INN commit: branches/2.6/nnrpd (tls.c tls.h)

INN Commit rra at isc.org
Sun Sep 4 13:11:52 UTC 2016 

    Date: Sunday, September 4, 2016 @ 06:11:52
  Author: iulius
Revision: 10067

Fix build for OpenSSL versions prior to 0.9.8m

SSL_CTX_clear_options() was added to OpenSSL 0.9.8m.

Also, when building with warnings on, enable the check on deprecated
OpenSSL interfaces.

Modified:
  branches/2.6/nnrpd/tls.c
  branches/2.6/nnrpd/tls.h

-------+
 tls.c |    8 ++++++--
 tls.h |    7 +++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

Modified: tls.c
===================================================================
--- tls.c	2016-09-04 13:11:10 UTC (rev 10066)
+++ tls.c	2016-09-04 13:11:52 UTC (rev 10067)
@@ -501,7 +501,7 @@
       Printf("starting TLS engine");
 
 /* New functions have been introduced in OpenSSL 1.1.0. */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x010100000L
     SSL_load_error_strings();
     SSLeay_add_ssl_algorithms();
     CTX = SSL_CTX_new(SSLv23_server_method());
@@ -582,7 +582,10 @@
     if (prefer_server_ciphers) {
         SSL_CTX_set_options(CTX, SSL_OP_CIPHER_SERVER_PREFERENCE);
     } else {
+#if OPENSSL_VERSION_NUMBER >= 0x0009080dfL
+        /* Function first added in OpenSSL 0.9.8m. */
         SSL_CTX_clear_options(CTX, SSL_OP_CIPHER_SERVER_PREFERENCE);
+#endif
     }
 #endif
 
@@ -642,7 +645,8 @@
     }
 
     if (tls_compression) {
-#ifdef SSL_OP_NO_COMPRESSION
+#if defined(SSL_OP_NO_COMPRESSION) && OPENSSL_VERSION_NUMBER >= 0x0009080dfL
+        /* Function first added in OpenSSL 0.9.8m. */
         SSL_CTX_clear_options(CTX, SSL_OP_NO_COMPRESSION);
 #endif
     } else {

Modified: tls.h
===================================================================
--- tls.h	2016-09-04 13:11:10 UTC (rev 10066)
+++ tls.h	2016-09-04 13:11:52 UTC (rev 10067)
@@ -22,8 +22,11 @@
 #ifndef TLS_H
 #define TLS_H
 
-/* Comment out to avoid the use of deprecated interfaces. */
-/* #define OPENSSL_API_COMPAT 0x10100000L */
+/* When building with "make warnings", ensure that INN does not
+ * use deprecated interfaces from OpenSSL. */
+#if defined(DEBUG)
+# define OPENSSL_API_COMPAT 0x010100000L
+#endif
 
 #include <openssl/lhash.h>
 #include <openssl/bn.h>

More information about the inn-committers mailing list