openvpn: update to 2.4.8
Backport two upstream commits that allow building openvpn-openssl without OpenSSLs deprecated APIs. Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8 Signed-off-by: Magnus Kroken <mkroken@gmail.com>master
parent
e2eb6d5829
commit
bf43e5bbf9
@ -0,0 +1,58 @@
|
||||
From 17a476fd5c8cc49f1d103a50199e87ede76b1b67 Mon Sep 17 00:00:00 2001
|
||||
From: Steffan Karger <steffan@karger.me>
|
||||
Date: Sun, 26 Nov 2017 16:04:00 +0100
|
||||
Subject: [PATCH] openssl: don't use deprecated SSLEAY/SSLeay symbols
|
||||
|
||||
Compiling our current master against OpenSSL 1.1 with
|
||||
-DOPENSSL_API_COMPAT=0x10100000L screams bloody murder. This patch fixes
|
||||
the errors about the deprecated SSLEAY/SSLeay symbols and defines.
|
||||
|
||||
Signed-off-by: Steffan Karger <steffan@karger.me>
|
||||
Acked-by: Gert Doering <gert@greenie.muc.de>
|
||||
Message-Id: <20171126150401.28565-1-steffan@karger.me>
|
||||
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15934.html
|
||||
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||
---
|
||||
configure.ac | 1 +
|
||||
src/openvpn/openssl_compat.h | 8 ++++++++
|
||||
src/openvpn/ssl_openssl.c | 2 +-
|
||||
3 files changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -904,6 +904,7 @@ if test "${enable_crypto}" = "yes" -a "$
|
||||
EVP_MD_CTX_free \
|
||||
EVP_MD_CTX_reset \
|
||||
EVP_CIPHER_CTX_reset \
|
||||
+ OpenSSL_version \
|
||||
SSL_CTX_get_default_passwd_cb \
|
||||
SSL_CTX_get_default_passwd_cb_userdata \
|
||||
SSL_CTX_set_security_level \
|
||||
--- a/src/openvpn/openssl_compat.h
|
||||
+++ b/src/openvpn/openssl_compat.h
|
||||
@@ -689,6 +689,14 @@ EC_GROUP_order_bits(const EC_GROUP *grou
|
||||
#endif
|
||||
|
||||
/* SSLeay symbols have been renamed in OpenSSL 1.1 */
|
||||
+#ifndef OPENSSL_VERSION
|
||||
+#define OPENSSL_VERSION SSLEAY_VERSION
|
||||
+#endif
|
||||
+
|
||||
+#ifndef HAVE_OPENSSL_VERSION
|
||||
+#define OpenSSL_version SSLeay_version
|
||||
+#endif
|
||||
+
|
||||
#if !defined(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT)
|
||||
#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT
|
||||
#endif
|
||||
--- a/src/openvpn/ssl_openssl.c
|
||||
+++ b/src/openvpn/ssl_openssl.c
|
||||
@@ -1977,7 +1977,7 @@ get_highest_preference_tls_cipher(char *
|
||||
const char *
|
||||
get_ssl_library_version(void)
|
||||
{
|
||||
- return SSLeay_version(SSLEAY_VERSION);
|
||||
+ return OpenSSL_version(OPENSSL_VERSION);
|
||||
}
|
||||
|
||||
#endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) */
|
@ -0,0 +1,65 @@
|
||||
From 1987498271abadf042d8bb3feee1fe0d877a9d55 Mon Sep 17 00:00:00 2001
|
||||
From: Steffan Karger <steffan@karger.me>
|
||||
Date: Sun, 26 Nov 2017 16:49:12 +0100
|
||||
Subject: [PATCH] openssl: add missing #include statements
|
||||
|
||||
Compiling our current master against OpenSSL 1.1 with
|
||||
-DOPENSSL_API_COMPAT=0x10100000L screams bloody murder. This patch fixes
|
||||
the errors caused by missing includes. Previous openssl versions would
|
||||
usually include 'the rest of the world', but they're fixing that. So we
|
||||
should no longer rely on it.
|
||||
|
||||
(And sneaking in alphabetic ordering of the includes while touching them.)
|
||||
|
||||
Signed-off-by: Steffan Karger <steffan@karger.me>
|
||||
Acked-by: Gert Doering <gert@greenie.muc.de>
|
||||
Message-Id: <20171126154912.13283-1-steffan@karger.me>
|
||||
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15936.html
|
||||
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||
---
|
||||
src/openvpn/openssl_compat.h | 1 +
|
||||
src/openvpn/ssl_openssl.c | 6 +++++-
|
||||
src/openvpn/ssl_verify_openssl.c | 3 ++-
|
||||
3 files changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/src/openvpn/openssl_compat.h
|
||||
+++ b/src/openvpn/openssl_compat.h
|
||||
@@ -42,6 +42,7 @@
|
||||
|
||||
#include "buffer.h"
|
||||
|
||||
+#include <openssl/rsa.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
--- a/src/openvpn/ssl_openssl.c
|
||||
+++ b/src/openvpn/ssl_openssl.c
|
||||
@@ -52,10 +52,14 @@
|
||||
|
||||
#include "ssl_verify_openssl.h"
|
||||
|
||||
+#include <openssl/bn.h>
|
||||
+#include <openssl/crypto.h>
|
||||
+#include <openssl/dh.h>
|
||||
+#include <openssl/dsa.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pkcs12.h>
|
||||
+#include <openssl/rsa.h>
|
||||
#include <openssl/x509.h>
|
||||
-#include <openssl/crypto.h>
|
||||
#ifndef OPENSSL_NO_EC
|
||||
#include <openssl/ec.h>
|
||||
#endif
|
||||
--- a/src/openvpn/ssl_verify_openssl.c
|
||||
+++ b/src/openvpn/ssl_verify_openssl.c
|
||||
@@ -44,8 +44,9 @@
|
||||
#include "ssl_verify_backend.h"
|
||||
#include "openssl_compat.h"
|
||||
|
||||
-#include <openssl/x509v3.h>
|
||||
+#include <openssl/bn.h>
|
||||
#include <openssl/err.h>
|
||||
+#include <openssl/x509v3.h>
|
||||
|
||||
int
|
||||
verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
Loading…
Reference in New Issue