| Message ID | 20171126154912.13283-1-steffan@karger.me |
|---|---|
| State | Accepted |
| Headers | show |
| Series | None | expand |
Acked-by: Gert Doering <gert@greenie.muc.de> "Looks sane", and tested against the same set of OS/OpenSSL combinations as 1/2 ("--version" and t_client tests). Compilation with -DOPENSSL_API_COMPAT=0x10100000L still does not work (quite a few linker errors), but those seem to be unrelated to missing includes, and more related to "these are macros we shouldn't be using anymore"... namely EVP_CIPHER_CTX_init(), EVP_CIPHER_CTX_cleanup(), SSL_library_init(), SSL_load_error_strings(), OpenSSL_add_all_algorithms(), EVP_cleanup(), ERR_free_strings(), X509_get_notBefore(), X509_get_notAfter() and SSL_CTX_set_ecdh_auto(). Without said define, OpenSSL 1.1.0 is also fine, but this smells like "a bit more work needed". Your patch has been applied to the master branch. commit 1987498271abadf042d8bb3feee1fe0d877a9d55 Author: Steffan Karger Date: Sun Nov 26 16:49:12 2017 +0100 openssl: add missing #include statements Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20171126154912.13283-1-steffan@karger.me> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15936.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h index 9eb427da..6c2b9904 100644 --- a/src/openvpn/openssl_compat.h +++ b/src/openvpn/openssl_compat.h @@ -42,6 +42,7 @@ #include "buffer.h" +#include <openssl/rsa.h> #include <openssl/ssl.h> #include <openssl/x509.h> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 18ceecb4..79121049 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -52,10 +52,14 @@ #include "ssl_verify_openssl.h" +#include <openssl/bn.h> +#include <openssl/crypto.h> +#include <openssl/dh.h> +#include <openssl/dsa.h> #include <openssl/err.h> #include <openssl/pkcs12.h> +#include <openssl/rsa.h> #include <openssl/x509.h> -#include <openssl/crypto.h> #ifndef OPENSSL_NO_EC #include <openssl/ec.h> #endif diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index 2f3b10b9..4a1d1cf8 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -44,8 +44,9 @@ #include "ssl_verify_backend.h" #include "openssl_compat.h" -#include <openssl/x509v3.h> +#include <openssl/bn.h> #include <openssl/err.h> +#include <openssl/x509v3.h> int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
Compiling our current master against OpenSSL 1.1 with -DOPENSSL_API_COMPAT=0x10100000L screams bloody murder. This patch fixes the errors caused by missing includes. Previous openssl versions would usually include 'the rest of the world', but they're fixing that. So we should no longer rely on it. (And sneaking in alphabetic ordering of the includes while touching them.) Signed-off-by: Steffan Karger <steffan@karger.me> --- v2: rsaerr.h only exists in openssl's master branch, use rsa.h instead. src/openvpn/openssl_compat.h | 1 + src/openvpn/ssl_openssl.c | 6 +++++- src/openvpn/ssl_verify_openssl.c | 3 ++- 3 files changed, 8 insertions(+), 2 deletions(-)