Attachment #458838 for bug #592490

View | Details | Raw Unified | Return to bug 592490
Collapse All | Expand All

Lines 173-182 SSL_CTX *setup_ssl_listen(void) Link Here

(-)a/ncat/ncat_ssl.c (+32 lines)
173	if (sslctx)	173	if (sslctx)
174	goto done;	174	goto done;
175		175
		176	#if OPENSSL_VERSION_NUMBER < 0x10100000L
176	SSL_library_init();	177	SSL_library_init();
177	OpenSSL_add_all_algorithms();	178	OpenSSL_add_all_algorithms();
178	ERR_load_crypto_strings();	179	ERR_load_crypto_strings();
179	SSL_load_error_strings();	180	SSL_load_error_strings();
		181	#else
		182	/* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
		183	or de-initialisation is necessary */
		184	// SSL_library_init();
		185	// OpenSSL_add_all_algorithms();
		186	// ERR_load_crypto_strings();
		187	// SSL_load_error_strings();
		188	#endif
180		189
181	/* RAND_status initializes the random number generator through a variety of	190	/* RAND_status initializes the random number generator through a variety of
182	platform-dependent methods, then returns 1 if there is enough entropy or	191	platform-dependent methods, then returns 1 if there is enough entropy or
Lines 585-596 static int ssl_gen_cert(X509 cert, EVP_PKEY key) Link Here
585	if (X509_add_ext(*cert, ext, -1) == 0)	594	if (X509_add_ext(*cert, ext, -1) == 0)
586	goto err;	595	goto err;
587		596
		597	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER
		598	{
		599	ASN1_TIME tb, ta;
		600	tb = NULL;
		601	ta = NULL;
		602
		603	if (X509_set_issuer_name(cert, X509_get_subject_name(cert)) == 0
		604	\|\| (tb = ASN1_STRING_dup(X509_get0_notBefore(*cert))) == 0
		605	\|\| X509_gmtime_adj(tb, 0) == 0
		606	\|\| X509_set1_notBefore(*cert, tb) == 0
		607	\|\| (ta = ASN1_STRING_dup(X509_get0_notAfter(*cert))) == 0
		608	\|\| X509_gmtime_adj(ta, 60) == 0
		609	\|\| X509_set1_notAfter(*cert, ta) == 0
		610	\|\| X509_set_pubkey(cert, key) == 0) {
		611	ASN1_STRING_free(tb);
		612	ASN1_STRING_free(ta);
		613	goto err;
		614	}
		615	ASN1_STRING_free(tb);
		616	ASN1_STRING_free(ta);
		617	}
		618	#else
588	if (X509_set_issuer_name(cert, X509_get_subject_name(cert)) == 0	619	if (X509_set_issuer_name(cert, X509_get_subject_name(cert)) == 0
589	\|\| X509_gmtime_adj(X509_get_notBefore(*cert), 0) == 0	620	\|\| X509_gmtime_adj(X509_get_notBefore(*cert), 0) == 0
590	\|\| X509_gmtime_adj(X509_get_notAfter(*cert), DEFAULT_CERT_DURATION) == 0	621	\|\| X509_gmtime_adj(X509_get_notAfter(*cert), DEFAULT_CERT_DURATION) == 0
591	\|\| X509_set_pubkey(cert, key) == 0) {	622	\|\| X509_set_pubkey(cert, key) == 0) {
592	goto err;	623	goto err;
593	}	624	}
		625	#endif
594		626
595	/* Sign it. */	627	/* Sign it. */
596	if (X509_sign(cert, key, EVP_sha1()) == 0)	628	if (X509_sign(cert, key, EVP_sha1()) == 0)




#include <unistd.h>

#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>


    if (set_dNSNames(*cert, dNSNames) == 0)
        goto err;

#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER
    {
        ASN1_TIME *tb, *ta;
        tb = NULL;
        ta = NULL;

        if (X509_set_issuer_name(*cert, X509_get_subject_name(*cert)) == 0
            || (tb = ASN1_STRING_dup(X509_get0_notBefore(*cert))) == 0
            || X509_gmtime_adj(tb, 0) == 0
            || X509_set1_notBefore(*cert, tb) == 0
            || (ta = ASN1_STRING_dup(X509_get0_notAfter(*cert))) == 0
            || X509_gmtime_adj(ta, 60) == 0
            || X509_set1_notAfter(*cert, ta) == 0
            || X509_set_pubkey(*cert, *key) == 0) {
            ASN1_STRING_free(tb);
            ASN1_STRING_free(ta);
            goto err;
        }
        ASN1_STRING_free(tb);
        ASN1_STRING_free(ta);
    }
#else
    if (X509_set_issuer_name(*cert, X509_get_subject_name(*cert)) == 0
        || X509_gmtime_adj(X509_get_notBefore(*cert), 0) == 0
        || X509_gmtime_adj(X509_get_notAfter(*cert), 60) == 0
        || X509_set_pubkey(*cert, *key) == 0) {
        goto err;
    }
#endif

