk/nnrpd/sasl.c
trunk/nnrpd/tls.c
trunk/nnrpd/tls.h
------------------+
innd/nc.c | 2 +-
lib/innconf.c | 6 +++---
m4/openssl.m4 | 35 +++++++++++++++++++++++------------
nnrpd/article.c | 6 +++---
nnrpd/commands.c | 8 ++++----
nnrpd/line.c | 14 +++++++-------
nnrpd/misc.c | 8 ++++----
nnrpd/nnrpd.c | 30 +++++++++++++++---------------
nnrpd/nnrpd.h | 4 ++--
nnrpd/perm.c | 32 ++++++++++++++++----------------
nnrpd/sasl.c | 10 +++++-----
nnrpd/tls.c | 6 +++---
nnrpd/tls.h | 4 ++--
13 files changed, 88 insertions(+), 77 deletions(-)
Modified: innd/nc.c
===================================================================
--- innd/nc.c 2013-11-06 23:08:44 UTC (rev 9562)
+++ innd/nc.c 2013-11-10 13:13:34 UTC (rev 9563)
@@ -98,7 +98,7 @@
COMMAND_READER("NEXT"),
COMMAND_READER("OVER"),
COMMAND_READER("POST"),
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
COMMAND_READER("STARTTLS"),
#endif
COMMAND_READER("XGTITLE"),
Modified: lib/innconf.c
===================================================================
--- lib/innconf.c 2013-11-06 23:08:44 UTC (rev 9562)
+++ lib/innconf.c 2013-11-10 13:13:34 UTC (rev 9563)
@@ -226,12 +226,12 @@
{ K(readertrack), BOOL (false) },
{ K(spoolfirst), BOOL (false) },
{ K(strippostcc), BOOL (false) },
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
{ K(tlscafile), STRING ("") },
{ K(tlscapath), STRING (NULL) },
{ K(tlscertfile), STRING (NULL) },
{ K(tlskeyfile), STRING (NULL) },
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
/* The following settings are used by nnrpd and rnews. */
{ K(nnrpdposthost), STRING (NULL) },
@@ -369,7 +369,7 @@
innconf->extraoverviewhidden = vector_new();
/* Defaults used only if TLS (SSL) is supported. */
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
if (innconf->tlscapath == NULL)
innconf->tlscapath = xstrdup(innconf->pathetc);
if (innconf->tlscertfile == NULL)
Modified: m4/openssl.m4
===================================================================
--- m4/openssl.m4 2013-11-06 23:08:44 UTC (rev 9562)
+++ m4/openssl.m4 2013-11-10 13:13:34 UTC (rev 9563)
@@ -13,14 +13,15 @@
dnl SSL or crypto libraries, saving the current values first, and
dnl INN_LIB_OPENSSL_RESTORE and INN_LIB_CRYPTO_RESTORE to restore those
dnl settings to before the last INN_LIB_OPENSSL_SWITCH or
-dnl INN_LIB_CRYPTO_SWITCH.
+dnl INN_LIB_CRYPTO_SWITCH. Defines HAVE_OPENSSL and sets inn_use_OPENSSL to
+dnl true if the library is found.
dnl
-dnl Depends on the lib-helper.m4 framework.
+dnl Depends on INN_ENABLE_REDUCED_DEPENDS and the lib-helper.m4 framework.
dnl
dnl The canonical version of this file is maintained in the rra-c-util
dnl package, available at <http://www.eyrie.org/~eagle/software/rra-c-util/>.
dnl
-dnl Written by Russ Allbery <rra at stanford.edu>
+dnl Written by Russ Allbery <eagle at eyrie.org>
dnl Copyright 2010, 2013
dnl The Board of Trustees of the Leland Stanford Junior University
dnl
@@ -43,7 +44,8 @@
dnl argument, if "true", says to fail if the OpenSSL SSL library could not be
dnl found.
