Lines 173-182
SSL_CTX *setup_ssl_listen(void)
Link Here
|
173 |
if (sslctx) |
173 |
if (sslctx) |
174 |
goto done; |
174 |
goto done; |
175 |
|
175 |
|
|
|
176 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
176 |
SSL_library_init(); |
177 |
SSL_library_init(); |
177 |
OpenSSL_add_all_algorithms(); |
178 |
OpenSSL_add_all_algorithms(); |
178 |
ERR_load_crypto_strings(); |
179 |
ERR_load_crypto_strings(); |
179 |
SSL_load_error_strings(); |
180 |
SSL_load_error_strings(); |
|
|
181 |
#else |
182 |
/* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation |
183 |
or de-initialisation is necessary */ |
184 |
// SSL_library_init(); |
185 |
// OpenSSL_add_all_algorithms(); |
186 |
// ERR_load_crypto_strings(); |
187 |
// SSL_load_error_strings(); |
188 |
#endif |
180 |
|
189 |
|
181 |
/* RAND_status initializes the random number generator through a variety of |
190 |
/* RAND_status initializes the random number generator through a variety of |
182 |
platform-dependent methods, then returns 1 if there is enough entropy or |
191 |
platform-dependent methods, then returns 1 if there is enough entropy or |
Lines 585-596
static int ssl_gen_cert(X509 **cert, EVP_PKEY **key)
Link Here
|
585 |
if (X509_add_ext(*cert, ext, -1) == 0) |
594 |
if (X509_add_ext(*cert, ext, -1) == 0) |
586 |
goto err; |
595 |
goto err; |
587 |
|
596 |
|
|
|
597 |
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER |
598 |
{ |
599 |
ASN1_TIME *tb, *ta; |
600 |
tb = NULL; |
601 |
ta = NULL; |
602 |
|
603 |
if (X509_set_issuer_name(*cert, X509_get_subject_name(*cert)) == 0 |
604 |
|| (tb = ASN1_STRING_dup(X509_get0_notBefore(*cert))) == 0 |
605 |
|| X509_gmtime_adj(tb, 0) == 0 |
606 |
|| X509_set1_notBefore(*cert, tb) == 0 |
607 |
|| (ta = ASN1_STRING_dup(X509_get0_notAfter(*cert))) == 0 |
608 |
|| X509_gmtime_adj(ta, 60) == 0 |
609 |
|| X509_set1_notAfter(*cert, ta) == 0 |
610 |
|| X509_set_pubkey(*cert, *key) == 0) { |
611 |
ASN1_STRING_free(tb); |
612 |
ASN1_STRING_free(ta); |
613 |
goto err; |
614 |
} |
615 |
ASN1_STRING_free(tb); |
616 |
ASN1_STRING_free(ta); |
617 |
} |
618 |
#else |
588 |
if (X509_set_issuer_name(*cert, X509_get_subject_name(*cert)) == 0 |
619 |
if (X509_set_issuer_name(*cert, X509_get_subject_name(*cert)) == 0 |
589 |
|| X509_gmtime_adj(X509_get_notBefore(*cert), 0) == 0 |
620 |
|| X509_gmtime_adj(X509_get_notBefore(*cert), 0) == 0 |
590 |
|| X509_gmtime_adj(X509_get_notAfter(*cert), DEFAULT_CERT_DURATION) == 0 |
621 |
|| X509_gmtime_adj(X509_get_notAfter(*cert), DEFAULT_CERT_DURATION) == 0 |
591 |
|| X509_set_pubkey(*cert, *key) == 0) { |
622 |
|| X509_set_pubkey(*cert, *key) == 0) { |
592 |
goto err; |
623 |
goto err; |
593 |
} |
624 |
} |
|
|
625 |
#endif |
594 |
|
626 |
|
595 |
/* Sign it. */ |
627 |
/* Sign it. */ |
596 |
if (X509_sign(*cert, *key, EVP_sha1()) == 0) |
628 |
if (X509_sign(*cert, *key, EVP_sha1()) == 0) |