mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
ITS#8353, ITS#8533 - Ensure that the deprecated API is not used when using OpenSSL 1.1 or later
This commit is contained in:
parent
46c85a32ae
commit
01cbb7f4c6
@ -48,10 +48,7 @@
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||
#define ERR_remove_thread_state(x) /* deprecated, get rid of it */
|
||||
#define ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
|
||||
#define CRYPTO_free(x) OPENSSL_free(x)
|
||||
#define CRYPTO_NUM_LOCKS CRYPTO_num_locks()
|
||||
#endif
|
||||
|
||||
typedef SSL_CTX tlso_ctx;
|
||||
@ -64,11 +61,12 @@ static void tlso_report_error( void );
|
||||
static void tlso_info_cb( const SSL *ssl, int where, int ret );
|
||||
static int tlso_verify_cb( int ok, X509_STORE_CTX *ctx );
|
||||
static int tlso_verify_ok( int ok, X509_STORE_CTX *ctx );
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000
|
||||
static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length );
|
||||
#endif
|
||||
|
||||
static int tlso_seed_PRNG( const char *randfile );
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000
|
||||
/*
|
||||
* OpenSSL 1.1 API and later has new locking code
|
||||
*/
|
||||
static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length );
|
||||
|
||||
#ifdef LDAP_R_COMPILE
|
||||
/*
|
||||
@ -109,6 +107,7 @@ static void tlso_thr_init( void )
|
||||
CRYPTO_set_id_callback( tlso_thread_self );
|
||||
}
|
||||
#endif /* LDAP_R_COMPILE */
|
||||
#endif /* OpenSSL 1.1 */
|
||||
|
||||
static STACK_OF(X509_NAME) *
|
||||
tlso_ca_list( char * bundle, char * dir )
|
||||
@ -154,9 +153,13 @@ tlso_init( void )
|
||||
(void) tlso_seed_PRNG( lo->ldo_tls_randfile );
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000
|
||||
SSL_load_error_strings();
|
||||
SSL_library_init();
|
||||
OpenSSL_add_all_digests();
|
||||
#else
|
||||
OPENSSL_init_ssl(0, NULL);
|
||||
#endif
|
||||
|
||||
/* FIXME: mod_ssl does this */
|
||||
X509V3_add_standard_extensions();
|
||||
@ -172,6 +175,7 @@ tlso_destroy( void )
|
||||
{
|
||||
struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000
|
||||
EVP_cleanup();
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10000000
|
||||
ERR_remove_state(0);
|
||||
@ -179,6 +183,7 @@ tlso_destroy( void )
|
||||
ERR_remove_thread_state(NULL);
|
||||
#endif
|
||||
ERR_free_strings();
|
||||
#endif
|
||||
|
||||
if ( lo->ldo_tls_randfile ) {
|
||||
LDAP_FREE( lo->ldo_tls_randfile );
|
||||
@ -1162,9 +1167,9 @@ tlso_verify_cb( int ok, X509_STORE_CTX *ctx )
|
||||
certerr, 0, 0 );
|
||||
}
|
||||
if ( sname )
|
||||
CRYPTO_free ( sname );
|
||||
OPENSSL_free ( sname );
|
||||
if ( iname )
|
||||
CRYPTO_free ( iname );
|
||||
OPENSSL_free ( iname );
|
||||
#ifdef HAVE_EBCDIC
|
||||
if ( certerr ) LDAP_FREE( certerr );
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user