AC_DEFUN([_INN_LIB_OPENSSL_INTERNAL],
-[INN_LIB_HELPER_PATHS([OPENSSL])
+[AC_REQUIRE([INN_ENABLE_REDUCED_DEPENDS])
+ INN_LIB_HELPER_PATHS([OPENSSL])
CRYPTO_CPPFLAGS="$OPENSSL_CPPFLAGS"
CRYPTO_LDFLAGS="$OPENSSL_LDFLAGS"
CRYPTO_LIBS=
@@ -51,18 +53,26 @@
AC_SUBST([CRYPTO_LDFLAGS])
AC_SUBST([CRYPTO_LIBS])
INN_LIB_OPENSSL_SWITCH
- AC_CHECK_LIB([crypto], [AES_cbc_encrypt], [CRYPTO_LIBS=-lcrypto],
+ inn_openssl_extra=
+ LIBS=
+ AS_IF([test x"$inn_reduced_depends" != xtrue],
+ [AC_SEARCH_LIBS([dlopen], [dl])])
+ inn_openssl_extra="$LIBS"
+ LIBS="$inn_OPENSSL_save_LIBS"
+ AC_CHECK_LIB([crypto], [AES_cbc_encrypt],
+ [CRYPTO_LIBS="-lcrypto $inn_openssl_extra"],
[AS_IF([test x"$1" = xtrue],
- [AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])])
+ [AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])],
+ [$inn_openssl_extra])
AS_IF([test x"$inn_reduced_depends" = xtrue],
+ [AC_CHECK_LIB([ssl], [SSL_library_init], [OPENSSL_LIBS=-lssl],
+ [AS_IF([test x"$1" = xtrue],
+ [AC_MSG_ERROR([cannot find usable OpenSSL library])])])],
[AC_CHECK_LIB([ssl], [SSL_library_init],
[OPENSSL_LIBS="-lssl $CRYPTO_LIBS"],
[AS_IF([test x"$1" = xtrue],
[AC_MSG_ERROR([cannot find usable OpenSSL library])])],
- [$CRYPTO_LIBS])],
- [AC_CHECK_LIB([ssl], [SSL_library_init], [OPENSSL_LIBS=-lssl],
- [AS_IF([test x"$1" = xtrue],
- [AC_MSG_ERROR([cannot find usable OpenSSL library])])])])
+ [$CRYPTO_LIBS])])
INN_LIB_OPENSSL_RESTORE])
dnl The main macro for packages with mandatory OpenSSL support.
@@ -70,7 +80,8 @@
[INN_LIB_HELPER_VAR_INIT([OPENSSL])
INN_LIB_HELPER_WITH([openssl], [OpenSSL], [OPENSSL])
_INN_LIB_OPENSSL_INTERNAL([true])
- AC_DEFINE([HAVE_SSL], 1, [Define if libssl is available.])])
+ inn_use_OPENSSL=true
+ AC_DEFINE([HAVE_OPENSSL], 1, [Define if libssl is available.])])
dnl The main macro for packages with optional OpenSSL support.
AC_DEFUN([INN_LIB_OPENSSL_OPTIONAL],
@@ -82,4 +93,4 @@
[_INN_LIB_OPENSSL_INTERNAL([false])])])
AS_IF([test x"$OPENSSL_LIBS" != x],
[inn_use_OPENSSL=true
- AC_DEFINE([HAVE_SSL], 1, [Define if libssl is available.])])])
+ AC_DEFINE([HAVE_OPENSSL], 1, [Define if libssl is available.])])])
Modified: nnrpd/article.c
===================================================================
--- nnrpd/article.c 2013-11-06 23:08:44 UTC (rev 9562)
+++ nnrpd/article.c 2013-11-10 13:13:34 UTC (rev 9563)
@@ -20,7 +20,7 @@
#include "tls.h"
#include "cache.h"
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
extern SSL *tls_conn;
#endif
@@ -74,7 +74,7 @@
TMRstart(TMR_NNTPWRITE);
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
if (tls_conn) {
Again:
result = SSL_writev(tls_conn, vec, *countp);
@@ -94,7 +94,7 @@
break;
}
} else
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
result = xwritev(STDOUT_FILENO, vec, *countp);
TMRstop(TMR_NNTPWRITE);
Modified: nnrpd/commands.c
===================================================================
--- nnrpd/commands.c 2013-11-06 23:08:44 UTC (rev 9562)
+++ nnrpd/commands.c 2013-11-10 13:13:34 UTC (rev 9563)
@@ -13,9 +13,9 @@
#include "inn/version.h"
#include "tls.h"
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
extern bool nnrpd_starttls_done;
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
typedef struct {
char *name;
@@ -308,7 +308,7 @@
return;
}
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
/* Check whether STARTTLS must be used before trying to authenticate. */
if (PERMcanauthenticate && !PERMcanauthenticatewithoutSSL
&& !nnrpd_starttls_done) {
@@ -337,7 +337,7 @@
return;
}
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
/* Check whether STARTTLS must be used before trying to authenticate. */
if (PERMcanauthenticate && !PERMcanauthenticatewithoutSSL
&& !nnrpd_starttls_done) {
Modified: nnrpd/line.c
===================================================================
--- nnrpd/line.c 2013-11-06 23:08:44 UTC (rev 9562)
+++ nnrpd/line.c 2013-11-10 13:13:34 UTC (rev 9563)
@@ -23,7 +23,7 @@
#include <signal.h>
#include "tls.h"
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
extern SSL *tls_conn;
