INN and openssl 1.1

The Doctor, 3328-138 Ave Edmonton AB T5Y 1M4, 669-2000, 473-4587 doctor at doctor.nl2k.ab.ca
Sat Mar 5 20:17:50 UTC 2016


> [ Charset windows-1252 unsupported, converting... ]
> > The Doctor,
> > 
> > >>> Hopefully  OPenssl commiter for 1.1 branch will hear my plea for
> > >>> backwards compatability so that you have
> > >>>
> > >>> #define SSLeay_add_ssl_algorithms OpenSSL_add_ssl_algorithms
> > >>> #define SSLv23_server_method TLS_server_method
> > 
> > I've just tried to build INN with latest OpenSSL 1.1.0-pre3 version, and it seems that these define's are present.
> > Do you confirm you no longer have an issue with these two functions?
> > 
> > 
> > 
> > > INN so far is the only package against Openssl 1.1 that is easy to migrate.
> > 
> > Glad to know!
> > 
> > Could you please try the following patch and report if everything is OK for you?
> > (that is to say the patch is enough to make INN work with OpenSSL 1.1.0-pre3
> > on your server)
> > 
> > 
> > --- nnrpd/tls.c	(r?vision 9984)
> > +++ nnrpd/tls.c	(copie de travail)
> > @@ -216,7 +216,10 @@
> >  	default:
> >  		/* We should check current keylength vs. requested keylength
> >  		 * also, this is an extremely expensive operation! */
> > -		dh = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NULL);
> > +                dh = DH_new();
> > +                if (dh != NULL) {
> > +                    DH_generate_parameters_ex(dh, keylength, DH_GENERATOR_2, NULL);
> > +                }
> >  		r = dh;
> >  	}
> >  
> > @@ -492,8 +495,13 @@
> >      if (tls_loglevel >= 2)
> >        Printf("starting TLS engine");
> >  
> > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> >      SSL_load_error_strings();
> >      SSLeay_add_ssl_algorithms();
> > +#else
> > +    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
> > +                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
> > +#endif
> >  
> >      CTX = SSL_CTX_new(SSLv23_server_method());
> >      if (CTX == NULL) {
> > 
> > 
> > 
> > 
> > 
> > 
> > --- nnrpd/tls.h	(r?vision 9984)
> > +++ nnrpd/tls.h	(copie de travail)
> > @@ -22,8 +22,12 @@
> >  #ifndef TLS_H
> >  #define TLS_H
> >  
> >  #include <openssl/lhash.h>
> >  #include <openssl/bn.h>
> > +#include <openssl/dh.h>


There is no dn.h in the openssl includes.

> >  #include <openssl/err.h>
> >  #include <openssl/pem.h>
> >  #include <openssl/rand.h>
> > 
> > 
> > 
> > 
> > 
> > 
> > --- m4/openssl.m4	(r?vision 9984)
> > +++ m4/openssl.m4	(copie de travail)
> > @@ -71,10 +71,10 @@
> >          [AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])],
> >      [$inn_openssl_extra])
> >   AS_IF([test x"$inn_reduced_depends" = xtrue],
> > -    [AC_CHECK_LIB([ssl], [SSL_library_init], [OPENSSL_LIBS=-lssl],
> > +    [AC_CHECK_LIB([ssl], [SSL_accept], [OPENSSL_LIBS=-lssl],
> >          [AS_IF([test x"$1" = xtrue],
> >              [AC_MSG_ERROR([cannot find usable OpenSSL library])])])],
> > -    [AC_CHECK_LIB([ssl], [SSL_library_init],
> > +    [AC_CHECK_LIB([ssl], [SSL_accept],
> >          [OPENSSL_LIBS="-lssl $CRYPTO_LIBS"],
> >          [AS_IF([test x"$1" = xtrue],
> >              [AC_MSG_ERROR([cannot find usable OpenSSL library])])],
> > 
> >
> 
> Let me test this out recpomiling today's current and
> use slrn with SSL to access the newsgroups.
> 
> Will get back to you soon.
>  
> > 
> > Russ, would you mind committing the change of SSL_library_init to SSL_accept
> > in the openssl.m4 file shipped with rra-c-util?
> > This way, the OpenSSL library can be found (for both 1.1.0 and older versions).
> > 
> > Thanks,
> > 
> > -- 
> > Julien ?LIE
> > 
> > ? L'atour est fiel aux Huns valides. ?
> > _______________________________________________
> > inn-workers mailing list
> > inn-workers at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/inn-workers
> _______________________________________________
> inn-workers mailing list
> inn-workers at lists.isc.org
> https://lists.isc.org/mailman/listinfo/inn-workers


More information about the inn-workers mailing list