diff options
-rw-r--r-- | meson.build | 6 | ||||
-rw-r--r-- | src/common/ssl.c | 21 |
2 files changed, 24 insertions, 3 deletions
diff --git a/meson.build b/meson.build index 462673fb..15eaa390 100644 --- a/meson.build +++ b/meson.build @@ -64,6 +64,12 @@ if libssl_dep.found() config_h.set('HAVE_DH_SET0_KEY', cc.has_function('DH_set0_key', dependencies: libssl_dep) ) + config_h.set('HAVE_ERR_REMOVE_THREAD_STATE', + cc.has_function('ERR_remove_thread_state', dependencies: libssl_dep) + ) + config_h.set('HAVE_ASN1_STRING_GET0_DATA', + cc.has_function('ASN1_STRING_get0_data', dependencies: libssl_dep) + ) endif configure_file(output: 'config.h', configuration: config_h) diff --git a/src/common/ssl.c b/src/common/ssl.c index 76fea7b4..0eb78bd7 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -349,7 +349,14 @@ _SSL_close (SSL * ssl) { SSL_set_shutdown (ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); SSL_free (ssl); - ERR_remove_state (0); /* free state buffer */ +#ifdef HAVE_ERR_REMOVE_THREAD_STATE +#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L + /* OpenSSL handles this itself in 1.1+ and this is a no-op */ + ERR_remove_thread_state (NULL); +#endif +#else + ERR_remove_state (0); +#endif } /* Hostname validation code based on OpenBSD's libtls. */ @@ -438,13 +445,17 @@ _SSL_check_subject_altname (X509 *cert, const char *host) if (type == GEN_DNS) { - unsigned char *data; + const unsigned char *data; int format; format = ASN1_STRING_type (altname->d.dNSName); if (format == V_ASN1_IA5STRING) { +#ifdef HAVE_ASN1_STRING_GET0_DATA + data = ASN1_STRING_get0_data (altname->d.dNSName); +#else data = ASN1_STRING_data (altname->d.dNSName); +#endif if (ASN1_STRING_length (altname->d.dNSName) != (int)strlen(data)) { @@ -465,12 +476,16 @@ _SSL_check_subject_altname (X509 *cert, const char *host) } else if (type == GEN_IPADD) { - unsigned char *data; + const unsigned char *data; const guint8 *addr_bytes; int datalen, addr_len; datalen = ASN1_STRING_length (altname->d.iPAddress); +#ifdef HAVE_ASN1_STRING_GET0_DATA + data = ASN1_STRING_get0_data (altname->d.iPAddress); +#else data = ASN1_STRING_data (altname->d.iPAddress); +#endif addr_bytes = g_inet_address_to_bytes (addr); addr_len = (int)g_inet_address_get_native_size (addr); |