Gitweb:
https://git.exim.org/exim.git/commitdiff/1fbf41cdf61bc864662c7b766a1db38ae888db20
Commit: 1fbf41cdf61bc864662c7b766a1db38ae888db20
Parent: 675a21420d11f4971d93d7e680ca96bff8d325c2
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Apr 1 17:09:59 2019 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Mon Apr 1 17:09:59 2019 +0100
Fix build with recent LibreSSL, when including DANE. Bug 2386
---
doc/doc-txt/ChangeLog | 3 +++
src/src/dane-openssl.c | 51 +++++++++++++++++++++++++++--------------------
src/src/tlscert-openssl.c | 12 ++++++++---
3 files changed, 41 insertions(+), 25 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 6217a4d..5913e7a 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -55,6 +55,9 @@ JH/11 Harden plaintext authenticator against a badly misconfigured client-send
JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no
output.
+JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old
+ API was removed, so update to use the newer ones.
+
Exim version 4.92
-----------------
diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c
index a6792d1..4ac5747 100644
--- a/src/src/dane-openssl.c
+++ b/src/src/dane-openssl.c
@@ -2,7 +2,7 @@
* Author: Viktor Dukhovni
* License: THIS CODE IS IN THE PUBLIC DOMAIN.
*
- * Copyright (c) The Exim Maintainers 2014 - 2018
+ * Copyright (c) The Exim Maintainers 2014 - 2019
*/
#include <stdio.h>
#include <string.h>
@@ -25,28 +25,35 @@
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
# define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509)
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-# define EXIM_HAVE_ASN1_MACROS
-# define EXIM_OPAQUE_X509
-#else
-# define X509_STORE_CTX_get_verify(ctx) (ctx)->verify
-# define X509_STORE_CTX_get_verify_cb(ctx) (ctx)->verify_cb
-# define X509_STORE_CTX_get0_cert(ctx) (ctx)->cert
-# define X509_STORE_CTX_get0_chain(ctx) (ctx)->chain
-# define X509_STORE_CTX_get0_untrusted(ctx) (ctx)->untrusted
-
-# define X509_STORE_CTX_set_verify(ctx, verify_chain) (ctx)->verify = (verify_chain)
-# define X509_STORE_CTX_set0_verified_chain(ctx, sk) (ctx)->chain = (sk)
-# define X509_STORE_CTX_set_error_depth(ctx, val) (ctx)->error_depth = (val)
-# define X509_STORE_CTX_set_current_cert(ctx, cert) (ctx)->current_cert = (cert)
-
-# define ASN1_STRING_get0_data ASN1_STRING_data
-# define X509_getm_notBefore X509_get_notBefore
-# define X509_getm_notAfter X509_get_notAfter
-
-# define CRYPTO_ONCE_STATIC_INIT 0
-# define CRYPTO_THREAD_run_once run_once
+
+#ifdef LIBRESSL_VERSION_NUMBER /* LibreSSL */
+# if LIBRESSL_VERSION_NUMBER >= 0x2090000fL
+# define EXIM_HAVE_ASN1_MACROS
+# endif
+#else /* OpenSSL */
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+# define EXIM_HAVE_ASN1_MACROS
+# define EXIM_OPAQUE_X509
+# else
+# define X509_STORE_CTX_get_verify(ctx) (ctx)->verify
+# define X509_STORE_CTX_get_verify_cb(ctx) (ctx)->verify_cb
+# define X509_STORE_CTX_get0_cert(ctx) (ctx)->cert
+# define X509_STORE_CTX_get0_chain(ctx) (ctx)->chain
+# define X509_STORE_CTX_get0_untrusted(ctx) (ctx)->untrusted
+
+# define X509_STORE_CTX_set_verify(ctx, verify_chain) (ctx)->verify = (verify_chain)
+# define X509_STORE_CTX_set0_verified_chain(ctx, sk) (ctx)->chain = (sk)
+# define X509_STORE_CTX_set_error_depth(ctx, val) (ctx)->error_depth = (val)
+# define X509_STORE_CTX_set_current_cert(ctx, cert) (ctx)->current_cert = (cert)
+
+# define ASN1_STRING_get0_data ASN1_STRING_data
+# define X509_getm_notBefore X509_get_notBefore
+# define X509_getm_notAfter X509_get_notAfter
+
+# define CRYPTO_ONCE_STATIC_INIT 0
+# define CRYPTO_THREAD_run_once run_once
typedef int CRYPTO_ONCE;
+# endif
#endif
diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c
index 46de499..f9808b3 100644
--- a/src/src/tlscert-openssl.c
+++ b/src/src/tlscert-openssl.c
@@ -2,7 +2,7 @@
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) Jeremy Harris 2014 - 2018 */
+/* Copyright (c) Jeremy Harris 2014 - 2019 */
/* This module provides TLS (aka SSL) support for Exim using the OpenSSL
library. It is #included into the tls.c file when that library is used.
@@ -17,8 +17,14 @@ library. It is #included into the tls.c file when that library is used.
#include <openssl/rand.h>
#include <openssl/x509v3.h>
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-# define EXIM_HAVE_ASN1_MACROS
+#ifdef LIBRESSL_VERSION_NUMBER /* LibreSSL */
+# if LIBRESSL_VERSION_NUMBER >= 0x2090000fL
+# define EXIM_HAVE_ASN1_MACROS
+# endif
+#else /* OpenSSL */
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+# define EXIM_HAVE_ASN1_MACROS
+# endif
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
