Lines 181-189
const struct optdesc opt_openssl_key = { "openssl-key", "key",
Link Here
|
181 |
const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
181 |
const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
182 |
const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
182 |
const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
183 |
const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
183 |
const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
|
|
184 |
#ifndef OPENSSL_NO_EGD |
184 |
const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
185 |
const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; |
|
|
186 |
#endif |
185 |
const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC }; |
187 |
const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC }; |
186 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L |
188 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) |
187 |
const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC }; |
189 |
const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC }; |
188 |
#endif |
190 |
#endif |
189 |
#if WITH_FIPS |
191 |
#if WITH_FIPS |
Lines 220-226
int xio_reset_fips_mode(void) {
Link Here
|
220 |
static void openssl_conn_loginfo(SSL *ssl) { |
222 |
static void openssl_conn_loginfo(SSL *ssl) { |
221 |
Notice1("SSL connection using %s", SSL_get_cipher(ssl)); |
223 |
Notice1("SSL connection using %s", SSL_get_cipher(ssl)); |
222 |
|
224 |
|
223 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L |
225 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) |
224 |
{ |
226 |
{ |
225 |
const COMP_METHOD *comp, *expansion; |
227 |
const COMP_METHOD *comp, *expansion; |
226 |
|
228 |
|
Lines 786-792
int _xioopen_openssl_listen(struct single *xfd,
Link Here
|
786 |
#endif /* WITH_LISTEN */ |
788 |
#endif /* WITH_LISTEN */ |
787 |
|
789 |
|
788 |
|
790 |
|
789 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L |
791 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) |
790 |
/* In OpenSSL 0.9.7 compression methods could be added using |
792 |
/* In OpenSSL 0.9.7 compression methods could be added using |
791 |
* SSL_COMP_add_compression_method(3), but the implemntation is not compatible |
793 |
* SSL_COMP_add_compression_method(3), but the implemntation is not compatible |
792 |
* with the standard (RFC3749). |
794 |
* with the standard (RFC3749). |
Lines 857-864
int
Link Here
|
857 |
char *opt_dhparam = NULL; /* file name of DH params */ |
859 |
char *opt_dhparam = NULL; /* file name of DH params */ |
858 |
char *opt_cafile = NULL; /* certificate authority file */ |
860 |
char *opt_cafile = NULL; /* certificate authority file */ |
859 |
char *opt_capath = NULL; /* certificate authority directory */ |
861 |
char *opt_capath = NULL; /* certificate authority directory */ |
|
|
862 |
#ifndef OPENSSL_NO_EGD |
860 |
char *opt_egd = NULL; /* entropy gathering daemon socket path */ |
863 |
char *opt_egd = NULL; /* entropy gathering daemon socket path */ |
861 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L |
864 |
#endif |
|
|
865 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) |
862 |
char *opt_compress = NULL; /* compression method */ |
866 |
char *opt_compress = NULL; /* compression method */ |
863 |
#endif |
867 |
#endif |
864 |
bool opt_pseudo = false; /* use pseudo entropy if nothing else */ |
868 |
bool opt_pseudo = false; /* use pseudo entropy if nothing else */ |
Lines 875-883
int
Link Here
|
875 |
retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath); |
879 |
retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath); |
876 |
retropt_string(opts, OPT_OPENSSL_KEY, &opt_key); |
880 |
retropt_string(opts, OPT_OPENSSL_KEY, &opt_key); |
877 |
retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam); |
881 |
retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam); |
|
|
882 |
#ifndef OPENSSL_NO_EGD |
878 |
retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd); |
883 |
retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd); |
|
|
884 |
#endif |
879 |
retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo); |
885 |
retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo); |
880 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L |
886 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) |
881 |
retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress); |
887 |
retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress); |
882 |
#endif |
888 |
#endif |
883 |
#if WITH_FIPS |
889 |
#if WITH_FIPS |
Lines 1010-1018
int
Link Here
|
1010 |
} |
1016 |
} |
1011 |
} |
1017 |
} |
1012 |
|
1018 |
|
|
|
1019 |
#ifndef OPENSSL_NO_EGD |
1013 |
if (opt_egd) { |
1020 |
if (opt_egd) { |
1014 |
sycRAND_egd(opt_egd); |
1021 |
sycRAND_egd(opt_egd); |
1015 |
} |
1022 |
} |
|
|
1023 |
#endif |
1016 |
|
1024 |
|
1017 |
if (opt_pseudo) { |
1025 |
if (opt_pseudo) { |
1018 |
long int randdata; |
1026 |
long int randdata; |
Lines 1117-1123
int
Link Here
|
1117 |
} |
1125 |
} |
1118 |
#endif /* !defined(EC_KEY) */ |
1126 |
#endif /* !defined(EC_KEY) */ |
1119 |
|
1127 |
|
1120 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L |
1128 |
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) |
1121 |
if (opt_compress) { |
1129 |
if (opt_compress) { |
1122 |
int result; |
1130 |
int result; |
1123 |
result = openssl_setup_compression(*ctx, opt_compress); |
1131 |
result = openssl_setup_compression(*ctx, opt_compress); |
Lines 1231-1237
static int openssl_SSL_ERROR_SSL(int level, const char *funcname) {
Link Here
|
1231 |
if (e == ((ERR_LIB_RAND<<24)| |
1239 |
if (e == ((ERR_LIB_RAND<<24)| |
1232 |
(RAND_F_SSLEAY_RAND_BYTES<<12)| |
1240 |
(RAND_F_SSLEAY_RAND_BYTES<<12)| |
1233 |
(RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) { |
1241 |
(RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) { |
|
|
1242 |
#ifdef OPENSSL_NO_EGD |
1243 |
Error("too few entropy; use option \"pseudo\""); |
1244 |
#else |
1234 |
Error("too few entropy; use options \"egd\" or \"pseudo\""); |
1245 |
Error("too few entropy; use options \"egd\" or \"pseudo\""); |
|
|
1246 |
#endif |
1235 |
stat = STAT_NORETRY; |
1247 |
stat = STAT_NORETRY; |
1236 |
} else { |
1248 |
} else { |
1237 |
Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf)); |
1249 |
Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf)); |