#endif
@@ -41,7 +41,7 @@
}
}
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
/*
** Alarm signal handler for client timeout.
*/
@@ -78,7 +78,7 @@
}
/*
-** Timeout is used only if HAVE_SSL is defined.
+** Timeout is used only if HAVE_OPENSSL is defined.
*/
static ssize_t
line_doread(void *p, size_t len, int timeout UNUSED)
@@ -86,7 +86,7 @@
ssize_t n;
do {
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
if (tls_conn) {
int err;
xsignal(SIGALRM, alarmHandler);
@@ -111,7 +111,7 @@
} while (err == SSL_ERROR_WANT_READ);
xsignal (SIGALRM, SIG_DFL);
} else
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
do {
n = read(STDIN_FILENO, p, len);
} while (n == -1 && errno == EINTR);
@@ -201,7 +201,7 @@
}
}
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
/* It seems that the SSL_read cannot be mixed with select()
* as in the current code. SSL communicates in its own data
* blocks and hand shaking. The do_readline using SSL_read
@@ -241,7 +241,7 @@
/* If stdin didn't select, we must have timed out. */
if (i == 0 || !FD_ISSET(STDIN_FILENO, &rmask))
return RTtimeout;
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
}
#endif
count = line_doread(where,
Modified: nnrpd/misc.c
===================================================================
--- nnrpd/misc.c 2013-11-06 23:08:44 UTC (rev 9562)
+++ nnrpd/misc.c 2013-11-10 13:13:34 UTC (rev 9563)
@@ -15,10 +15,10 @@
#include "nnrpd.h"
#include "tls.h"
-/* Outside the ifdef so that make depend works even ifndef HAVE_SSL. */
+/* Outside the ifdef so that make depend works even ifndef HAVE_OPENSSL. */
#include "inn/ov.h"
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
extern SSL *tls_conn;
extern int tls_cipher_usebits;
extern char *tls_peer_CN;
@@ -449,7 +449,7 @@
return 1;
}
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
/*
** The STARTTLS command. RFC 4642.
*/
@@ -525,4 +525,4 @@
/* Reset our read buffer so as to prevent plaintext command injection. */
line_reset(&NNTPline);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
Modified: nnrpd/nnrpd.c
===================================================================
--- nnrpd/nnrpd.c 2013-11-06 23:08:44 UTC (rev 9562)
+++ nnrpd/nnrpd.c 2013-11-10 13:13:34 UTC (rev 9563)
@@ -32,7 +32,7 @@
#include "tls.h"
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
extern SSL *tls_conn;
bool nnrpd_starttls_done = false;
#endif
@@ -163,7 +163,7 @@
* protocol in RFC 3977. */
{ "SLAVE", CMD_unimp, false, 1, 1, true,
NULL },
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
{ "STARTTLS", CMDstarttls, false, 1, 1, true,
NULL },
#endif
@@ -235,7 +235,7 @@
syslog(L_NOTICE, "%s overstats count %ld hit %ld miss %ld time %ld size %ld dbz %ld seek %ld get %ld artcheck %ld", Client.host,
OVERcount, OVERhit, OVERmiss, OVERtime, OVERsize, OVERdbz, OVERseek, OVERget, OVERartcheck);
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
if (tls_conn) {
SSL_shutdown(tls_conn);
SSL_free(tls_conn);
@@ -371,13 +371,13 @@
/* No arguments if the server does not permit any authentication commands
* in its current state. */
if (PERMcanauthenticate) {
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
if (PERMcanauthenticatewithoutSSL || nnrpd_starttls_done) {
#endif
/* AUTHINFO USER is advertised only if a TLS layer is active,
* if compiled with TLS support. */
Printf(" USER");
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
} else {
#ifdef HAVE_SASL
/* Remove unsecure PLAIN, LOGIN and EXTERNAL SASL mechanisms,
@@ -400,7 +400,7 @@
}
#endif /* HAVE_SASL */
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
#ifdef HAVE_SASL
/* Check whether at least one SASL mechanism is available. */
if (mechlist != NULL && strlen(mechlist) > 2) {
@@ -443,7 +443,7 @@
}
#endif
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
/* A TLS layer is not active and the client is not already authenticated. */
if (!nnrpd_starttls_done
