diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2019-04-05 13:38:54 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-04-05 13:38:54 +0100 |
| commit | 0d82437ff97668a34a67b4ba398d1294ec016d3a (patch) | |
| tree | e339995604fe0b99306f527aa72f1f39dd211a51 | |
| parent | 2cf1c24f203b3995cfa4434907cff05917a55c90 (diff) | |
| download | exim4-0d82437ff97668a34a67b4ba398d1294ec016d3a.tar.gz | |
Fix build with recent LibreSSL, when including DANE. Bug 2386
(cherry picked from commit c19ab167ac and 1fbf41cdf6
| -rw-r--r-- | doc/doc-txt/ChangeLog | 3 | ||||
| -rw-r--r-- | src/src/dane-openssl.c | 11 | ||||
| -rw-r--r-- | src/src/tlscert-openssl.c | 12 |
3 files changed, 22 insertions, 4 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 03f39d2cd..1e2dc4715 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -41,6 +41,9 @@ JH/11 Harden plaintext authenticator against a badly misconfigured client-send JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no output. +JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old + API was removed, so update to use the newer ones. + Exim version 4.92 diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c index f7ccbd765..79f136eae 100644 --- a/src/src/dane-openssl.c +++ b/src/src/dane-openssl.c @@ -2,7 +2,7 @@ * Author: Viktor Dukhovni * License: THIS CODE IS IN THE PUBLIC DOMAIN. * - * Copyright (c) The Exim Maintainers 2014 - 2018 + * Copyright (c) The Exim Maintainers 2014 - 2019 */ #include <stdio.h> #include <string.h> @@ -25,9 +25,18 @@ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) # define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509) #endif + +/* LibreSSL 2.9.0 and later - 2.9.0 has removed a number of macros ... */ +#ifdef LIBRESSL_VERSION_NUMBER +# if LIBRESSL_VERSION_NUMBER >= 0x2090000fL +# define EXIM_HAVE_ASN1_MACROS +# endif +#endif +/* OpenSSL */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) # define EXIM_HAVE_ASN1_MACROS # define EXIM_OPAQUE_X509 +/* Older OpenSSL and all LibreSSL */ #else # define X509_STORE_CTX_get_verify(ctx) (ctx)->verify # define X509_STORE_CTX_get_verify_cb(ctx) (ctx)->verify_cb diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c index 7e0128ee4..3551045ce 100644 --- a/src/src/tlscert-openssl.c +++ b/src/src/tlscert-openssl.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Jeremy Harris 2014 - 2018 */ +/* Copyright (c) Jeremy Harris 2014 - 2019 */ /* This module provides TLS (aka SSL) support for Exim using the OpenSSL library. It is #included into the tls.c file when that library is used. @@ -17,8 +17,14 @@ library. It is #included into the tls.c file when that library is used. #include <openssl/rand.h> #include <openssl/x509v3.h> -#if OPENSSL_VERSION_NUMBER >= 0x10100000L -# define EXIM_HAVE_ASN1_MACROS +#ifdef LIBRESSL_VERSION_NUMBER /* LibreSSL */ +# if LIBRESSL_VERSION_NUMBER >= 0x2090000fL +# define EXIM_HAVE_ASN1_MACROS +# endif +#else /* OpenSSL */ +# if OPENSSL_VERSION_NUMBER >= 0x10100000L +# define EXIM_HAVE_ASN1_MACROS +# endif #endif #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |