[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] [PATCH] * src/openssl.c: fix ssl_init for openssl 1.1.1
From: |
Tim Rühsen |
Subject: |
Re: [Bug-wget] [PATCH] * src/openssl.c: fix ssl_init for openssl 1.1.1 |
Date: |
Fri, 26 Apr 2019 11:05:18 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 |
Thank you, pushed !
On 4/22/19 4:03 PM, Eneas U de Queiroz wrote:
> ssl_init fails with openssl 1.1.1 when openssl.cnf is not found.
> Redundant calls to intialization functions were removed as
> OPENSSL_config takes care of them for openssl versions < 1.1.0.
> For versions > 1.1.0, OPENSSL_init_ssl is preferred.
>
> Signed-off-by: Eneas U de Queiroz <address@hidden>
> ---
>
> wget currently fails to use SSL with openssl 1.1.1b:
> $ wget https://google.com
> --2019-04-22 10:10:16-- https://google.com/
> Disabling SSL due to encountered errors.
>
> This may be considered a workaround, as it should not generate the
> error, but it really is an API update, as openssl 1.1.1 deprecated
> OPENSSL_config in favor of OPENSSL_init_crypto anyway. See
> https://github.com/openssl/openssl/issues/8528
>
> OPENSSL_init_ssl can be seen as a superset of OPENSSL_init_crypto (it
> calls OPENSSL_init_crypto), and we are already calling it, so we just
> need to pass these flags: OPENSSL_INIT_LOAD_CONFIG to load the
> openssl.cnf file, and OPENSSL_INIT_ENGINE_ALL_BUILTIN to load the
> builtin engines.
>
> Also, for versions >= 0.9.7 < 1.1.0, OPENSSL_config takes care of
> loading builtin modules, engines, and config file, just as ssl_init
> does, so those calls are all redundant and can be removed.
> https://github.com/openssl/openssl/blob/OpenSSL_0_9_7-stable/crypto/conf/conf_sap.c#L82
> https://github.com/openssl/openssl/blob/OpenSSL_0_9_8-stable/crypto/conf/conf_sap.c#L84
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_0-stable/crypto/conf/conf_sap.c#L84
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/crypto/conf/conf_sap.c#L84
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/conf/conf_sap.c#L84
>
> No changes are made here if openssl version < 0.9.7.
>
> diff --git a/src/openssl.c b/src/openssl.c
> index a1502173..03737d7a 100644
> --- a/src/openssl.c
> +++ b/src/openssl.c
> @@ -174,7 +174,9 @@ ssl_init (void)
> #if OPENSSL_VERSION_NUMBER >= 0x00907000
> if (ssl_true_initialized == 0)
> {
> -#if OPENSSL_API_COMPAT < 0x10100000L
> +#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >=
> 0x10100000L)
> + OPENSSL_init_ssl (OPENSSL_INIT_LOAD_CONFIG |
> OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
> +#else
> OPENSSL_config (NULL);
> #endif
> ssl_true_initialized = 1;
> @@ -194,21 +196,9 @@ ssl_init (void)
> goto error;
> }
>
> -#if OPENSSL_VERSION_NUMBER >= 0x00907000
> - OPENSSL_load_builtin_modules();
> -#ifndef OPENSSL_NO_ENGINE
> - ENGINE_load_builtin_engines();
> -#endif
> - CONF_modules_load_file(NULL, NULL,
> - CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE);
> -#endif
> -#if OPENSSL_API_COMPAT >= 0x10100000L
> - OPENSSL_init_ssl(0, NULL);
> -#else
> +#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER <
> 0x10100000L)
> SSL_library_init ();
> SSL_load_error_strings ();
> -#endif
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> SSLeay_add_all_algorithms ();
> SSLeay_add_ssl_algorithms ();
> #endif
>
signature.asc
Description: OpenPGP digital signature