From ce91bebc39a649511bf85ee75b5323bbdfa55655 Mon Sep 17 00:00:00 2001 From: Patrick Griffis Date: Thu, 15 Jun 2017 00:26:43 -0400 Subject: Fix OpenSSL 1.1 deprecations --- src/common/ssl.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/common/ssl.c b/src/common/ssl.c index 76fea7b4..0eb78bd7 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -349,7 +349,14 @@ _SSL_close (SSL * ssl) { SSL_set_shutdown (ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); SSL_free (ssl); - ERR_remove_state (0); /* free state buffer */ +#ifdef HAVE_ERR_REMOVE_THREAD_STATE +#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L + /* OpenSSL handles this itself in 1.1+ and this is a no-op */ + ERR_remove_thread_state (NULL); +#endif +#else + ERR_remove_state (0); +#endif } /* Hostname validation code based on OpenBSD's libtls. */ @@ -438,13 +445,17 @@ _SSL_check_subject_altname (X509 *cert, const char *host) if (type == GEN_DNS) { - unsigned char *data; + const unsigned char *data; int format; format = ASN1_STRING_type (altname->d.dNSName); if (format == V_ASN1_IA5STRING) { +#ifdef HAVE_ASN1_STRING_GET0_DATA + data = ASN1_STRING_get0_data (altname->d.dNSName); +#else data = ASN1_STRING_data (altname->d.dNSName); +#endif if (ASN1_STRING_length (altname->d.dNSName) != (int)strlen(data)) { @@ -465,12 +476,16 @@ _SSL_check_subject_altname (X509 *cert, const char *host) } else if (type == GEN_IPADD) { - unsigned char *data; + const unsigned char *data; const guint8 *addr_bytes; int datalen, addr_len; datalen = ASN1_STRING_length (altname->d.iPAddress); +#ifdef HAVE_ASN1_STRING_GET0_DATA + data = ASN1_STRING_get0_data (altname->d.iPAddress); +#else data = ASN1_STRING_data (altname->d.iPAddress); +#endif addr_bytes = g_inet_address_to_bytes (addr); addr_len = (int)g_inet_address_get_native_size (addr); -- cgit 1.4.1