Hello, I resolved `CRYPTO_set_id_callback', `ERR_remove_state', `SSL_CTX_set_ecdh_auto' issues.
the following two will be addressed later: `X509_get_notBefore', `X509_get_notAfter' Cheers, Ilya Shipitsin
From 158e07f29cbd40c7cd159330ffd748cb1b926647 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin <chipits...@gmail.com> Date: Wed, 27 Nov 2019 02:44:58 +0500 Subject: [PATCH] CLEANUP: partially resolve #367 if OpenSSL is built with no-deprecated mode, some functions are not available. however, we keep those functions for LibreSSL when appropriate --- include/common/openssl-compat.h | 2 +- src/ssl_sock.c | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/common/openssl-compat.h b/include/common/openssl-compat.h index 00395d3e7..2c0cac29e 100644 --- a/include/common/openssl-compat.h +++ b/include/common/openssl-compat.h @@ -213,7 +213,7 @@ static inline void EVP_PKEY_up_ref(EVP_PKEY *pkey) * 1.1.0 and does nothing anymore. Let's simply silently kill * it. */ -#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) +#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) || defined(OPENSSL_NO_DEPRECATED) #undef ERR_remove_state #define ERR_remove_state(x) #endif diff --git a/src/ssl_sock.c b/src/ssl_sock.c index fc7109f58..2834c10f8 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -308,7 +308,7 @@ static int ha_ssl_free(BIO *data) } -#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L) +#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_NO_DEPRECATED) static HA_RWLOCK_T *ssl_rwlocks; @@ -5046,7 +5046,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, struct ssl_bind_conf *ssl_ NULL); if (ecdhe == NULL) { +#if defined(SSL_CTX_set_ecdh_auto) (void)SSL_CTX_set_ecdh_auto(ctx, 1); +#endif return cfgerr; } #else @@ -11055,7 +11057,7 @@ static void __ssl_sock_init(void) } #endif -#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L) +#if defined(USE_THREAD) && (HA_OPENSSL_VERSION_NUMBER < 0x10100000L) && !defined(OPENSSL_NO_DEPRECATED) ssl_locking_init(); #endif #if (HA_OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined OPENSSL_NO_TLSEXT && !defined OPENSSL_IS_BORINGSSL) -- 2.23.0