[Openvpn-devel,1/2] openssl: don't use deprecated SSLEAY/SSLeay symbols

Message ID 20171126150401.28565-1-steffan@karger.me
State Accepted
Headers show
Series
  • [Openvpn-devel,1/2] openssl: don't use deprecated SSLEAY/SSLeay symbols
Related show

Commit Message

Steffan Karger Nov. 26, 2017, 3:04 p.m.
Compiling our current master against OpenSSL 1.1 with
-DOPENSSL_API_COMPAT=0x10100000L screams bloody murder.  This patch fixes
the errors about the deprecated SSLEAY/SSLeay symbols and defines.

Signed-off-by: Steffan Karger <steffan@karger.me>
---
 configure.ac                 | 1 +
 src/openvpn/openssl_compat.h | 8 ++++++++
 src/openvpn/ssl_openssl.c    | 2 +-
 3 files changed, 10 insertions(+), 1 deletion(-)

Comments

Gert Doering June 29, 2018, 12:23 p.m. | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

"because it makes sense".  

Tested on FreeBSD/1.0.1u, Linux/1.0.2o, FreeBSD/1.1.0h.
("testing" = "it compiles, and openvpn --version prints the right 
version", so it's not worse than before :-) - a test compilation with 
-DOPENSSL_API_COMPAT=0x10100000L still explodes because 2/2 is missing)

Your patch has been applied to the master branch.

commit 17a476fd5c8cc49f1d103a50199e87ede76b1b67
Author: Steffan Karger
Date:   Sun Nov 26 16:04:00 2017 +0100

     openssl: don't use deprecated SSLEAY/SSLeay symbols

     Signed-off-by: Steffan Karger <steffan@karger.me>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20171126150401.28565-1-steffan@karger.me>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15934.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

Patch

diff --git a/configure.ac b/configure.ac
index acfddb22..954c4516 100644
--- a/configure.ac
+++ b/configure.ac
@@ -925,6 +925,7 @@  if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
 			EVP_MD_CTX_new \
 			EVP_MD_CTX_free \
 			EVP_MD_CTX_reset \
+			OpenSSL_version \
 			SSL_CTX_get_default_passwd_cb \
 			SSL_CTX_get_default_passwd_cb_userdata \
 			SSL_CTX_set_security_level \
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index c9b6a179..9eb427da 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -643,6 +643,14 @@  EC_GROUP_order_bits(const EC_GROUP *group)
 #endif
 
 /* SSLeay symbols have been renamed in OpenSSL 1.1 */
+#ifndef OPENSSL_VERSION
+#define OPENSSL_VERSION SSLEAY_VERSION
+#endif
+
+#ifndef HAVE_OPENSSL_VERSION
+#define OpenSSL_version SSLeay_version
+#endif
+
 #if !defined(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT)
 #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT       RSA_F_RSA_EAY_PRIVATE_ENCRYPT
 #endif
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 10d161ef..18ceecb4 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -1884,7 +1884,7 @@  get_highest_preference_tls_cipher(char *buf, int size)
 const char *
 get_ssl_library_version(void)
 {
-    return SSLeay_version(SSLEAY_VERSION);
+    return OpenSSL_version(OPENSSL_VERSION);
 }
 
 #endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) */