From 1fbf41cdf61bc864662c7b766a1db38ae888db20 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 1 Apr 2019 17:09:59 +0100 Subject: [PATCH] Fix build with recent LibreSSL, when including DANE. Bug 2386 --- doc/doc-txt/ChangeLog | 3 +++ src/src/dane-openssl.c | 51 ++++++++++++++++++++++----------------- src/src/tlscert-openssl.c | 12 ++++++--- 3 files changed, 41 insertions(+), 25 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 6217a4d0c..5913e7a5f 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -55,6 +55,9 @@ JH/11 Harden plaintext authenticator against a badly misconfigured client-send JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no output. +JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old + API was removed, so update to use the newer ones. + Exim version 4.92 ----------------- diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c index a6792d1ae..4ac5747c9 100644 --- a/src/src/dane-openssl.c +++ b/src/src/dane-openssl.c @@ -2,7 +2,7 @@ * Author: Viktor Dukhovni * License: THIS CODE IS IN THE PUBLIC DOMAIN. * - * Copyright (c) The Exim Maintainers 2014 - 2018 + * Copyright (c) The Exim Maintainers 2014 - 2019 */ #include #include @@ -25,28 +25,35 @@ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) # define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509) #endif -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) -# define EXIM_HAVE_ASN1_MACROS -# define EXIM_OPAQUE_X509 -#else -# define X509_STORE_CTX_get_verify(ctx) (ctx)->verify -# define X509_STORE_CTX_get_verify_cb(ctx) (ctx)->verify_cb -# define X509_STORE_CTX_get0_cert(ctx) (ctx)->cert -# define X509_STORE_CTX_get0_chain(ctx) (ctx)->chain -# define X509_STORE_CTX_get0_untrusted(ctx) (ctx)->untrusted - -# define X509_STORE_CTX_set_verify(ctx, verify_chain) (ctx)->verify = (verify_chain) -# define X509_STORE_CTX_set0_verified_chain(ctx, sk) (ctx)->chain = (sk) -# define X509_STORE_CTX_set_error_depth(ctx, val) (ctx)->error_depth = (val) -# define X509_STORE_CTX_set_current_cert(ctx, cert) (ctx)->current_cert = (cert) - -# define ASN1_STRING_get0_data ASN1_STRING_data -# define X509_getm_notBefore X509_get_notBefore -# define X509_getm_notAfter X509_get_notAfter - -# define CRYPTO_ONCE_STATIC_INIT 0 -# define CRYPTO_THREAD_run_once run_once + +#ifdef LIBRESSL_VERSION_NUMBER /* LibreSSL */ +# if LIBRESSL_VERSION_NUMBER >= 0x2090000fL +# define EXIM_HAVE_ASN1_MACROS +# endif +#else /* OpenSSL */ +# if OPENSSL_VERSION_NUMBER >= 0x10100000L +# define EXIM_HAVE_ASN1_MACROS +# define EXIM_OPAQUE_X509 +# else +# define X509_STORE_CTX_get_verify(ctx) (ctx)->verify +# define X509_STORE_CTX_get_verify_cb(ctx) (ctx)->verify_cb +# define X509_STORE_CTX_get0_cert(ctx) (ctx)->cert +# define X509_STORE_CTX_get0_chain(ctx) (ctx)->chain +# define X509_STORE_CTX_get0_untrusted(ctx) (ctx)->untrusted + +# define X509_STORE_CTX_set_verify(ctx, verify_chain) (ctx)->verify = (verify_chain) +# define X509_STORE_CTX_set0_verified_chain(ctx, sk) (ctx)->chain = (sk) +# define X509_STORE_CTX_set_error_depth(ctx, val) (ctx)->error_depth = (val) +# define X509_STORE_CTX_set_current_cert(ctx, cert) (ctx)->current_cert = (cert) + +# define ASN1_STRING_get0_data ASN1_STRING_data +# define X509_getm_notBefore X509_get_notBefore +# define X509_getm_notAfter X509_get_notAfter + +# define CRYPTO_ONCE_STATIC_INIT 0 +# define CRYPTO_THREAD_run_once run_once typedef int CRYPTO_ONCE; +# endif #endif diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c index 46de499cc..f9808b354 100644 --- a/src/src/tlscert-openssl.c +++ b/src/src/tlscert-openssl.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Jeremy Harris 2014 - 2018 */ +/* Copyright (c) Jeremy Harris 2014 - 2019 */ /* This module provides TLS (aka SSL) support for Exim using the OpenSSL library. It is #included into the tls.c file when that library is used. @@ -17,8 +17,14 @@ library. It is #included into the tls.c file when that library is used. #include #include -#if OPENSSL_VERSION_NUMBER >= 0x10100000L -# define EXIM_HAVE_ASN1_MACROS +#ifdef LIBRESSL_VERSION_NUMBER /* LibreSSL */ +# if LIBRESSL_VERSION_NUMBER >= 0x2090000fL +# define EXIM_HAVE_ASN1_MACROS +# endif +#else /* OpenSSL */ +# if OPENSSL_VERSION_NUMBER >= 0x10100000L +# define EXIM_HAVE_ASN1_MACROS +# endif #endif #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -- 2.25.1