Lines 108-116
const struct optdesc opt_openssl_key = { "openssl-key", "key",
Link Here
|
108 |
const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
108 |
const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
109 |
const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
109 |
const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
110 |
const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
110 |
const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
|
|
111 |
#ifndef OPENSSL_NO_EGD |
111 |
const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
112 |
const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
|
|
113 |
#endif |
112 |
const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC }; |
114 |
const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC }; |
113 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L |
115 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) |
114 |
const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC }; |
116 |
const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC }; |
115 |
#endif |
117 |
#endif |
116 |
#if WITH_FIPS |
118 |
#if WITH_FIPS |
Lines 147-153
int xio_reset_fips_mode(void) {
Link Here
|
147 |
static void openssl_conn_loginfo(SSL *ssl) { |
149 |
static void openssl_conn_loginfo(SSL *ssl) { |
148 |
Notice1("SSL connection using %s", SSL_get_cipher(ssl)); |
150 |
Notice1("SSL connection using %s", SSL_get_cipher(ssl)); |
149 |
|
151 |
|
150 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L |
152 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) |
151 |
{ |
153 |
{ |
152 |
const COMP_METHOD *comp, *expansion; |
154 |
const COMP_METHOD *comp, *expansion; |
153 |
|
155 |
|
Lines 651-657
int _xioopen_openssl_listen(struct single *xfd,
Link Here
|
651 |
#endif /* WITH_LISTEN */ |
653 |
#endif /* WITH_LISTEN */ |
652 |
|
654 |
|
653 |
|
655 |
|
654 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L |
656 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) |
655 |
/* In OpenSSL 0.9.7 compression methods could be added using |
657 |
/* In OpenSSL 0.9.7 compression methods could be added using |
656 |
* SSL_COMP_add_compression_method(3), but the implemntation is not compatible |
658 |
* SSL_COMP_add_compression_method(3), but the implemntation is not compatible |
657 |
* with the standard (RFC3749). |
659 |
* with the standard (RFC3749). |
Lines 722-729
int
Link Here
|
722 |
char *opt_dhparam = NULL; /* file name of DH params */ |
724 |
char *opt_dhparam = NULL; /* file name of DH params */ |
723 |
char *opt_cafile = NULL; /* certificate authority file */ |
725 |
char *opt_cafile = NULL; /* certificate authority file */ |
724 |
char *opt_capath = NULL; /* certificate authority directory */ |
726 |
char *opt_capath = NULL; /* certificate authority directory */ |
|
|
727 |
#ifndef OPENSSL_NO_EGD |
725 |
char *opt_egd = NULL; /* entropy gathering daemon socket path */ |
728 |
char *opt_egd = NULL; /* entropy gathering daemon socket path */ |
726 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L |
729 |
#endif |
|
|
730 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) |
727 |
char *opt_compress = NULL; /* compression method */ |
731 |
char *opt_compress = NULL; /* compression method */ |
728 |
#endif |
732 |
#endif |
729 |
bool opt_pseudo = false; /* use pseudo entropy if nothing else */ |
733 |
bool opt_pseudo = false; /* use pseudo entropy if nothing else */ |
Lines 741-749
int
Link Here
|
741 |
retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath); |
745 |
retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath); |
742 |
retropt_string(opts, OPT_OPENSSL_KEY, &opt_key); |
746 |
retropt_string(opts, OPT_OPENSSL_KEY, &opt_key); |
743 |
retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam); |
747 |
retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam); |
|
|
748 |
#ifndef OPENSSL_NO_EGD |
744 |
retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd); |
749 |
retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd); |
|
|
750 |
#endif |
745 |
retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo); |
751 |
retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo); |
746 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L |
752 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) |
747 |
retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress); |
753 |
retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress); |
748 |
#endif |
754 |
#endif |
749 |
#if WITH_FIPS |
755 |
#if WITH_FIPS |
Lines 877-885
int
Link Here
|
877 |
} |
883 |
} |
878 |
} |
884 |
} |
879 |
|
885 |
|
|
|
886 |
#ifndef OPENSSL_NO_EGD |
880 |
if (opt_egd) { |
887 |
if (opt_egd) { |
881 |
sycRAND_egd(opt_egd); |
888 |
sycRAND_egd(opt_egd); |
882 |
} |
889 |
} |
|
|
890 |
#endif |
883 |
|
891 |
|
884 |
if (opt_pseudo) { |
892 |
if (opt_pseudo) { |
885 |
long int randdata; |
893 |
long int randdata; |
Lines 984-990
int
Link Here
|
984 |
} |
992 |
} |
985 |
#endif /* !defined(EC_KEY) */ |
993 |
#endif /* !defined(EC_KEY) */ |
986 |
|
994 |
|
987 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L |
995 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) |
988 |
if (opt_compress) { |
996 |
if (opt_compress) { |
989 |
int result; |
997 |
int result; |
990 |
result = openssl_setup_compression(*ctx, opt_compress); |
998 |
result = openssl_setup_compression(*ctx, opt_compress); |
Lines 1098-1104
static int openssl_SSL_ERROR_SSL(int level, const char *funcname) {
Link Here
|
1098 |
if (e == ((ERR_LIB_RAND<<24)| |
1106 |
if (e == ((ERR_LIB_RAND<<24)| |
1099 |
(RAND_F_SSLEAY_RAND_BYTES<<12)| |
1107 |
(RAND_F_SSLEAY_RAND_BYTES<<12)| |
1100 |
(RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) { |
1108 |
(RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) { |
|
|
1109 |
#ifdef OPENSSL_NO_EGD |
1110 |
Error("too few entropy; use option \"pseudo\""); |
1111 |
#else |
1101 |
Error("too few entropy; use options \"egd\" or \"pseudo\""); |
1112 |
Error("too few entropy; use options \"egd\" or \"pseudo\""); |
|
|
1113 |
#endif |
1102 |
stat = STAT_NORETRY; |
1114 |
stat = STAT_NORETRY; |
1103 |
} else { |
1115 |
} else { |
1104 |
Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf)); |
1116 |
Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf)); |