summaryrefslogtreecommitdiff
path: root/src/modules/extra
diff options
context:
space:
mode:
authorPeter Powell <petpow@saberuk.com>2018-03-04 13:58:00 +0000
committerGitHub <noreply@github.com>2018-03-04 13:58:00 +0000
commitded44748551a0aaa117420324f324168dadaf1db (patch)
tree1d6f6c0e9b9ff4c2a08a559cf482fe4c1c6284d3 /src/modules/extra
parent52e8d8b72e6a7e20f94dbe4fb637f437b4ab98ec (diff)
parent4cfed4e5f68a1b9a2370dfceec3b97fb65e6ef46 (diff)
Merge pull request #1463 from clinew/insp20+openssl-v1.1-compat
m_ssl_openssl: Remove deprecated API members.
Diffstat (limited to 'src/modules/extra')
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp15
1 files changed, 12 insertions, 3 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index aee7a5e34..f2189f257 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -33,6 +33,7 @@
#include "inspircd.h"
#include <openssl/ssl.h>
#include <openssl/err.h>
+#include <openssl/dh.h>
#include "ssl.h"
#ifdef _WIN32
@@ -42,6 +43,15 @@
# define MAX_DESCRIPTORS 10000
#endif
+// Compatibility layer to allow OpenSSL 1.0 to use the 1.1 API.
+#if ((defined LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L))
+# define X509_getm_notAfter X509_get_notAfter
+# define X509_getm_notBefore X509_get_notBefore
+# define OPENSSL_init_ssl(OPTIONS, SETTINGS) \
+ SSL_library_init(); \
+ SSL_load_error_strings();
+#endif
+
/* $ModDesc: Provides SSL support for clients */
/* $LinkerFlags: if("USE_FREEBSD_BASE_SSL") -lssl -lcrypto */
@@ -216,8 +226,7 @@ class ModuleSSLOpenSSL : public Module
sessions = new issl_session[ServerInstance->SE->GetMaxFds()];
/* Global SSL library initialization*/
- SSL_library_init();
- SSL_load_error_strings();
+ OPENSSL_init_ssl(0, NULL);
/* Build our SSL contexts:
* NOTE: OpenSSL makes us have two contexts, one for servers and one for clients. ICK.
@@ -835,7 +844,7 @@ class ModuleSSLOpenSSL : public Module
certinfo->fingerprint = irc::hex(md, n);
}
- if ((ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), ServerInstance->Time()) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), ServerInstance->Time()) == 0))
+ if ((ASN1_UTCTIME_cmp_time_t(X509_getm_notAfter(cert), ServerInstance->Time()) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_getm_notBefore(cert), ServerInstance->Time()) == 0))
{
certinfo->error = "Not activated, or expired certificate";
}