&& (!PERMauthorized || PERMneedauth || PERMcanauthenticate)) {
@@ -659,7 +659,7 @@
len -= n;
p += n;
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
if (tls_conn) {
int r;
@@ -681,7 +681,7 @@
break;
}
} else
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
do {
n = write(STDIN_FILENO, out, outlen);
} while (n == -1 && errno == EINTR);
@@ -914,11 +914,11 @@
}
#endif /* HAVE_SASL */
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
while ((i = getopt(argc, argv, "4:6:b:c:Dfi:I:nop:P:r:s:St")) != EOF)
#else
while ((i = getopt(argc, argv, "4:6:b:c:Dfi:I:nop:P:r:s:t")) != EOF)
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
switch (i) {
default:
Usage();
@@ -967,11 +967,11 @@
case 't': /* Tracing. */
Tracing = true;
break;
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
case 'S': /* Force SSL negotiation. */
initialSSL = true;
break;
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
}
argc -= optind;
if (argc)
@@ -1189,7 +1189,7 @@
xsignal(SIGHUP, ToggleTrace);
} /* DaemonMode */
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
if (initialSSL) {
tls_init();
if (tls_start_servertls(0, 1) == -1) {
@@ -1198,7 +1198,7 @@
}
nnrpd_starttls_done = true;
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
/* If requested, check the load average. */
if (innconf->nnrpdloadlimit != 0) {
Modified: nnrpd/nnrpd.h
===================================================================
--- nnrpd/nnrpd.h 2013-11-06 23:08:44 UTC (rev 9562)
+++ nnrpd/nnrpd.h 2013-11-10 13:13:34 UTC (rev 9563)
@@ -151,7 +151,7 @@
EXTERN bool PERMauthorized;
EXTERN bool PERMcanauthenticate;
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
EXTERN bool PERMcanauthenticatewithoutSSL;
#endif
EXTERN bool PERMcanpost;
@@ -250,7 +250,7 @@
extern void CMDxgtitle (int ac, char** av);
extern void CMDpat (int ac, char** av);
extern void CMD_unimp (int ac, char** av);
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
extern void CMDstarttls (int ac, char** av);
#endif
Modified: nnrpd/perm.c
===================================================================
--- nnrpd/perm.c 2013-11-06 23:08:44 UTC (rev 9562)
+++ nnrpd/perm.c 2013-11-10 13:13:34 UTC (rev 9563)
@@ -21,9 +21,9 @@
# include <sys/select.h>
#endif
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
extern bool nnrpd_starttls_done;
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
/* Data types. */
typedef struct _CONFCHAIN {
@@ -42,7 +42,7 @@
typedef struct _AUTHGROUP {
char *name;
char *key;
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
int require_ssl;
#endif
char *hosts;
@@ -160,7 +160,7 @@
#define PERMperl_access 58
#define PERMpython_access 59
#define PERMpython_dynamic 60
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
#define PERMrequire_ssl 61
#define PERMMAX 62
#else
@@ -249,7 +249,7 @@
{ PERMperl_access, (char *) "perl_access:" },
{ PERMpython_access, (char *) "python_access:" },
{ PERMpython_dynamic, (char *) "python_dynamic:" },
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
{ PERMrequire_ssl, (char *) "require_ssl:" },
#endif
{ 0, (char *) NULL }
@@ -345,7 +345,7 @@
else
ret->hosts = 0;
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
ret->require_ssl = orig->require_ssl;
#endif
@@ -447,7 +447,7 @@
static void
SetDefaultAuth(AUTHGROUP *curauth UNUSED)
{
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
curauth->require_ssl = false;
#endif
}
@@ -626,7 +626,7 @@
authdecl_parse(AUTHGROUP *curauth, CONFFILE *f, CONFTOKEN *tok)
{
int oldtype;
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
int boolval;
#endif
METHOD *m;
@@ -648,7 +648,7 @@
ReportError(f, buff);
}
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
if (strcasecmp(tok->name, "on") == 0
|| strcasecmp(tok->name, "true") == 0
|| strcasecmp(tok->name, "yes") == 0)
@@ -666,7 +666,7 @@
curauth->key = xstrdup(tok->name);
SET_CONFIG(PERMkey);
break;
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
