|
Lines 57-62
static void *ctx_password_cb_arg;
Link Here
|
| 57 |
#ifdef USE_PTHREADS |
57 |
#ifdef USE_PTHREADS |
| 58 |
#include <pthread.h> |
58 |
#include <pthread.h> |
| 59 |
static pthread_mutex_t starttls_mutex = PTHREAD_MUTEX_INITIALIZER; |
59 |
static pthread_mutex_t starttls_mutex = PTHREAD_MUTEX_INITIALIZER; |
|
|
60 |
#if OPENSSL_VERSION_NUMBER < 0x10100000 |
| 60 |
static pthread_mutex_t *openssl_mutex; |
61 |
static pthread_mutex_t *openssl_mutex; |
| 61 |
|
62 |
|
| 62 |
static void |
63 |
static void |
|
Lines 70-75
openssl_mutexcb (int mode, int n,
Link Here
|
| 70 |
pthread_mutex_unlock (&openssl_mutex[n]); |
71 |
pthread_mutex_unlock (&openssl_mutex[n]); |
| 71 |
} |
72 |
} |
| 72 |
#endif |
73 |
#endif |
|
|
74 |
#endif |
| 73 |
|
75 |
|
| 74 |
static int |
76 |
static int |
| 75 |
starttls_init (void) |
77 |
starttls_init (void) |
|
Lines 77-82
starttls_init (void)
Link Here
|
| 77 |
if (tls_init) |
79 |
if (tls_init) |
| 78 |
return 1; |
80 |
return 1; |
| 79 |
|
81 |
|
|
|
82 |
#if OPENSSL_VERSION_NUMBER < 0x10100000 |
| 83 |
/* starting from OpenSSL 1.1.0, OpenSSL uses a new threading API and does its own locking */ |
| 84 |
/* also initialization has been reworked and is done automatically */ |
| 85 |
/* so there's not much to do here any more */ |
| 80 |
#ifdef USE_PTHREADS |
86 |
#ifdef USE_PTHREADS |
| 81 |
/* Set up mutexes for the OpenSSL library */ |
87 |
/* Set up mutexes for the OpenSSL library */ |
| 82 |
if (openssl_mutex == NULL) |
88 |
if (openssl_mutex == NULL) |
|
Lines 94-102
starttls_init (void)
Link Here
|
| 94 |
CRYPTO_set_locking_callback (openssl_mutexcb); |
100 |
CRYPTO_set_locking_callback (openssl_mutexcb); |
| 95 |
} |
101 |
} |
| 96 |
#endif |
102 |
#endif |
| 97 |
tls_init = 1; |
|
|
| 98 |
SSL_load_error_strings (); |
103 |
SSL_load_error_strings (); |
| 99 |
SSL_library_init (); |
104 |
SSL_library_init (); |
|
|
105 |
#endif |
| 106 |
tls_init = 1; |
| 100 |
return 1; |
107 |
return 1; |
| 101 |
} |
108 |
} |
| 102 |
|
109 |
|
|
Lines 201-207
starttls_create_ctx (smtp_session_t session)
Link Here
|
| 201 |
3207. Servers typically support SSL as well as TLS because some |
208 |
3207. Servers typically support SSL as well as TLS because some |
| 202 |
versions of Netscape do not support TLS. I am assuming that all |
209 |
versions of Netscape do not support TLS. I am assuming that all |
| 203 |
currently deployed servers correctly support TLS. */ |
210 |
currently deployed servers correctly support TLS. */ |
|
|
211 |
#if OPENSSL_VERSION_NUMBER < 0x10100000 |
| 204 |
ctx = SSL_CTX_new (TLSv1_client_method ()); |
212 |
ctx = SSL_CTX_new (TLSv1_client_method ()); |
|
|
213 |
#else |
| 214 |
ctx = SSL_CTX_new (TLS_client_method ()); |
| 215 |
if (!SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION)) { |
| 216 |
/* FIXME: set an error code AND free the allocated ctx */ |
| 217 |
return NULL; |
| 218 |
} |
| 219 |
#endif |
| 205 |
|
220 |
|
| 206 |
/* Load our keys and certificates. To avoid messing with configuration |
221 |
/* Load our keys and certificates. To avoid messing with configuration |
| 207 |
variables etc, use fixed paths for the certificate store. These are |
222 |
variables etc, use fixed paths for the certificate store. These are |
