[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] [PATCH] * src/openssl.c: fix ssl_init for openssl 1.1.1
From: |
Eneas U de Queiroz |
Subject: |
[Bug-wget] [PATCH] * src/openssl.c: fix ssl_init for openssl 1.1.1 |
Date: |
Mon, 22 Apr 2019 11:03:25 -0300 |
ssl_init fails with openssl 1.1.1 when openssl.cnf is not found.
Redundant calls to intialization functions were removed as
OPENSSL_config takes care of them for openssl versions < 1.1.0.
For versions > 1.1.0, OPENSSL_init_ssl is preferred.
Signed-off-by: Eneas U de Queiroz <address@hidden>
---
wget currently fails to use SSL with openssl 1.1.1b:
$ wget https://google.com
--2019-04-22 10:10:16-- https://google.com/
Disabling SSL due to encountered errors.
This may be considered a workaround, as it should not generate the
error, but it really is an API update, as openssl 1.1.1 deprecated
OPENSSL_config in favor of OPENSSL_init_crypto anyway. See
https://github.com/openssl/openssl/issues/8528
OPENSSL_init_ssl can be seen as a superset of OPENSSL_init_crypto (it
calls OPENSSL_init_crypto), and we are already calling it, so we just
need to pass these flags: OPENSSL_INIT_LOAD_CONFIG to load the
openssl.cnf file, and OPENSSL_INIT_ENGINE_ALL_BUILTIN to load the
builtin engines.
Also, for versions >= 0.9.7 < 1.1.0, OPENSSL_config takes care of
loading builtin modules, engines, and config file, just as ssl_init
does, so those calls are all redundant and can be removed.
https://github.com/openssl/openssl/blob/OpenSSL_0_9_7-stable/crypto/conf/conf_sap.c#L82
https://github.com/openssl/openssl/blob/OpenSSL_0_9_8-stable/crypto/conf/conf_sap.c#L84
https://github.com/openssl/openssl/blob/OpenSSL_1_0_0-stable/crypto/conf/conf_sap.c#L84
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/crypto/conf/conf_sap.c#L84
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/conf/conf_sap.c#L84
No changes are made here if openssl version < 0.9.7.
diff --git a/src/openssl.c b/src/openssl.c
index a1502173..03737d7a 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -174,7 +174,9 @@ ssl_init (void)
#if OPENSSL_VERSION_NUMBER >= 0x00907000
if (ssl_true_initialized == 0)
{
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >=
0x10100000L)
+ OPENSSL_init_ssl (OPENSSL_INIT_LOAD_CONFIG |
OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+#else
OPENSSL_config (NULL);
#endif
ssl_true_initialized = 1;
@@ -194,21 +196,9 @@ ssl_init (void)
goto error;
}
-#if OPENSSL_VERSION_NUMBER >= 0x00907000
- OPENSSL_load_builtin_modules();
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_load_builtin_engines();
-#endif
- CONF_modules_load_file(NULL, NULL,
- CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE);
-#endif
-#if OPENSSL_API_COMPAT >= 0x10100000L
- OPENSSL_init_ssl(0, NULL);
-#else
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
SSL_library_init ();
SSL_load_error_strings ();
-#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSLeay_add_all_algorithms ();
SSLeay_add_ssl_algorithms ();
#endif
- [Bug-wget] [PATCH] * src/openssl.c: fix ssl_init for openssl 1.1.1,
Eneas U de Queiroz <=