@@ -42,6 +42,7 @@
#include "buffer.h"
+#include <openssl/rsaerr.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
@@ -52,10 +52,14 @@
#include "ssl_verify_openssl.h"
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/dh.h>
+#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/pkcs12.h>
+#include <openssl/rsa.h>
#include <openssl/x509.h>
-#include <openssl/crypto.h>
#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
#endif
@@ -44,8 +44,9 @@
#include "ssl_verify_backend.h"
#include "openssl_compat.h"
-#include <openssl/x509v3.h>
+#include <openssl/bn.h>
#include <openssl/err.h>
+#include <openssl/x509v3.h>
int
verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
Compiling our current master against OpenSSL 1.1 with -DOPENSSL_API_COMPAT=0x10100000L screams bloody murder. This patch fixes the errors caused by missing includes. Previous openssl versions would usually include 'the rest of the world', but they're fixing that. So we should no longer rely on it. (And sneaking in alphabetic ordering of the includes while touching them.) Signed-off-by: Steffan Karger <steffan@karger.me> --- src/openvpn/openssl_compat.h | 1 + src/openvpn/ssl_openssl.c | 6 +++++- src/openvpn/ssl_verify_openssl.c | 3 ++- 3 files changed, 8 insertions(+), 2 deletions(-)