INN and openssl 1.1

The Doctor doctor at doctor.nl2k.ab.ca
Sat Mar 5 20:45:19 UTC 2016


On Sat, Mar 05, 2016 at 01:17:50PM -0700, The Doctor,3328-138 Ave Edmonton AB T5Y 1M4,669-2000,473-4587 wrote:
> > [ Charset windows-1252 unsupported, converting... ]
> > > The Doctor,
> > > 
> > > >>> Hopefully  OPenssl commiter for 1.1 branch will hear my plea for
> > > >>> backwards compatability so that you have
> > > >>>
> > > >>> #define SSLeay_add_ssl_algorithms OpenSSL_add_ssl_algorithms
> > > >>> #define SSLv23_server_method TLS_server_method
> > > 
> > > I've just tried to build INN with latest OpenSSL 1.1.0-pre3 version, and it seems that these define's are present.
> > > Do you confirm you no longer have an issue with these two functions?
> > > 
> > > 
> > > 
> > > > INN so far is the only package against Openssl 1.1 that is easy to migrate.
> > > 
> > > Glad to know!
> > > 
> > > Could you please try the following patch and report if everything is OK for you?
> > > (that is to say the patch is enough to make INN work with OpenSSL 1.1.0-pre3
> > > on your server)
> > > 
> > > 
> > > --- nnrpd/tls.c	(r?vision 9984)
> > > +++ nnrpd/tls.c	(copie de travail)
> > > @@ -216,7 +216,10 @@
> > >  	default:
> > >  		/* We should check current keylength vs. requested keylength
> > >  		 * also, this is an extremely expensive operation! */
> > > -		dh = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NULL);
> > > +                dh = DH_new();
> > > +                if (dh != NULL) {
> > > +                    DH_generate_parameters_ex(dh, keylength, DH_GENERATOR_2, NULL);
> > > +                }
> > >  		r = dh;
> > >  	}
> > >  
> > > @@ -492,8 +495,13 @@
> > >      if (tls_loglevel >= 2)
> > >        Printf("starting TLS engine");
> > >  
> > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> > >      SSL_load_error_strings();
> > >      SSLeay_add_ssl_algorithms();
> > > +#else
> > > +    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
> > > +                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
> > > +#endif
> > >  
> > >      CTX = SSL_CTX_new(SSLv23_server_method());
> > >      if (CTX == NULL) {
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > --- nnrpd/tls.h	(r?vision 9984)
> > > +++ nnrpd/tls.h	(copie de travail)
> > > @@ -22,8 +22,12 @@
> > >  #ifndef TLS_H
> > >  #define TLS_H
> > >  
> > >  #include <openssl/lhash.h>
> > >  #include <openssl/bn.h>
> > > +#include <openssl/dh.h>
> 
> 
> There is no dn.h in the openssl includes.
> 
> > >  #include <openssl/err.h>
> > >  #include <openssl/pem.h>
> > >  #include <openssl/rand.h>
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > --- m4/openssl.m4	(r?vision 9984)
> > > +++ m4/openssl.m4	(copie de travail)
> > > @@ -71,10 +71,10 @@
> > >          [AC_MSG_ERROR([cannot find usable OpenSSL crypto library])])],
> > >      [$inn_openssl_extra])
> > >   AS_IF([test x"$inn_reduced_depends" = xtrue],
> > > -    [AC_CHECK_LIB([ssl], [SSL_library_init], [OPENSSL_LIBS=-lssl],
> > > +    [AC_CHECK_LIB([ssl], [SSL_accept], [OPENSSL_LIBS=-lssl],
> > >          [AS_IF([test x"$1" = xtrue],
> > >              [AC_MSG_ERROR([cannot find usable OpenSSL library])])])],
> > > -    [AC_CHECK_LIB([ssl], [SSL_library_init],
> > > +    [AC_CHECK_LIB([ssl], [SSL_accept],
> > >          [OPENSSL_LIBS="-lssl $CRYPTO_LIBS"],
> > >          [AS_IF([test x"$1" = xtrue],
> > >              [AC_MSG_ERROR([cannot find usable OpenSSL library])])],
> > > 
> > >
> > 
> > Let me test this out recpomiling today's current and
> > use slrn with SSL to access the newsgroups.
> > 
> > Will get back to you soon.
> >  
> > > 
> > > Russ, would you mind committing the change of SSL_library_init to SSL_accept
> > > in the openssl.m4 file shipped with rra-c-util?
> > > This way, the OpenSSL library can be found (for both 1.1.0 and older versions).
> > > 
> > > Thanks,
> > > 

It works.

PLease commit with the exception  of the non-existant <openssl/dh.h>

> > > -- 
> > > Julien ?LIE
> > > 
> > > ? L'atour est fiel aux Huns valides. ?
> > > _______________________________________________
> > > inn-workers mailing list
> > > inn-workers at lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/inn-workers
> > _______________________________________________
> > inn-workers mailing list
> > inn-workers at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/inn-workers

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Manitoba and Saskatchewan! Save your provinces in April! Vote Liberal!!


More information about the inn-workers mailing list