| Message ID | 20180622021501.23037-1-rosenp@gmail.com |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | [Openvpn-devel,PATCHv2] openvpn: Add missing OpenSSL includes | expand |
Hi, for the next time, please put a space in the subject between "PATCH" and "v2", so that patchwork can happily distinguish the version from the subject-prefix. Actually git can do this for you if you specify the -vX argument (i.e. -v2) to the "git format-patch" command when creating the patch. Cheers, On 22/06/18 10:15, Rosen Penev wrote: > These get included when deprecated APIs are enabled. This is true on at > least version 1.0.2 and 1.1.0. > > Without deprecated APIs, OpenVPN fails to compile. > > Signed-off-by: Rosen Penev <rosenp@gmail.com> > --- > src/openvpn/ssl_openssl.c | 9 +++++++++ > src/openvpn/ssl_verify_openssl.c | 1 + > 2 files changed, 10 insertions(+) > > diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c > index 527a600a..d9aec9bd 100644 > --- a/src/openvpn/ssl_openssl.c > +++ b/src/openvpn/ssl_openssl.c > @@ -56,6 +56,15 @@ > #include <openssl/pkcs12.h> > #include <openssl/x509.h> > #include <openssl/crypto.h> > +#ifndef OPENSSL_NO_DH > +#include <openssl/dh.h> > +#endif > +#ifndef OPENSSL_NO_DSA > +#include <openssl/dsa.h> > +#endif > +#ifndef OPENSSL_NO_RSA > +#include <openssl/rsa.h> > +#endif > #ifndef OPENSSL_NO_EC > #include <openssl/ec.h> > #endif > diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c > index 9b984751..82460ae7 100644 > --- a/src/openvpn/ssl_verify_openssl.c > +++ b/src/openvpn/ssl_verify_openssl.c > @@ -46,6 +46,7 @@ > > #include <openssl/x509v3.h> > #include <openssl/err.h> > +#include <openssl/bn.h> > > int > verify_callback(int preverify_ok, X509_STORE_CTX *ctx) >
Hi, On 22-06-18 04:15, Rosen Penev wrote: > These get included when deprecated APIs are enabled. This is true on at > least version 1.0.2 and 1.1.0. > > Without deprecated APIs, OpenVPN fails to compile. > > Signed-off-by: Rosen Penev <rosenp@gmail.com> > --- > src/openvpn/ssl_openssl.c | 9 +++++++++ > src/openvpn/ssl_verify_openssl.c | 1 + > 2 files changed, 10 insertions(+) > > diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c > index 527a600a..d9aec9bd 100644 > --- a/src/openvpn/ssl_openssl.c > +++ b/src/openvpn/ssl_openssl.c > @@ -56,6 +56,15 @@ > #include <openssl/pkcs12.h> > #include <openssl/x509.h> > #include <openssl/crypto.h> > +#ifndef OPENSSL_NO_DH > +#include <openssl/dh.h> > +#endif > +#ifndef OPENSSL_NO_DSA > +#include <openssl/dsa.h> > +#endif > +#ifndef OPENSSL_NO_RSA > +#include <openssl/rsa.h> > +#endif > #ifndef OPENSSL_NO_EC > #include <openssl/ec.h> > #endif > diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c > index 9b984751..82460ae7 100644 > --- a/src/openvpn/ssl_verify_openssl.c > +++ b/src/openvpn/ssl_verify_openssl.c > @@ -46,6 +46,7 @@ > > #include <openssl/x509v3.h> > #include <openssl/err.h> > +#include <openssl/bn.h> > > int > verify_callback(int preverify_ok, X509_STORE_CTX *ctx) > Thanks for the patch. I sent similar patches half a year ago, which are awaiting review: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15934.html and https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15936.html (DH, DSA, and RSA are not optional for OpenVPN, so the #ifndef's are not needed.) So: who's willing to review these? -Steffan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Hi, On Fri, Jun 29, 2018 at 01:48:54PM +0200, Steffan Karger wrote: > Thanks for the patch. I sent similar patches half a year ago, which are > awaiting review: Thanks for pointing that out. I feel sufficiently poked. gert
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 527a600a..d9aec9bd 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -56,6 +56,15 @@ #include <openssl/pkcs12.h> #include <openssl/x509.h> #include <openssl/crypto.h> +#ifndef OPENSSL_NO_DH +#include <openssl/dh.h> +#endif +#ifndef OPENSSL_NO_DSA +#include <openssl/dsa.h> +#endif +#ifndef OPENSSL_NO_RSA +#include <openssl/rsa.h> +#endif #ifndef OPENSSL_NO_EC #include <openssl/ec.h> #endif diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index 9b984751..82460ae7 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -46,6 +46,7 @@ #include <openssl/x509v3.h> #include <openssl/err.h> +#include <openssl/bn.h> int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
These get included when deprecated APIs are enabled. This is true on at least version 1.0.2 and 1.1.0. Without deprecated APIs, OpenVPN fails to compile. Signed-off-by: Rosen Penev <rosenp@gmail.com> --- src/openvpn/ssl_openssl.c | 9 +++++++++ src/openvpn/ssl_verify_openssl.c | 1 + 2 files changed, 10 insertions(+)