    /* Sign it. */
    if (X509_sign(*cert, *key, EVP_sha1()) == 0)

{
    unsigned int i;

#if OPENSSL_VERSION_NUMBER < 0x10100000L
    SSL_library_init();
    ERR_load_crypto_strings();
    SSL_load_error_strings();
#else
  /* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
    or de-initialisation is necessary */
    // SSL_library_init();
    // ERR_load_crypto_strings();
    // SSL_load_error_strings();
#endif

    /* Test single pattens in both the commonName and dNSName positions. */
    for (i = 0; i < NELEMS(single_tests); i++)





LUALIB_API int luaopen_openssl(lua_State *L) {

  OpenSSL_add_all_algorithms();
#if OPENSSL_VERSION_NUMBER < 0x10100000L
  OpenSSL_add_all_algorithms();
  ERR_load_crypto_strings();
#else
  /* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
    or de-initialisation is necessary */
  // OpenSSL_add_all_algorithms();
  // ERR_load_crypto_strings();
#endif


Lines 142-147 Link Here

(-)a/nse_ssl_cert.cc (-2 / +6 lines)
142	#include <openssl/bn.h>	142	#include <openssl/bn.h>
143	#include <openssl/bio.h>	143	#include <openssl/bio.h>
144	#include <openssl/pem.h>	144	#include <openssl/pem.h>
		145	#include <openssl/rsa.h>
145	#include <openssl/ssl.h>	146	#include <openssl/ssl.h>
146	#include <openssl/x509.h>	147	#include <openssl/x509.h>
147	#include <openssl/x509v3.h>	148	#include <openssl/x509v3.h>
Lines 152-157 Link Here
152	/* Technically some of these things were added in 0x10100006	153	/* Technically some of these things were added in 0x10100006
153	* but that was pre-release. */	154	* but that was pre-release. */
154	#define HAVE_OPAQUE_STRUCTS 1	155	#define HAVE_OPAQUE_STRUCTS 1
		156	#else
		157	#define X509_get0_notBefore X509_get_notBefore
		158	#define X509_get0_notAfter X509_get_notAfter
155	#endif	159	#endif
156		160
157		161
Lines 457-465 static void x509_validity_to_table(lua_State L, X509 cert) Link Here
457	{	461	{
458	lua_newtable(L);	462	lua_newtable(L);
459		463
460	asn1_time_to_obj(L, X509_get_notBefore(cert));	464	asn1_time_to_obj(L, X509_get0_notBefore(cert));
461	lua_setfield(L, -2, "notBefore");	465	lua_setfield(L, -2, "notBefore");
462	asn1_time_to_obj(L, X509_get_notAfter(cert));	466	asn1_time_to_obj(L, X509_get0_notAfter(cert));
463	lua_setfield(L, -2, "notAfter");	467	lua_setfield(L, -2, "notAfter");
464	}	468	}
465		469

Lines 84-91 extern struct timeval nsock_tod; Link Here

(-)a/nsock/src/nsock_ssl.c (-1 / +7 lines)
84	static SSL_CTX *ssl_init_common() {	84	static SSL_CTX *ssl_init_common() {
85	SSL_CTX *ctx;	85	SSL_CTX *ctx;
86		86
		87	#if OPENSSL_VERSION_NUMBER < 0x10100000L
87	SSL_load_error_strings();	88	SSL_load_error_strings();
88	SSL_library_init();	89	SSL_library_init();
		90	#else
		91	/* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
		92	or de-initialisation is necessary */
		93	// SSL_load_error_strings();
		94	// SSL_library_init();
		95	#endif
89		96
90	ctx = SSL_CTX_new(SSLv23_client_method());	97	ctx = SSL_CTX_new(SSLv23_client_method());
91	if (!ctx) {	98	if (!ctx) {
92	-

Return to bug 592490

Lines 12-19 are rejected. The SSL transactions happen over OpenSSL BIO pairs. Link Here

