rpms / dnssec-trigger

Clone
Source Code
GIT

Files

  1.   5996164becccae8f92a0d7f74cb1be83809d6116
  2.   dnssec-trigger-0.13-openssl-1.1.0-fixup.patch
Blob Blame History Raw 
From 2fcc4bce2043149074bcf09fcb8ee3a0c7bc2348 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Mon, 7 Nov 2016 20:59:11 +0000
Subject: [PATCH 1/8] dnssec-trigger: openssl 1.1.0 fixup

- SSL_OP_NO_SSLv2 / SSLv2 has been removed from openssl 1.1.0 and as
  such it can't be tested (the way it is) if disabling it worked.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
 riggerd/cfg.c      | 2 ++
 riggerd/net_help.c | 2 ++
 riggerd/svr.c      | 2 ++
 3 files changed, 6 insertions(+)

diff --git a/riggerd/cfg.c b/riggerd/cfg.c
index 03f4f73..08b2028 100644
--- a/riggerd/cfg.c
+++ b/riggerd/cfg.c
@@ -540,9 +540,11 @@ cfg_setup_ctx_client(struct cfg* cfg, char* err, size_t errlen)
 	if(!ctx)
 		return ctx_err_ret(ctx, err, errlen,
 			"could not allocate SSL_CTX pointer");
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 	if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
 		return ctx_err_ret(ctx, err, errlen, 
 			"could not set SSL_OP_NO_SSLv2");
+#endif
 	if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
 		!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
 		|| !SSL_CTX_check_private_key(ctx))
diff --git a/riggerd/net_help.c b/riggerd/net_help.c
index 0f0d1d0..c469894 100644
--- a/riggerd/net_help.c
+++ b/riggerd/net_help.c
@@ -447,11 +447,13 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem)
 		return NULL;
 	}
 	/* no SSLv2 because has defects */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 	if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
 		SSL_CTX_free(ctx);
 		return NULL;
 	}
+#endif
 	if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) {
 		log_err("error for cert file: %s", pem);
 		log_crypto_err("error in SSL_CTX use_certificate_file");
diff --git a/riggerd/svr.c b/riggerd/svr.c
index 272dc2e..e7e618f 100644
--- a/riggerd/svr.c
+++ b/riggerd/svr.c
@@ -162,10 +162,12 @@ static int setup_ssl_ctx(struct svr* s)
 		return 0;
 	}
 	/* no SSLv2 because has defects */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 	if(!(SSL_CTX_set_options(s->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
 		return 0;
 	}
+#endif
 	s_cert = s->cfg->server_cert_file;
 	s_key = s->cfg->server_key_file;
 	verbose(VERB_ALGO, "setup SSL certificates");
-- 
2.7.4

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation