[exim-cvs] Fix build with recent LibreSSL, when including D…

Top Page

Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] Fix build with recent LibreSSL, when including DANE. Bug 2386
Gitweb: https://git.exim.org/exim.git/commitdiff/1fbf41cdf61bc864662c7b766a1db38ae888db20
Commit:     1fbf41cdf61bc864662c7b766a1db38ae888db20
Parent:     675a21420d11f4971d93d7e680ca96bff8d325c2
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Mon Apr 1 17:09:59 2019 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Mon Apr 1 17:09:59 2019 +0100


    Fix build with recent LibreSSL, when including DANE.  Bug 2386
---
 doc/doc-txt/ChangeLog     |  3 +++
 src/src/dane-openssl.c    | 51 +++++++++++++++++++++++++++--------------------
 src/src/tlscert-openssl.c | 12 ++++++++---
 3 files changed, 41 insertions(+), 25 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 6217a4d..5913e7a 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -55,6 +55,9 @@ JH/11 Harden plaintext authenticator against a badly misconfigured client-send
 JH/12 Bug 2384: fix "-bP smtp_receive_timeout".  Previously it returned no
       output.


+JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward.  Some old
+      API was removed, so update to use the newer ones.
+


 Exim version 4.92
 -----------------
diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c
index a6792d1..4ac5747 100644
--- a/src/src/dane-openssl.c
+++ b/src/src/dane-openssl.c
@@ -2,7 +2,7 @@
  *  Author: Viktor Dukhovni
  *  License: THIS CODE IS IN THE PUBLIC DOMAIN.
  *
- * Copyright (c) The Exim Maintainers 2014 - 2018
+ * Copyright (c) The Exim Maintainers 2014 - 2019
  */
 #include <stdio.h>
 #include <string.h>
@@ -25,28 +25,35 @@
 #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 # define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509)
 #endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-# define EXIM_HAVE_ASN1_MACROS
-# define EXIM_OPAQUE_X509
-#else
-# define X509_STORE_CTX_get_verify(ctx)        (ctx)->verify
-# define X509_STORE_CTX_get_verify_cb(ctx)    (ctx)->verify_cb
-# define X509_STORE_CTX_get0_cert(ctx)        (ctx)->cert
-# define X509_STORE_CTX_get0_chain(ctx)        (ctx)->chain
-# define X509_STORE_CTX_get0_untrusted(ctx)    (ctx)->untrusted
-
-# define X509_STORE_CTX_set_verify(ctx, verify_chain)    (ctx)->verify = (verify_chain)
-# define X509_STORE_CTX_set0_verified_chain(ctx, sk)    (ctx)->chain = (sk)
-# define X509_STORE_CTX_set_error_depth(ctx, val)    (ctx)->error_depth = (val)
-# define X509_STORE_CTX_set_current_cert(ctx, cert)    (ctx)->current_cert = (cert)
-
-# define ASN1_STRING_get0_data    ASN1_STRING_data
-# define X509_getm_notBefore    X509_get_notBefore
-# define X509_getm_notAfter    X509_get_notAfter
-
-# define CRYPTO_ONCE_STATIC_INIT 0
-# define CRYPTO_THREAD_run_once     run_once
+
+#ifdef LIBRESSL_VERSION_NUMBER    /* LibreSSL */
+# if LIBRESSL_VERSION_NUMBER >= 0x2090000fL
+#  define EXIM_HAVE_ASN1_MACROS
+# endif
+#else                /* OpenSSL */
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#  define EXIM_HAVE_ASN1_MACROS
+#  define EXIM_OPAQUE_X509
+# else
+#  define X509_STORE_CTX_get_verify(ctx)        (ctx)->verify
+#  define X509_STORE_CTX_get_verify_cb(ctx)    (ctx)->verify_cb
+#  define X509_STORE_CTX_get0_cert(ctx)        (ctx)->cert
+#  define X509_STORE_CTX_get0_chain(ctx)        (ctx)->chain
+#  define X509_STORE_CTX_get0_untrusted(ctx)    (ctx)->untrusted
+
+#  define X509_STORE_CTX_set_verify(ctx, verify_chain)    (ctx)->verify = (verify_chain)
+#  define X509_STORE_CTX_set0_verified_chain(ctx, sk)    (ctx)->chain = (sk)
+#  define X509_STORE_CTX_set_error_depth(ctx, val)    (ctx)->error_depth = (val)
+#  define X509_STORE_CTX_set_current_cert(ctx, cert)    (ctx)->current_cert = (cert)
+
+#  define ASN1_STRING_get0_data    ASN1_STRING_data
+#  define X509_getm_notBefore    X509_get_notBefore
+#  define X509_getm_notAfter    X509_get_notAfter
+
+#  define CRYPTO_ONCE_STATIC_INIT 0
+#  define CRYPTO_THREAD_run_once     run_once
 typedef int CRYPTO_ONCE;
+# endif
 #endif



diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c
index 46de499..f9808b3 100644
--- a/src/src/tlscert-openssl.c
+++ b/src/src/tlscert-openssl.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/


-/* Copyright (c) Jeremy Harris 2014 - 2018 */
+/* Copyright (c) Jeremy Harris 2014 - 2019 */

/* This module provides TLS (aka SSL) support for Exim using the OpenSSL
library. It is #included into the tls.c file when that library is used.
@@ -17,8 +17,14 @@ library. It is #included into the tls.c file when that library is used.
#include <openssl/rand.h>
#include <openssl/x509v3.h>

-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-# define EXIM_HAVE_ASN1_MACROS
+#ifdef LIBRESSL_VERSION_NUMBER    /* LibreSSL */
+# if LIBRESSL_VERSION_NUMBER >= 0x2090000fL
+#  define EXIM_HAVE_ASN1_MACROS
+# endif
+#else                /* OpenSSL */
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#  define EXIM_HAVE_ASN1_MACROS
+# endif
 #endif


#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)