Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
View | Details | Raw Unified | Return to bug 592490
Collapse All | Expand All

(-)a/ncat/ncat_ssl.c (+32 lines)
Lines 173-182 SSL_CTX *setup_ssl_listen(void) Link Here
173
    if (sslctx)
173
    if (sslctx)
174
        goto done;
174
        goto done;
175
175
176
#if OPENSSL_VERSION_NUMBER < 0x10100000L
176
    SSL_library_init();
177
    SSL_library_init();
177
    OpenSSL_add_all_algorithms();
178
    OpenSSL_add_all_algorithms();
178
    ERR_load_crypto_strings();
179
    ERR_load_crypto_strings();
179
    SSL_load_error_strings();
180
    SSL_load_error_strings();
181
#else
182
  /* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
183
    or de-initialisation is necessary */
184
    // SSL_library_init();
185
    // OpenSSL_add_all_algorithms();
186
    // ERR_load_crypto_strings();
187
    // SSL_load_error_strings();
188
#endif
180
189
181
    /* RAND_status initializes the random number generator through a variety of
190
    /* RAND_status initializes the random number generator through a variety of
182
       platform-dependent methods, then returns 1 if there is enough entropy or
191
       platform-dependent methods, then returns 1 if there is enough entropy or
Lines 585-596 static int ssl_gen_cert(X509 **cert, EVP_PKEY **key) Link Here
585
    if (X509_add_ext(*cert, ext, -1) == 0)
594
    if (X509_add_ext(*cert, ext, -1) == 0)
586
        goto err;
595
        goto err;
587
596
597
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER
598
    {
599
        ASN1_TIME *tb, *ta;
600
        tb = NULL;
601
        ta = NULL;
602
603
        if (X509_set_issuer_name(*cert, X509_get_subject_name(*cert)) == 0
604
            || (tb = ASN1_STRING_dup(X509_get0_notBefore(*cert))) == 0
605
            || X509_gmtime_adj(tb, 0) == 0
606
            || X509_set1_notBefore(*cert, tb) == 0
607
            || (ta = ASN1_STRING_dup(X509_get0_notAfter(*cert))) == 0
608
            || X509_gmtime_adj(ta, 60) == 0
609
            || X509_set1_notAfter(*cert, ta) == 0
610
            || X509_set_pubkey(*cert, *key) == 0) {
611
            ASN1_STRING_free(tb);
612
            ASN1_STRING_free(ta);
613
            goto err;
614
        }
615
        ASN1_STRING_free(tb);
616
        ASN1_STRING_free(ta);
617
    }
618
#else
588
    if (X509_set_issuer_name(*cert, X509_get_subject_name(*cert)) == 0
619
    if (X509_set_issuer_name(*cert, X509_get_subject_name(*cert)) == 0
589
        || X509_gmtime_adj(X509_get_notBefore(*cert), 0) == 0
620
        || X509_gmtime_adj(X509_get_notBefore(*cert), 0) == 0
590
        || X509_gmtime_adj(X509_get_notAfter(*cert), DEFAULT_CERT_DURATION) == 0
621
        || X509_gmtime_adj(X509_get_notAfter(*cert), DEFAULT_CERT_DURATION) == 0
591
        || X509_set_pubkey(*cert, *key) == 0) {
622
        || X509_set_pubkey(*cert, *key) == 0) {
592
        goto err;
623
        goto err;
593
    }
624
    }
625
#endif
594
626
595
    /* Sign it. */
627
    /* Sign it. */
596
    if (X509_sign(*cert, *key, EVP_sha1()) == 0)
628
    if (X509_sign(*cert, *key, EVP_sha1()) == 0)
(-)a/ncat/test/test-wildcard.c (+33 lines)
Lines 12-19 are rejected. The SSL transactions happen over OpenSSL BIO pairs. Link Here
12
#include <unistd.h>
12
#include <unistd.h>
13
13
14
#include <openssl/bio.h>
14
#include <openssl/bio.h>
15
#include <openssl/bn.h>
15
#include <openssl/ssl.h>
16
#include <openssl/ssl.h>
16
#include <openssl/err.h>
17
#include <openssl/err.h>
18
#include <openssl/rsa.h>
17
#include <openssl/x509.h>
19
#include <openssl/x509.h>
18
#include <openssl/x509v3.h>
20
#include <openssl/x509v3.h>
19
21
Lines 347-358 static int gen_cert(X509 **cert, EVP_PKEY **key, Link Here
347
    if (set_dNSNames(*cert, dNSNames) == 0)
349
    if (set_dNSNames(*cert, dNSNames) == 0)
348
        goto err;
350
        goto err;
349
351
352
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER
353
    {
354
        ASN1_TIME *tb, *ta;
355
        tb = NULL;
356
        ta = NULL;
357
358
        if (X509_set_issuer_name(*cert, X509_get_subject_name(*cert)) == 0
359
            || (tb = ASN1_STRING_dup(X509_get0_notBefore(*cert))) == 0
360
            || X509_gmtime_adj(tb, 0) == 0
361
            || X509_set1_notBefore(*cert, tb) == 0
362
            || (ta = ASN1_STRING_dup(X509_get0_notAfter(*cert))) == 0
363
            || X509_gmtime_adj(ta, 60) == 0
364
            || X509_set1_notAfter(*cert, ta) == 0
365
            || X509_set_pubkey(*cert, *key) == 0) {
366
            ASN1_STRING_free(tb);
367
            ASN1_STRING_free(ta);
368
            goto err;
369
        }
370
        ASN1_STRING_free(tb);
