mirror of https://git.kore.io/kore.git
nope, changed my mind, drop libressl 2.7.5.
This commit is contained in:
parent
d001b022a7
commit
ebee0f3752
|
@ -53,7 +53,7 @@ Clone this repository or get the latest release at [https://kore.io/releases/3.2
|
||||||
|
|
||||||
Requirements
|
Requirements
|
||||||
* openssl (1.0.2, 1.1.0 or 1.1.1)
|
* openssl (1.0.2, 1.1.0 or 1.1.1)
|
||||||
(note: libressl 2.7.5+ works as a replacement)
|
(note: libressl 3.0.0+ works as a replacement)
|
||||||
|
|
||||||
Requirement for asynchronous curl (optional)
|
Requirement for asynchronous curl (optional)
|
||||||
* libcurl
|
* libcurl
|
||||||
|
|
33
src/domain.c
33
src/domain.c
|
@ -49,7 +49,6 @@ static int keymgr_response = 0;
|
||||||
DH *tls_dhparam = NULL;
|
DH *tls_dhparam = NULL;
|
||||||
int tls_version = KORE_TLS_VERSION_BOTH;
|
int tls_version = KORE_TLS_VERSION_BOTH;
|
||||||
|
|
||||||
static BIO *domain_bio_mem(const void *, size_t);
|
|
||||||
static int domain_x509_verify(int, X509_STORE_CTX *);
|
static int domain_x509_verify(int, X509_STORE_CTX *);
|
||||||
static X509 *domain_load_certificate_chain(SSL_CTX *, const void *, size_t);
|
static X509 *domain_load_certificate_chain(SSL_CTX *, const void *, size_t);
|
||||||
|
|
||||||
|
@ -68,7 +67,7 @@ static ECDSA_SIG *keymgr_ecdsa_sign(const unsigned char *, int,
|
||||||
#if defined(KORE_OPENSSL_NEWER_API)
|
#if defined(KORE_OPENSSL_NEWER_API)
|
||||||
static RSA_METHOD *keymgr_rsa_meth = NULL;
|
static RSA_METHOD *keymgr_rsa_meth = NULL;
|
||||||
static EC_KEY_METHOD *keymgr_ec_meth = NULL;
|
static EC_KEY_METHOD *keymgr_ec_meth = NULL;
|
||||||
#elif !defined(LIBRESSL_VERSION_NUMBER)
|
#else
|
||||||
/*
|
/*
|
||||||
* Run own ecdsa_method data structure as OpenSSL has this in ecs_locl.h
|
* Run own ecdsa_method data structure as OpenSSL has this in ecs_locl.h
|
||||||
* and does not export this on systems.
|
* and does not export this on systems.
|
||||||
|
@ -428,7 +427,7 @@ kore_domain_crl_add(struct kore_domain *dom, const void *pem, size_t pemlen)
|
||||||
X509_STORE *store;
|
X509_STORE *store;
|
||||||
|
|
||||||
ERR_clear_error();
|
ERR_clear_error();
|
||||||
in = domain_bio_mem(pem, pemlen);
|
in = BIO_new_mem_buf(pem, pemlen);
|
||||||
|
|
||||||
if ((store = SSL_CTX_get_cert_store(dom->ssl_ctx)) == NULL) {
|
if ((store = SSL_CTX_get_cert_store(dom->ssl_ctx)) == NULL) {
|
||||||
BIO_free(in);
|
BIO_free(in);
|
||||||
|
@ -833,7 +832,7 @@ domain_load_certificate_chain(SSL_CTX *ctx, const void *data, size_t len)
|
||||||
X509 *x, *ca;
|
X509 *x, *ca;
|
||||||
|
|
||||||
ERR_clear_error();
|
ERR_clear_error();
|
||||||
in = domain_bio_mem(data, len);
|
in = BIO_new_mem_buf(data, len);
|
||||||
|
|
||||||
if ((x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL)) == NULL)
|
if ((x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL)) == NULL)
|
||||||
fatal("PEM_read_bio_X509_AUX: %s", ssl_errno_s);
|
fatal("PEM_read_bio_X509_AUX: %s", ssl_errno_s);
|
||||||
|
@ -871,29 +870,3 @@ domain_load_certificate_chain(SSL_CTX *ctx, const void *data, size_t len)
|
||||||
|
|
||||||
return (x);
|
return (x);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* XXX - hack around LibreSSL < 2.8.0 its BIO_new_mem_buf() not taking
|
|
||||||
* a const pointer for its first argument.
|
|
||||||
*
|
|
||||||
* Since we build with -Wcast-qual and -Werror I rather do this than having
|
|
||||||
* a bunch of pragma preprocessor magic to remove the warnings for that code
|
|
||||||
* if we're dealing with LibreSSL.
|
|
||||||
*/
|
|
||||||
static BIO *
|
|
||||||
domain_bio_mem(const void *data, size_t len)
|
|
||||||
{
|
|
||||||
BIO *in;
|
|
||||||
union { void *p; const void *cp; } deconst;
|
|
||||||
|
|
||||||
/* because OpenSSL likes taking ints as memory buffer lengths. */
|
|
||||||
if (len > INT_MAX)
|
|
||||||
fatal("domain_bio_mem: len(%zu) > INT_MAX", len);
|
|
||||||
|
|
||||||
deconst.cp = data;
|
|
||||||
|
|
||||||
if ((in = BIO_new_mem_buf(deconst.p, len)) == NULL)
|
|
||||||
fatal("BIO_new_mem_buf: %s", ssl_errno_s);
|
|
||||||
|
|
||||||
return (in);
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in New Issue