Lines 57-62
static void *ctx_password_cb_arg;
Link Here
|
57 |
#ifdef USE_PTHREADS |
57 |
#ifdef USE_PTHREADS |
58 |
#include <pthread.h> |
58 |
#include <pthread.h> |
59 |
static pthread_mutex_t starttls_mutex = PTHREAD_MUTEX_INITIALIZER; |
59 |
static pthread_mutex_t starttls_mutex = PTHREAD_MUTEX_INITIALIZER; |
|
|
60 |
#if OPENSSL_VERSION_NUMBER < 0x10100000 |
60 |
static pthread_mutex_t *openssl_mutex; |
61 |
static pthread_mutex_t *openssl_mutex; |
61 |
|
62 |
|
62 |
static void |
63 |
static void |
Lines 70-75
openssl_mutexcb (int mode, int n,
Link Here
|
70 |
pthread_mutex_unlock (&openssl_mutex[n]); |
71 |
pthread_mutex_unlock (&openssl_mutex[n]); |
71 |
} |
72 |
} |
72 |
#endif |
73 |
#endif |
|
|
74 |
#endif |
73 |
|
75 |
|
74 |
static int |
76 |
static int |
75 |
starttls_init (void) |
77 |
starttls_init (void) |
Lines 77-82
starttls_init (void)
Link Here
|
77 |
if (tls_init) |
79 |
if (tls_init) |
78 |
return 1; |
80 |
return 1; |
79 |
|
81 |
|
|
|
82 |
#if OPENSSL_VERSION_NUMBER < 0x10100000 |
83 |
/* starting from OpenSSL 1.1.0, OpenSSL uses a new threading API and does its own locking */ |
84 |
/* also initialization has been reworked and is done automatically */ |
85 |
/* so there's not much to do here any more */ |
80 |
#ifdef USE_PTHREADS |
86 |
#ifdef USE_PTHREADS |
81 |
/* Set up mutexes for the OpenSSL library */ |
87 |
/* Set up mutexes for the OpenSSL library */ |
82 |
if (openssl_mutex == NULL) |
88 |
if (openssl_mutex == NULL) |
Lines 94-102
starttls_init (void)
Link Here
|
94 |
CRYPTO_set_locking_callback (openssl_mutexcb); |
100 |
CRYPTO_set_locking_callback (openssl_mutexcb); |
95 |
} |
101 |
} |
96 |
#endif |
102 |
#endif |
97 |
tls_init = 1; |
|
|
98 |
SSL_load_error_strings (); |
103 |
SSL_load_error_strings (); |
99 |
SSL_library_init (); |
104 |
SSL_library_init (); |
|
|
105 |
#endif |
106 |
tls_init = 1; |
100 |
return 1; |
107 |
return 1; |
101 |
} |
108 |
} |
102 |
|
109 |
|
Lines 201-207
starttls_create_ctx (smtp_session_t session)
Link Here
|
201 |
3207. Servers typically support SSL as well as TLS because some |
208 |
3207. Servers typically support SSL as well as TLS because some |
202 |
versions of Netscape do not support TLS. I am assuming that all |
209 |
versions of Netscape do not support TLS. I am assuming that all |
203 |
currently deployed servers correctly support TLS. */ |
210 |
currently deployed servers correctly support TLS. */ |
|
|
211 |
#if OPENSSL_VERSION_NUMBER < 0x10100000 |
204 |
ctx = SSL_CTX_new (TLSv1_client_method ()); |
212 |
ctx = SSL_CTX_new (TLSv1_client_method ()); |
|
|
213 |
#else |
214 |
ctx = SSL_CTX_new (TLS_client_method ()); |
215 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION)) { |
216 |
/* FIXME: set an error code AND free the allocated ctx */ |
217 |
return NULL; |
218 |
} |
219 |
#endif |
205 |
|
220 |
|
206 |
/* Load our keys and certificates. To avoid messing with configuration |
221 |
/* Load our keys and certificates. To avoid messing with configuration |
207 |
variables etc, use fixed paths for the certificate store. These are |
222 |
variables etc, use fixed paths for the certificate store. These are |