371
        ASN1_STRING_free(ta);
372
    }
373
#else
350
    if (X509_set_issuer_name(*cert, X509_get_subject_name(*cert)) == 0
374
    if (X509_set_issuer_name(*cert, X509_get_subject_name(*cert)) == 0
351
        || X509_gmtime_adj(X509_get_notBefore(*cert), 0) == 0
375
        || X509_gmtime_adj(X509_get_notBefore(*cert), 0) == 0
352
        || X509_gmtime_adj(X509_get_notAfter(*cert), 60) == 0
376
        || X509_gmtime_adj(X509_get_notAfter(*cert), 60) == 0
353
        || X509_set_pubkey(*cert, *key) == 0) {
377
        || X509_set_pubkey(*cert, *key) == 0) {
354
        goto err;
378
        goto err;
355
    }
379
    }
380
#endif
356
381
357
    /* Sign it. */
382
    /* Sign it. */
358
    if (X509_sign(*cert, *key, EVP_sha1()) == 0)
383
    if (X509_sign(*cert, *key, EVP_sha1()) == 0)
Lines 556-564 int main(void) Link Here
556
{
581
{
557
    unsigned int i;
582
    unsigned int i;
558
583
584
#if OPENSSL_VERSION_NUMBER < 0x10100000L
559
    SSL_library_init();
585
    SSL_library_init();
560
    ERR_load_crypto_strings();
586
    ERR_load_crypto_strings();
561
    SSL_load_error_strings();
587
    SSL_load_error_strings();
588
#else
589
  /* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
590
    or de-initialisation is necessary */
591
    // SSL_library_init();
592
    // ERR_load_crypto_strings();
593
    // SSL_load_error_strings();
594
#endif
562
595
563
    /* Test single pattens in both the commonName and dNSName positions. */
596
    /* Test single pattens in both the commonName and dNSName positions. */
564
    for (i = 0; i < NELEMS(single_tests); i++)
597
    for (i = 0; i < NELEMS(single_tests); i++)
(-)a/nse_openssl.cc (-1 / +2 lines)
Lines 602-613 static const struct luaL_Reg openssllib[] = { Link Here
602
602
603
LUALIB_API int luaopen_openssl(lua_State *L) {
603
LUALIB_API int luaopen_openssl(lua_State *L) {
604
604
605
  OpenSSL_add_all_algorithms();
606
#if OPENSSL_VERSION_NUMBER < 0x10100000L
605
#if OPENSSL_VERSION_NUMBER < 0x10100000L
606
  OpenSSL_add_all_algorithms();
607
  ERR_load_crypto_strings();
607
  ERR_load_crypto_strings();
608
#else
608
#else
609
  /* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
609
  /* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
610
    or de-initialisation is necessary */
610
    or de-initialisation is necessary */
611
  // OpenSSL_add_all_algorithms();
611
  // ERR_load_crypto_strings();
612
  // ERR_load_crypto_strings();
612
#endif
613
#endif
613
614
(-)a/nse_ssl_cert.cc (-2 / +6 lines)
Lines 142-147 Link Here
142
#include <openssl/bn.h>
142
#include <openssl/bn.h>
143
#include <openssl/bio.h>
143
#include <openssl/bio.h>
144
#include <openssl/pem.h>
144
#include <openssl/pem.h>
145
#include <openssl/rsa.h>
145
#include <openssl/ssl.h>
146
#include <openssl/ssl.h>
146
#include <openssl/x509.h>
147
#include <openssl/x509.h>
147
#include <openssl/x509v3.h>
148
#include <openssl/x509v3.h>
Lines 152-157 Link Here
152
/* Technically some of these things were added in 0x10100006
153
/* Technically some of these things were added in 0x10100006
153
 * but that was pre-release. */
154
 * but that was pre-release. */
154
#define HAVE_OPAQUE_STRUCTS 1
155
#define HAVE_OPAQUE_STRUCTS 1
156
#else
157
#define X509_get0_notBefore X509_get_notBefore
158
#define X509_get0_notAfter X509_get_notAfter
155
#endif
159
#endif
156
160
157
161
Lines 457-465 static void x509_validity_to_table(lua_State *L, X509 *cert) Link Here
457
{
461
{
458
  lua_newtable(L);
462
  lua_newtable(L);
459
463
460
  asn1_time_to_obj(L, X509_get_notBefore(cert));
464
  asn1_time_to_obj(L, X509_get0_notBefore(cert));
461
  lua_setfield(L, -2, "notBefore");
465
  lua_setfield(L, -2, "notBefore");
462
  asn1_time_to_obj(L, X509_get_notAfter(cert));
466
  asn1_time_to_obj(L, X509_get0_notAfter(cert));
463
  lua_setfield(L, -2, "notAfter");
467
  lua_setfield(L, -2, "notAfter");
464
}
468
}
465
469
(-)a/nsock/src/nsock_ssl.c (-1 / +7 lines)
Lines 84-91 extern struct timeval nsock_tod; Link Here
84
static SSL_CTX *ssl_init_common() {
84
static SSL_CTX *ssl_init_common() {
85
  SSL_CTX *ctx;
85
  SSL_CTX *ctx;
86
86
87
#if OPENSSL_VERSION_NUMBER < 0x10100000L
87
  SSL_load_error_strings();
88
  SSL_load_error_strings();
88
  SSL_library_init();
89
  SSL_library_init();
90
#else
91
  /* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
92
    or de-initialisation is necessary */
93
  // SSL_load_error_strings();
94
  // SSL_library_init();
95
#endif
89
96
90
  ctx = SSL_CTX_new(SSLv23_client_method());
97
  ctx = SSL_CTX_new(SSLv23_client_method());
91
  if (!ctx) {
98
  if (!ctx) {
92
- 

Return to bug 592490