case PERMrequire_ssl:
if (boolval != -1)
curauth->require_ssl = boolval;
@@ -1250,7 +1250,7 @@
/* Stuff that belongs to an auth group. */
case PERMhost:
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
case PERMrequire_ssl:
#endif
case PERMauthprog:
@@ -1399,7 +1399,7 @@
#else
PERMcanauthenticate = false;
#endif
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
PERMcanauthenticatewithoutSSL = false;
#endif
PERMgroupmadeinvalid = false;
@@ -1432,7 +1432,7 @@
for (i = 0; auth_realms[i]; i++) {
if (auth_realms[i]->auth_methods != NULL) {
PERMcanauthenticate = true;
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
if (auth_realms[i]->require_ssl == false)
PERMcanauthenticatewithoutSSL = true;
#endif
@@ -1446,7 +1446,7 @@
}
uname = 0;
while (!uname && i--) {
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
/* If SSL is required, check that the connection is encrypted. */
if ((auth_realms[i]->require_ssl == true) && !nnrpd_starttls_done)
continue;
@@ -1935,7 +1935,7 @@
if (auth->res_methods == NULL)
return NULL;
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
/* If SSL is required, check that the connection is encrypted. */
if ((auth->require_ssl == true) && !nnrpd_starttls_done)
return NULL;
@@ -1985,7 +1985,7 @@
if (auth->auth_methods == NULL)
return NULL;
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
/* If SSL is required, check that the connection is encrypted. */
if ((auth->require_ssl == true) && !nnrpd_starttls_done)
return NULL;
Modified: nnrpd/sasl.c
===================================================================
--- nnrpd/sasl.c 2013-11-06 23:08:44 UTC (rev 9562)
+++ nnrpd/sasl.c 2013-11-10 13:13:34 UTC (rev 9563)
@@ -10,14 +10,14 @@
#include "inn/messages.h"
#include "nnrpd.h"
-/* Outside the ifdef so that make depend works even ifndef HAVE_SSL. */
+/* Outside the ifdef so that make depend works even ifndef HAVE_OPENSSL. */
#include "inn/ov.h"
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
extern int tls_cipher_usebits;
extern char *tls_peer_CN;
extern bool nnrpd_starttls_done;
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
#ifdef HAVE_SASL
@@ -94,7 +94,7 @@
secprops.max_ssf = 256;
secprops.maxbufsize = NNTP_MAXLEN_COMMAND;
sasl_setprop(sasl_conn, SASL_SEC_PROPS, &secprops);
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
/* Tell SASL about the negotiated TLS layer. */
if (nnrpd_starttls_done) {
if (sasl_setprop(sasl_conn, SASL_SSF_EXTERNAL,
@@ -150,7 +150,7 @@
return;
}
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
/* Check whether STARTTLS must be used before trying to authenticate
* with AUTHINFO SASL PLAIN, LOGIN or EXTERNAL. */
if (PERMcanauthenticate && !PERMcanauthenticatewithoutSSL
Modified: nnrpd/tls.c
===================================================================
--- nnrpd/tls.c 2013-11-06 23:08:44 UTC (rev 9562)
+++ nnrpd/tls.c 2013-11-10 13:13:34 UTC (rev 9563)
@@ -23,10 +23,10 @@
#include "nnrpd.h"
#include "inn/innconf.h"
-/* Outside the ifdef so that make depend works even ifndef HAVE_SSL. */
+/* Outside the ifdef so that make depend works even ifndef HAVE_OPENSSL. */
#include "tls.h"
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
/* We must keep some of the info available. */
static const char hexcodes[] = "0123456789ABCDEF";
@@ -710,4 +710,4 @@
return SSL_write (ssl, buffer, bytes);
}
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
Modified: nnrpd/tls.h
===================================================================
--- nnrpd/tls.h 2013-11-06 23:08:44 UTC (rev 9562)
+++ nnrpd/tls.h 2013-11-10 13:13:34 UTC (rev 9563)
@@ -14,7 +14,7 @@
** by Chris Newman <chris.newman at innosoft.com> (1999/06)
*/
-#ifdef HAVE_SSL
+#ifdef HAVE_OPENSSL
#ifndef TLS_H
#define TLS_H
@@ -46,4 +46,4 @@
#endif /* TLS_H */
-#endif /* HAVE_SSL */
+#endif /* HAVE_OPENSSL */
More information about the inn-committers
mailing list