INN and openssl 1.1
The Doctor
doctor at doctor.nl2k.ab.ca
Sat Mar 5 20:45:19 UTC 2016
On Sat, Mar 05, 2016 at 01:17:50PM -0700, The Doctor,3328-138 Ave Edmonton AB T5Y 1M4,669-2000,473-4587 wrote:
> > [ Charset windows-1252 unsupported, converting... ]
> > > The Doctor,
> > >
> > > >>> Hopefully OPenssl commiter for 1.1 branch will hear my plea for
> > > >>> backwards compatability so that you have
> > > >>>
> > > >>> #define SSLeay_add_ssl_algorithms OpenSSL_add_ssl_algorithms
> > > >>> #define SSLv23_server_method TLS_server_method
> > >
> > > I've just tried to build INN with latest OpenSSL 1.1.0-pre3 version, and it seems that these define's are present.
> > > Do you confirm you no longer have an issue with these two functions?
> > >
> > >
> > >
> > > > INN so far is the only package against Openssl 1.1 that is easy to migrate.
> > >
> > > Glad to know!
> > >
> > > Could you please try the following patch and report if everything is OK for you?
> > > (that is to say the patch is enough to make INN work with OpenSSL 1.1.0-pre3
> > > on your server)
> > >
> > >
> > > --- nnrpd/tls.c (r?vision 9984)
> > > +++ nnrpd/tls.c (copie de travail)
> > > @@ -216,7 +216,10 @@
> > > default:
> > > /* We should check current keylength vs. requested keylength
> > > * also, this is an extremely expensive operation! */
> > > - dh = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NULL);
> > > + dh = DH_new();
> > > + if (dh != NULL) {
> > > + DH_generate_parameters_ex(dh, keylength, DH_GENERATOR_2, NULL);
> > > + }
> > > r = dh;
> > > }
> > >
> > > @@ -492,8 +495,13 @@
> > > if (tls_loglevel >= 2)
> > > Printf("starting TLS engine");
> > >
> > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > > SSL_load_error_strings();
> > > SSLeay_add_ssl_algorithms();
> > > +#else
> > > + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
> > > + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
> > > +#endif
> > >
> > > CTX = SSL_CTX_new(SSLv23_server_method());
> > > if (CTX == NULL) {
> > >
> > >
> > >
> > >
> > >
> > >
> > > --- nnrpd/tls.h (r?vision 9984)
> > > +++ nnrpd/tls.h (copie de travail)
> > > @@ -22,8 +22,12 @@
> > > #ifndef TLS_H
> > > #define TLS_H
> > >
> > > #include <openssl/lhash.h>
> > > #include <openssl/bn.h>
> > > +#include <openssl/dh.h>
>
>
> There is no dn.h in the openssl includes.
>
> > > #include <openssl/err.h>
> > > #include <openssl/pem.h>
> > > #include <openssl/rand.h>
> > >
> > >
> > >
> > >
> > >
> > >
> > > --- m4/openssl.m4 (r?vision 9984)
> > > +++ m4/openssl.m4 (copie de travail)
> > > @@ -71,10 +71,10 @@
> > > [AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])],
> > > [$inn_openssl_extra])
> > > AS_IF([test x"$inn_reduced_depends" = xtrue],
> > > - [AC_CHECK_LIB([ssl], [SSL_library_init], [OPENSSL_LIBS=-lssl],
> > > + [AC_CHECK_LIB([ssl], [SSL_accept], [OPENSSL_LIBS=-lssl],
> > > [AS_IF([test x"$1" = xtrue],
> > > [AC_MSG_ERROR([cannot find usable OpenSSL library])])])],
> > > - [AC_CHECK_LIB([ssl], [SSL_library_init],
> > > + [AC_CHECK_LIB([ssl], [SSL_accept],
> > > [OPENSSL_LIBS="-lssl $CRYPTO_LIBS"],
> > > [AS_IF([test x"$1" = xtrue],
> > > [AC_MSG_ERROR([cannot find usable OpenSSL library])])],
> > >
> > >
> >
> > Let me test this out recpomiling today's current and
> > use slrn with SSL to access the newsgroups.
> >
> > Will get back to you soon.
> >
> > >
> > > Russ, would you mind committing the change of SSL_library_init to SSL_accept
> > > in the openssl.m4 file shipped with rra-c-util?
> > > This way, the OpenSSL library can be found (for both 1.1.0 and older versions).
> > >
> > > Thanks,
> > >
It works.
PLease commit with the exception of the non-existant <openssl/dh.h>
> > > --
> > > Julien ?LIE
> > >
> > > ? L'atour est fiel aux Huns valides. ?
> > > _______________________________________________
> > > inn-workers mailing list
> > > inn-workers at lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/inn-workers
> > _______________________________________________
> > inn-workers mailing list
> > inn-workers at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/inn-workers
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism
Manitoba and Saskatchewan! Save your provinces in April! Vote Liberal!!
More information about the inn-workers
mailing list