net/ratched/patches/0002-openssl-fix-compilation-without-deprecated-APIs.patch

   1 From fa8f6fcd33e829cbe3ef3e4a92fa34cba3f20c91 Mon Sep 17 00:00:00 2001
   2 From: Rosen Penev <rosenp@gmail.com>
   3 Date: Sun, 20 Sep 2020 20:18:18 -0700
   4 Subject: [PATCH] openssl: fix compilation without deprecated APIs
   5
   6 Added missing headers, removed initialization, and fixed APIs.
   7
   8 Signed-off-by: Rosen Penev <rosenp@gmail.com>
   9 ---
  10  openssl.c       | 8 ++------
  11  openssl_certs.c | 9 +++++----
  12  openssl_tls.c   | 5 -----
  13  3 files changed, 7 insertions(+), 15 deletions(-)
  14
  15 diff --git a/openssl.c b/openssl.c
  16 index ba097a5..76c817b 100644
  17 --- a/openssl.c
  18 +++ b/openssl.c
  19 @@ -22,21 +22,17 @@
  20  **/
  21
  22  #include <openssl/ssl.h>
  23 +#include <openssl/bn.h>
  24 +#include <openssl/rsa.h>
  25  #include <openssl/err.h>
  26
  27  #include "openssl.h"
  28  #include "errstack.h"
  29
  30  void openssl_init(void) {
  31 -       SSL_load_error_strings();
  32 -    OpenSSL_add_ssl_algorithms();
  33  }
  34
  35  void openssl_deinit(void) {
  36 -       EVP_cleanup();
  37 -       CRYPTO_cleanup_all_ex_data();
  38 -       SSL_COMP_free_compression_methods();
  39 -       ERR_free_strings();
  40  }
  41
  42  static void errstack_free_X509(struct errstack_element_t *element) {
  43 diff --git a/openssl_certs.c b/openssl_certs.c
  44 index 021b573..a062a24 100644
  45 --- a/openssl_certs.c
  46 +++ b/openssl_certs.c
  47 @@ -27,6 +27,7 @@
  48  #include <openssl/ssl.h>
  49  #include <openssl/err.h>
  50  #include <openssl/bn.h>
  51 +#include <openssl/rsa.h>
  52  #include <openssl/x509v3.h>
  53
  54  #include "ipfwd.h"
  55 @@ -280,8 +281,8 @@ X509* openssl_create_certificate(const struct certificatespec_t *spec) {
  56         BN_free(serial);
  57
  58         /* Set lifetime */
  59 -       X509_gmtime_adj(X509_get_notBefore(cert), -spec->validity_predate_seconds);
  60 -       X509_gmtime_adj(X509_get_notAfter(cert), spec->validity_seconds);
  61 +       X509_gmtime_adj(X509_getm_notBefore(cert), -spec->validity_predate_seconds);
  62 +       X509_gmtime_adj(X509_getm_notAfter(cert), spec->validity_seconds);
  63
  64         /* Set public key */
  65         X509_set_pubkey(cert, spec->subject_pubkey);
  66 @@ -357,8 +358,8 @@ X509* openssl_create_certificate(const struct certificatespec_t *spec) {
  67         return cert;
  68  }
  69
  70 -static bool is_certificate_expired(X509 *cert) {
  71 -       return X509_cmp_current_time(X509_get_notAfter(cert)) <= 0;
  72 +static bool is_certificate_expired(const X509 *cert) {
  73 +       return X509_cmp_current_time(X509_get0_notAfter(cert)) <= 0;
  74  }
  75
  76  X509* openssl_load_stored_certificate(const struct certificatespec_t *certspec, const char *filename, bool recreate_when_expired, bool recreate_when_key_mismatch) {
  77 diff --git a/openssl_tls.c b/openssl_tls.c
  78 index 4ba19a3..96a12ec 100644
  79 --- a/openssl_tls.c
  80 +++ b/openssl_tls.c
  81 @@ -146,11 +146,6 @@ struct tls_connection_t openssl_tls_connect(const struct tls_connection_request_
  82                 SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER, NULL);
  83                 SSL_CTX_set_cert_verify_callback(sslctx, cert_verify_callback, &result);
  84         }
  85 -       if (!SSL_CTX_set_ecdh_auto(sslctx, 1)) {
  86 -               logmsgext(LLVL_ERROR, FLAG_OPENSSL_ERROR, "openssl_tls %s: SSL_CTX_set_ecdh_auto() failed.", request->is_server ? "server" : "client");
  87 -               SSL_CTX_free(sslctx);
  88 -               return result;
  89 -       }
  90
  91         if (request->config && request->config->cert) {
  92                 if (SSL_CTX_use_certificate(sslctx, request->config->cert) != 1) {
  93 --
  94 2.20.1
  95