Hi,
I'm seeing build failures with Lynx 2.8.9.dev16 and OpenSSL 1.1.0g. I've
seen some changes pertaining to OpenSSL 1.1.0 in Lynx's source code
already, but these seem to have been missed.
I'm guessing this is because OpenSSL 1.1.0 can be compiled in a variety
of compatibility modes, and mine must not be compiled the same way as
yours.
Attached is a patch to fix these, hopefully without breaking older
versions. The fixes applied are:
* in WWW/Library/Implementation/HTNews.c: don't call
`SSL_load_error_strings()`
* in WWW/Library/Implementation/HTTP.c:
** #define the non-existent SSLEAY_VERSION_NUMBER into
OPENSSL_VERSION_NUMBER
** #define the removed `ASN1_STRING_data()` into
`ASN1_STRING_get0_data()`
** replace the deprecated `SSLv23_client_method()` with
`TLS_client_method()`, without calling
`SSL_CTX_set_min_proto_version()` (thus letting OpenSSL decide on the
minimum protocol version)
** again, don't call `SSL_load_error_strings()`
All these fixes are conditionally applied based on the value of
OPENSSL_VERSION_NUMBER.
Feel free to review and adjust the patch as you see fit. Specifically,
the top of HTTP.c might not be the best place to `#define
SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER`, and this fix also feels a
little hackish (OPENSSL_VERSION_NUMBER has been around for a while now
and could be used everywhere SSLEAY_VERSION_NUMBER is used I guess), but
since this define is only ever used in this file, I've landed it there
anyway.
Do note I've only tested that Lynx builds fine and
https://www.google.com loads fine after patching. I have *not* tested
against previous versions of OpenSSL to check if everything still
worked.
Cheers,
--
Quentin Minster
PS: I'm not subscribed to this list.
diff --git a/WWW/Library/Implementation/HTNews.c b/WWW/Library/Implementation/HTNews.c
index 6e38b51..7b27800 100644
--- a/WWW/Library/Implementation/HTNews.c
+++ b/WWW/Library/Implementation/HTNews.c
@@ -2657,7 +2657,9 @@ static int HTLoadNews(const char *arg,
CTRACE((tfp,
"HTNews: Unable to complete SSL handshake for '%s', SSL_connect=%d, SSL error stack dump follows\n",
url, status));
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings();
+#endif
while ((SSLerror = ERR_get_error()) != 0) {
CTRACE((tfp, "HTNews: SSL: %s\n",
ERR_error_string(SSLerror, NULL)));
@@ -3072,7 +3074,9 @@ int HTNewsProxyConnect(int sock,
CTRACE((tfp,
"HTNews: Unable to complete SSL handshake for '%s', SSL_connect=%d, SSL error stack dump follows\n",
url, status));
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings();
+#endif
while ((SSLerror = ERR_get_error()) != 0) {
CTRACE((tfp, "HTNews: SSL: %s\n", ERR_error_string(SSLerror, NULL)));
}
diff --git a/WWW/Library/Implementation/HTTP.c b/WWW/Library/Implementation/HTTP.c
index 581cb5e..dab2ff6 100644
--- a/WWW/Library/Implementation/HTTP.c
+++ b/WWW/Library/Implementation/HTTP.c
@@ -48,6 +48,10 @@
#ifdef USE_SSL
#ifdef USE_OPENSSL_INCL
#include <openssl/x509v3.h>
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+#define ASN1_STRING_data ASN1_STRING_get0_data
+#endif
#endif
#ifdef USE_GNUTLS_INCL
#include <gnutls/x509.h>
@@ -173,8 +177,12 @@ SSL *HTGetSSLHandle(void)
X509_set_default_verify_paths(ssl_ctx->cert);
}
#else
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSLeay_add_ssl_algorithms();
if ((ssl_ctx = SSL_CTX_new(SSLv23_client_method())) != NULL) {
+#else
+ if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) != NULL) {
+#endif
#ifdef SSL_OP_NO_SSLv2
SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
#else
@@ -961,7 +969,9 @@ static int HTLoadHTTP(const char *arg,
CTRACE((tfp,
"HTTP: Unable to complete SSL handshake for '%s', SSL_connect=%d, SSL error stack dump follows\n",
url, status));
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings();
+#endif
while ((SSLerror = ERR_get_error()) != 0) {
CTRACE((tfp, "HTTP: SSL: %s\n", ERR_error_string(SSLerror, NULL)));
}
_______________________________________________
Lynx-dev mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/lynx-dev
