1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
From 66e1a2f80091e9ee9b99156ae23e5faaf9f24fe0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Mon, 20 Feb 2017 15:06:36 +0100
Subject: [PATCH 3/4] remove duplicate definition for tn3270_ssl_stream_init()
---
lib5250/sslstream.c | 93 -----------------------------------------------------
1 file changed, 93 deletions(-)
diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
index f4353a9..86d38cf 100644
--- a/lib5250/sslstream.c
+++ b/lib5250/sslstream.c
@@ -477,99 +477,6 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
return 0; /* Ok */
}
-/****f* lib5250/tn3270_ssl_stream_init
- * NAME
- * tn3270_ssl_stream_init
- * SYNOPSIS
- * ret = tn3270_ssl_stream_init (This);
- * INPUTS
- * Tn5250Stream * This -
- * DESCRIPTION
- * DOCUMENT ME!!!
- *****/
-int tn3270_ssl_stream_init (Tn5250Stream *This)
-{
- int len;
-
-/* initialize SSL library */
-
- SSL_load_error_strings();
- SSL_library_init();
-
-/* create a new SSL context */
-
- This->ssl_context = SSL_CTX_new(SSLv23_client_method());
- if (This->ssl_context==NULL) {
- DUMP_ERR_STACK ();
- return -1;
- }
-
-/* if a certificate authority file is defined, load it into this context */
-
- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) {
- if (SSL_CTX_load_verify_locations(This->ssl_context,
- tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
- DUMP_ERR_STACK ();
- return -1;
- }
- }
-
-/* if a certificate authority file is defined, load it into this context */
-
- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_ca_file")) {
- if (SSL_CTX_load_verify_locations(This->ssl_context,
- tn5250_config_get (This->config, "ssl_ca_file"), NULL)<1) {
- DUMP_ERR_STACK ();
- return -1;
- }
- }
-
- This->userdata = NULL;
-
-/* if a PEM passphrase is defined, set things up so that it can be used */
-
- if (This->config!=NULL && tn5250_config_get (This->config,"ssl_pem_pass")){
- TN5250_LOG(("SSL: Setting password callback\n"));
- len = strlen(tn5250_config_get (This->config, "ssl_pem_pass"));
- This->userdata = malloc(len+1);
- strncpy(This->userdata,
- tn5250_config_get (This->config, "ssl_pem_pass"), len);
- SSL_CTX_set_default_passwd_cb(This->ssl_context,
- (pem_password_cb *)ssl_stream_passwd_cb);
- SSL_CTX_set_default_passwd_cb_userdata(This->ssl_context, (void *)This);
-
- }
-
-/* If a certificate file has been defined, load it into this context as well */
-
- if (This->config!=NULL && tn5250_config_get (This->config, "ssl_cert_file")){
- TN5250_LOG(("SSL: Loading certificates from certificate file\n"));
- if (SSL_CTX_use_certificate_file(This->ssl_context,
- tn5250_config_get (This->config, "ssl_cert_file"),
- SSL_FILETYPE_PEM) <= 0) {
- DUMP_ERR_STACK ();
- return -1;
- }
- TN5250_LOG(("SSL: Loading private keys from certificate file\n"));
- if (SSL_CTX_use_PrivateKey_file(This->ssl_context,
- tn5250_config_get (This->config, "ssl_cert_file"),
- SSL_FILETYPE_PEM) <= 0) {
- DUMP_ERR_STACK ();
- return -1;
- }
- }
-
- This->ssl_handle = NULL;
- This->connect = ssl_stream_connect;
- This->accept = ssl_stream_accept;
- This->disconnect = ssl_stream_disconnect;
- This->handle_receive = ssl_stream_handle_receive;
- This->send_packet = tn3270_ssl_stream_send_packet;
- This->destroy = ssl_stream_destroy;
- This->streamtype = TN3270E_STREAM;
- return 0; /* Ok */
-}
-
/****i* lib5250/ssl_stream_connect
* NAME
* ssl_stream_connect
--
2.7.4
From 5922e57bb5ea78ff35f82a60f1721d533cc0584a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20Hor=C3=A1k?= <dan@danny.cz>
Date: Mon, 20 Feb 2017 15:37:51 +0100
Subject: [PATCH 4/4] port to OpenSSL 1.1
- check for better functions in configure
- update SSL initialization call
---
configure.ac | 8 ++++----
lib5250/sslstream.c | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/configure.ac b/configure.ac
index 4ba0007..8a16cff 100644
--- a/configure.ac
+++ b/configure.ac
@@ -152,13 +152,13 @@ dnl ** happily, we don't have to hunt for them thanks to ldconfig!
dnl **
if test -n $sslincludedir; then
CPPFLAGS="$CPPFLAGS $sslincludedir"
- AC_CHECK_LIB(crypto,CRYPTO_num_locks)
- if test "$ac_cv_lib_crypto_CRYPTO_num_locks" != "yes"
+ AC_CHECK_LIB(crypto,OPENSSL_init)
+ if test "$ac_cv_lib_crypto_OPENSSL_init" != "yes"
then
AC_MSG_ERROR([** Unable to find OpenSSL libraries!])
fi
- AC_CHECK_LIB(ssl,SSL_library_init)
- if test "$ac_cv_lib_ssl_SSL_library_init" != "yes"
+ AC_CHECK_LIB(ssl,OPENSSL_init_ssl)
+ if test "$ac_cv_lib_ssl_OPENSSL_init_ssl" != "yes"
then
AC_MSG_ERROR([** Unable to find OpenSSL libraries!])
fi
diff --git a/lib5250/sslstream.c b/lib5250/sslstream.c
index 86d38cf..3c0f390 100644
--- a/lib5250/sslstream.c
+++ b/lib5250/sslstream.c
@@ -368,7 +368,7 @@ int tn5250_ssl_stream_init (Tn5250Stream *This)
/* initialize SSL library */
SSL_load_error_strings();
- SSL_library_init();
+ OPENSSL_init_ssl(0, NULL);
/* which SSL method do we use? */
--
2.7.4
|
GitWeb