[Openvpn-devel,PATCHv2] openvpn: Add missing OpenSSL includes

Message ID 20180622021501.23037-1-rosenp@gmail.com
State Not Applicable
Headers show
Series
  • [Openvpn-devel,PATCHv2] openvpn: Add missing OpenSSL includes
Related show

Commit Message

Rosen Penev June 22, 2018, 2:15 a.m.
These get included when deprecated APIs are enabled. This is true on at
least version 1.0.2 and 1.1.0.

Without deprecated APIs, OpenVPN fails to compile.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
 src/openvpn/ssl_openssl.c        | 9 +++++++++
 src/openvpn/ssl_verify_openssl.c | 1 +
 2 files changed, 10 insertions(+)

Comments

Antonio Quartulli June 24, 2018, 7:13 a.m. | #1
Hi,

for the next time, please put a space in the subject between "PATCH" and
"v2", so that patchwork can happily distinguish the version from the
subject-prefix.
Actually git can do this for you if you specify the -vX argument (i.e.
-v2) to the "git format-patch" command when creating the patch.

Cheers,

On 22/06/18 10:15, Rosen Penev wrote:
> These get included when deprecated APIs are enabled. This is true on at
> least version 1.0.2 and 1.1.0.
> 
> Without deprecated APIs, OpenVPN fails to compile.
> 
> Signed-off-by: Rosen Penev <rosenp@gmail.com>
> ---
>  src/openvpn/ssl_openssl.c        | 9 +++++++++
>  src/openvpn/ssl_verify_openssl.c | 1 +
>  2 files changed, 10 insertions(+)
> 
> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
> index 527a600a..d9aec9bd 100644
> --- a/src/openvpn/ssl_openssl.c
> +++ b/src/openvpn/ssl_openssl.c
> @@ -56,6 +56,15 @@
>  #include <openssl/pkcs12.h>
>  #include <openssl/x509.h>
>  #include <openssl/crypto.h>
> +#ifndef OPENSSL_NO_DH
> +#include <openssl/dh.h>
> +#endif
> +#ifndef OPENSSL_NO_DSA
> +#include <openssl/dsa.h>
> +#endif
> +#ifndef OPENSSL_NO_RSA
> +#include <openssl/rsa.h>
> +#endif
>  #ifndef OPENSSL_NO_EC
>  #include <openssl/ec.h>
>  #endif
> diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
> index 9b984751..82460ae7 100644
> --- a/src/openvpn/ssl_verify_openssl.c
> +++ b/src/openvpn/ssl_verify_openssl.c
> @@ -46,6 +46,7 @@
>  
>  #include <openssl/x509v3.h>
>  #include <openssl/err.h>
> +#include <openssl/bn.h>
>  
>  int
>  verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
>
Steffan Karger June 29, 2018, 11:48 a.m. | #2
Hi,

On 22-06-18 04:15, Rosen Penev wrote:
> These get included when deprecated APIs are enabled. This is true on at
> least version 1.0.2 and 1.1.0.
> 
> Without deprecated APIs, OpenVPN fails to compile.
> 
> Signed-off-by: Rosen Penev <rosenp@gmail.com>
> ---
>  src/openvpn/ssl_openssl.c        | 9 +++++++++
>  src/openvpn/ssl_verify_openssl.c | 1 +
>  2 files changed, 10 insertions(+)
> 
> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
> index 527a600a..d9aec9bd 100644
> --- a/src/openvpn/ssl_openssl.c
> +++ b/src/openvpn/ssl_openssl.c
> @@ -56,6 +56,15 @@
>  #include <openssl/pkcs12.h>
>  #include <openssl/x509.h>
>  #include <openssl/crypto.h>
> +#ifndef OPENSSL_NO_DH
> +#include <openssl/dh.h>
> +#endif
> +#ifndef OPENSSL_NO_DSA
> +#include <openssl/dsa.h>
> +#endif
> +#ifndef OPENSSL_NO_RSA
> +#include <openssl/rsa.h>
> +#endif
>  #ifndef OPENSSL_NO_EC
>  #include <openssl/ec.h>
>  #endif
> diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
> index 9b984751..82460ae7 100644
> --- a/src/openvpn/ssl_verify_openssl.c
> +++ b/src/openvpn/ssl_verify_openssl.c
> @@ -46,6 +46,7 @@
>  
>  #include <openssl/x509v3.h>
>  #include <openssl/err.h>
> +#include <openssl/bn.h>
>  
>  int
>  verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
> 

Thanks for the patch.  I sent similar patches half a year ago, which are
awaiting review:

https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15934.html

and

https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15936.html

(DH, DSA, and RSA are not optional for OpenVPN, so the #ifndef's are not
needed.)

So: who's willing to review these?

-Steffan

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Gert Doering June 29, 2018, 12:39 p.m. | #3
Hi,

On Fri, Jun 29, 2018 at 01:48:54PM +0200, Steffan Karger wrote:
> Thanks for the patch.  I sent similar patches half a year ago, which are
> awaiting review:

Thanks for pointing that out.  I feel sufficiently poked.

gert

Patch

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 527a600a..d9aec9bd 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -56,6 +56,15 @@ 
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
 #include <openssl/crypto.h>
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
 #ifndef OPENSSL_NO_EC
 #include <openssl/ec.h>
 #endif
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 9b984751..82460ae7 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -46,6 +46,7 @@ 
 
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
+#include <openssl/bn.h>
 
 int
 verify_callback(int preverify_ok, X509_STORE_CTX *ctx)