INN and openssl 1.1
Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem, , 669-2000, 470-2224
root at doctor.nl2k.ab.ca
Sat Mar 5 20:01:56 UTC 2016
[ Charset windows-1252 unsupported, converting... ]
> The Doctor,
>
> >>> Hopefully OPenssl commiter for 1.1 branch will hear my plea for
> >>> backwards compatability so that you have
> >>>
> >>> #define SSLeay_add_ssl_algorithms OpenSSL_add_ssl_algorithms
> >>> #define SSLv23_server_method TLS_server_method
>
> I've just tried to build INN with latest OpenSSL 1.1.0-pre3 version, and it seems that these define's are present.
> Do you confirm you no longer have an issue with these two functions?
>
>
>
> > INN so far is the only package against Openssl 1.1 that is easy to migrate.
>
> Glad to know!
>
> Could you please try the following patch and report if everything is OK for you?
> (that is to say the patch is enough to make INN work with OpenSSL 1.1.0-pre3
> on your server)
>
>
> --- nnrpd/tls.c (r?vision 9984)
> +++ nnrpd/tls.c (copie de travail)
> @@ -216,7 +216,10 @@
> default:
> /* We should check current keylength vs. requested keylength
> * also, this is an extremely expensive operation! */
> - dh = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NULL);
> + dh = DH_new();
> + if (dh != NULL) {
> + DH_generate_parameters_ex(dh, keylength, DH_GENERATOR_2, NULL);
> + }
> r = dh;
> }
>
> @@ -492,8 +495,13 @@
> if (tls_loglevel >= 2)
> Printf("starting TLS engine");
>
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> SSL_load_error_strings();
> SSLeay_add_ssl_algorithms();
> +#else
> + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
> + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
> +#endif
>
> CTX = SSL_CTX_new(SSLv23_server_method());
> if (CTX == NULL) {
>
>
>
>
>
>
> --- nnrpd/tls.h (r?vision 9984)
> +++ nnrpd/tls.h (copie de travail)
> @@ -22,8 +22,12 @@
> #ifndef TLS_H
> #define TLS_H
>
> #include <openssl/lhash.h>
> #include <openssl/bn.h>
> +#include <openssl/dh.h>
> #include <openssl/err.h>
> #include <openssl/pem.h>
> #include <openssl/rand.h>
>
>
>
>
>
>
> --- m4/openssl.m4 (r?vision 9984)
> +++ m4/openssl.m4 (copie de travail)
> @@ -71,10 +71,10 @@
> [AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])],
> [$inn_openssl_extra])
> AS_IF([test x"$inn_reduced_depends" = xtrue],
> - [AC_CHECK_LIB([ssl], [SSL_library_init], [OPENSSL_LIBS=-lssl],
> + [AC_CHECK_LIB([ssl], [SSL_accept], [OPENSSL_LIBS=-lssl],
> [AS_IF([test x"$1" = xtrue],
> [AC_MSG_ERROR([cannot find usable OpenSSL library])])])],
> - [AC_CHECK_LIB([ssl], [SSL_library_init],
> + [AC_CHECK_LIB([ssl], [SSL_accept],
> [OPENSSL_LIBS="-lssl $CRYPTO_LIBS"],
> [AS_IF([test x"$1" = xtrue],
> [AC_MSG_ERROR([cannot find usable OpenSSL library])])],
>
>
Let me test this out recpomiling today's current and
use slrn with SSL to access the newsgroups.
Will get back to you soon.
>
> Russ, would you mind committing the change of SSL_library_init to SSL_accept
> in the openssl.m4 file shipped with rra-c-util?
> This way, the OpenSSL library can be found (for both 1.1.0 and older versions).
>
> Thanks,
>
> --
> Julien ?LIE
>
> ? L'atour est fiel aux Huns valides. ?
> _______________________________________________
> inn-workers mailing list
> inn-workers at lists.isc.org
> https://lists.isc.org/mailman/listinfo/inn-workers
More information about the inn-workers
mailing list