Thank you, pushed ! On 4/22/19 4:03 PM, Eneas U de Queiroz wrote: > ssl_init fails with openssl 1.1.1 when openssl.cnf is not found. > Redundant calls to intialization functions were removed as > OPENSSL_config takes care of them for openssl versions < 1.1.0. > For versions > 1.1.0, OPENSSL_init_ssl is preferred. > > Signed-off-by: Eneas U de Queiroz <[email protected]> > --- > > wget currently fails to use SSL with openssl 1.1.1b: > $ wget https://google.com > --2019-04-22 10:10:16-- https://google.com/ > Disabling SSL due to encountered errors. > > This may be considered a workaround, as it should not generate the > error, but it really is an API update, as openssl 1.1.1 deprecated > OPENSSL_config in favor of OPENSSL_init_crypto anyway. See > https://github.com/openssl/openssl/issues/8528 > > OPENSSL_init_ssl can be seen as a superset of OPENSSL_init_crypto (it > calls OPENSSL_init_crypto), and we are already calling it, so we just > need to pass these flags: OPENSSL_INIT_LOAD_CONFIG to load the > openssl.cnf file, and OPENSSL_INIT_ENGINE_ALL_BUILTIN to load the > builtin engines. > > Also, for versions >= 0.9.7 < 1.1.0, OPENSSL_config takes care of > loading builtin modules, engines, and config file, just as ssl_init > does, so those calls are all redundant and can be removed. > https://github.com/openssl/openssl/blob/OpenSSL_0_9_7-stable/crypto/conf/conf_sap.c#L82 > https://github.com/openssl/openssl/blob/OpenSSL_0_9_8-stable/crypto/conf/conf_sap.c#L84 > https://github.com/openssl/openssl/blob/OpenSSL_1_0_0-stable/crypto/conf/conf_sap.c#L84 > https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/crypto/conf/conf_sap.c#L84 > https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/conf/conf_sap.c#L84 > > No changes are made here if openssl version < 0.9.7. > > diff --git a/src/openssl.c b/src/openssl.c > index a1502173..03737d7a 100644 > --- a/src/openssl.c > +++ b/src/openssl.c > @@ -174,7 +174,9 @@ ssl_init (void) > #if OPENSSL_VERSION_NUMBER >= 0x00907000 > if (ssl_true_initialized == 0) > { > -#if OPENSSL_API_COMPAT < 0x10100000L > +#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= > 0x10100000L) > + OPENSSL_init_ssl (OPENSSL_INIT_LOAD_CONFIG | > OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); > +#else > OPENSSL_config (NULL); > #endif > ssl_true_initialized = 1; > @@ -194,21 +196,9 @@ ssl_init (void) > goto error; > } > > -#if OPENSSL_VERSION_NUMBER >= 0x00907000 > - OPENSSL_load_builtin_modules(); > -#ifndef OPENSSL_NO_ENGINE > - ENGINE_load_builtin_engines(); > -#endif > - CONF_modules_load_file(NULL, NULL, > - CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE); > -#endif > -#if OPENSSL_API_COMPAT >= 0x10100000L > - OPENSSL_init_ssl(0, NULL); > -#else > +#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < > 0x10100000L) > SSL_library_init (); > SSL_load_error_strings (); > -#endif > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > SSLeay_add_all_algorithms (); > SSLeay_add_ssl_algorithms (); > #endif >
signature.asc
Description: OpenPGP digital signature
