INN and openssl 1.1
The Doctor, 3328-138 Ave Edmonton AB T5Y 1M4, 669-2000, 473-4587
doctor at doctor.nl2k.ab.ca
Sat Mar 5 20:17:50 UTC 2016
> [ Charset windows-1252 unsupported, converting... ]
> > The Doctor,
> >
> > >>> Hopefully OPenssl commiter for 1.1 branch will hear my plea for
> > >>> backwards compatability so that you have
> > >>>
> > >>> #define SSLeay_add_ssl_algorithms OpenSSL_add_ssl_algorithms
> > >>> #define SSLv23_server_method TLS_server_method
> >
> > I've just tried to build INN with latest OpenSSL 1.1.0-pre3 version, and it seems that these define's are present.
> > Do you confirm you no longer have an issue with these two functions?
> >
> >
> >
> > > INN so far is the only package against Openssl 1.1 that is easy to migrate.
> >
> > Glad to know!
> >
> > Could you please try the following patch and report if everything is OK for you?
> > (that is to say the patch is enough to make INN work with OpenSSL 1.1.0-pre3
> > on your server)
> >
> >
> > --- nnrpd/tls.c (r?vision 9984)
> > +++ nnrpd/tls.c (copie de travail)
> > @@ -216,7 +216,10 @@
> > default:
> > /* We should check current keylength vs. requested keylength
> > * also, this is an extremely expensive operation! */
> > - dh = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NULL);
> > + dh = DH_new();
> > + if (dh != NULL) {
> > + DH_generate_parameters_ex(dh, keylength, DH_GENERATOR_2, NULL);
> > + }
> > r = dh;
> > }
> >
> > @@ -492,8 +495,13 @@
> > if (tls_loglevel >= 2)
> > Printf("starting TLS engine");
> >
> > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > SSL_load_error_strings();
> > SSLeay_add_ssl_algorithms();
> > +#else
> > + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
> > + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
> > +#endif
> >
> > CTX = SSL_CTX_new(SSLv23_server_method());
> > if (CTX == NULL) {
> >
> >
> >
> >
> >
> >
> > --- nnrpd/tls.h (r?vision 9984)
> > +++ nnrpd/tls.h (copie de travail)
> > @@ -22,8 +22,12 @@
> > #ifndef TLS_H
> > #define TLS_H
> >
> > #include <openssl/lhash.h>
> > #include <openssl/bn.h>
> > +#include <openssl/dh.h>
There is no dn.h in the openssl includes.
> > #include <openssl/err.h>
> > #include <openssl/pem.h>
> > #include <openssl/rand.h>
> >
> >
> >
> >
> >
> >
> > --- m4/openssl.m4 (r?vision 9984)
> > +++ m4/openssl.m4 (copie de travail)
> > @@ -71,10 +71,10 @@
> > [AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])],
> > [$inn_openssl_extra])
> > AS_IF([test x"$inn_reduced_depends" = xtrue],
> > - [AC_CHECK_LIB([ssl], [SSL_library_init], [OPENSSL_LIBS=-lssl],
> > + [AC_CHECK_LIB([ssl], [SSL_accept], [OPENSSL_LIBS=-lssl],
> > [AS_IF([test x"$1" = xtrue],
> > [AC_MSG_ERROR([cannot find usable OpenSSL library])])])],
> > - [AC_CHECK_LIB([ssl], [SSL_library_init],
> > + [AC_CHECK_LIB([ssl], [SSL_accept],
> > [OPENSSL_LIBS="-lssl $CRYPTO_LIBS"],
> > [AS_IF([test x"$1" = xtrue],
> > [AC_MSG_ERROR([cannot find usable OpenSSL library])])],
> >
> >
>
> Let me test this out recpomiling today's current and
> use slrn with SSL to access the newsgroups.
>
> Will get back to you soon.
>
> >
> > Russ, would you mind committing the change of SSL_library_init to SSL_accept
> > in the openssl.m4 file shipped with rra-c-util?
> > This way, the OpenSSL library can be found (for both 1.1.0 and older versions).
> >
> > Thanks,
> >
> > --
> > Julien ?LIE
> >
> > ? L'atour est fiel aux Huns valides. ?
> > _______________________________________________
> > inn-workers mailing list
> > inn-workers at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/inn-workers
> _______________________________________________
> inn-workers mailing list
> inn-workers at lists.isc.org
> https://lists.isc.org/mailman/listinfo/inn-workers
More information about the inn-workers
mailing list