(-)a/ncat/test/test-wildcard.c (+33 lines)
12	#include <unistd.h>	12	#include <unistd.h>
13		13
14	#include <openssl/bio.h>	14	#include <openssl/bio.h>
		15	#include <openssl/bn.h>
15	#include <openssl/ssl.h>	16	#include <openssl/ssl.h>
16	#include <openssl/err.h>	17	#include <openssl/err.h>
		18	#include <openssl/rsa.h>
17	#include <openssl/x509.h>	19	#include <openssl/x509.h>
18	#include <openssl/x509v3.h>	20	#include <openssl/x509v3.h>
19		21
Lines 347-358 static int gen_cert(X509 cert, EVP_PKEY key, Link Here
347	if (set_dNSNames(*cert, dNSNames) == 0)	349	if (set_dNSNames(*cert, dNSNames) == 0)
348	goto err;	350	goto err;
349		351
		352	#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined LIBRESSL_VERSION_NUMBER
		353	{
		354	ASN1_TIME tb, ta;
		355	tb = NULL;
		356	ta = NULL;
		357
		358	if (X509_set_issuer_name(cert, X509_get_subject_name(cert)) == 0
		359	\|\| (tb = ASN1_STRING_dup(X509_get0_notBefore(*cert))) == 0
		360	\|\| X509_gmtime_adj(tb, 0) == 0
		361	\|\| X509_set1_notBefore(*cert, tb) == 0
		362	\|\| (ta = ASN1_STRING_dup(X509_get0_notAfter(*cert))) == 0
		363	\|\| X509_gmtime_adj(ta, 60) == 0
		364	\|\| X509_set1_notAfter(*cert, ta) == 0
		365	\|\| X509_set_pubkey(cert, key) == 0) {
		366	ASN1_STRING_free(tb);
		367	ASN1_STRING_free(ta);
		368	goto err;
		369	}
		370	ASN1_STRING_free(tb);
		371	ASN1_STRING_free(ta);
		372	}
		373	#else
350	if (X509_set_issuer_name(cert, X509_get_subject_name(cert)) == 0	374	if (X509_set_issuer_name(cert, X509_get_subject_name(cert)) == 0
351	\|\| X509_gmtime_adj(X509_get_notBefore(*cert), 0) == 0	375	\|\| X509_gmtime_adj(X509_get_notBefore(*cert), 0) == 0
352	\|\| X509_gmtime_adj(X509_get_notAfter(*cert), 60) == 0	376	\|\| X509_gmtime_adj(X509_get_notAfter(*cert), 60) == 0
353	\|\| X509_set_pubkey(cert, key) == 0) {	377	\|\| X509_set_pubkey(cert, key) == 0) {
354	goto err;	378	goto err;
355	}	379	}
		380	#endif
356		381
357	/* Sign it. */	382	/* Sign it. */
358	if (X509_sign(cert, key, EVP_sha1()) == 0)	383	if (X509_sign(cert, key, EVP_sha1()) == 0)
Lines 556-564 int main(void) Link Here
556	{	581	{
557	unsigned int i;	582	unsigned int i;
558		583
		584	#if OPENSSL_VERSION_NUMBER < 0x10100000L
559	SSL_library_init();	585	SSL_library_init();
560	ERR_load_crypto_strings();	586	ERR_load_crypto_strings();
561	SSL_load_error_strings();	587	SSL_load_error_strings();
		588	#else
		589	/* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
		590	or de-initialisation is necessary */
		591	// SSL_library_init();
		592	// ERR_load_crypto_strings();
		593	// SSL_load_error_strings();
		594	#endif
562		595
563	/* Test single pattens in both the commonName and dNSName positions. */	596	/* Test single pattens in both the commonName and dNSName positions. */
564	for (i = 0; i < NELEMS(single_tests); i++)	597	for (i = 0; i < NELEMS(single_tests); i++)

Lines 602-613 static const struct luaL_Reg openssllib[] = { Link Here

(-)a/nse_openssl.cc (-1 / +2 lines)
602		602
603	LUALIB_API int luaopen_openssl(lua_State *L) {	603	LUALIB_API int luaopen_openssl(lua_State *L) {
604		604
605	OpenSSL_add_all_algorithms();
606	#if OPENSSL_VERSION_NUMBER < 0x10100000L	605	#if OPENSSL_VERSION_NUMBER < 0x10100000L
		606	OpenSSL_add_all_algorithms();
607	ERR_load_crypto_strings();	607	ERR_load_crypto_strings();
608	#else	608	#else
609	/* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation	609	/* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
610	or de-initialisation is necessary */	610	or de-initialisation is necessary */
		611	// OpenSSL_add_all_algorithms();
611	// ERR_load_crypto_strings();	612	// ERR_load_crypto_strings();
612	#endif	613	#endif
613		614