summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.FreeBSD3
-rw-r--r--configure.ac4
-rw-r--r--src/CMakeLists.txt1
-rw-r--r--src/SConscript2
-rw-r--r--src/base.h6
-rw-r--r--src/config.h.cmake1
-rw-r--r--src/network.c7
-rw-r--r--src/server.c3
8 files changed, 15 insertions, 12 deletions
diff --git a/README.FreeBSD b/README.FreeBSD
index d7c34655..29da0a37 100644
--- a/README.FreeBSD
+++ b/README.FreeBSD
@@ -46,6 +46,3 @@ Configure:
To help autotools find libraries and headers:
CPPFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib ./configure ...
-
-With ssl the compiler might warn about OPENSSL_NO_KRB5 redefinitions, just
-configure "--with-kerberos5" for now.
diff --git a/configure.ac b/configure.ac
index b7a0a67a..6fe4b044 100644
--- a/configure.ac
+++ b/configure.ac
@@ -346,8 +346,8 @@ AC_ARG_WITH(kerberos5,
)
if test "x$use_openssl" = "xyes"; then
- if test "x$use_kerberos" != "xyes"; then
- CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_KRB5"
+ if test "x$use_kerberos" = "xyes"; then
+ AC_DEFINE([USE_OPENSSL_KERBEROS], [1], [with kerberos])
fi
AC_CHECK_HEADERS([openssl/ssl.h])
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 9094b0bc..502815e3 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -225,7 +225,6 @@ if(WITH_OPENSSL)
if(HAVE_OPENSSL_SSL_H)
check_library_exists(crypto BIO_f_base64 "" HAVE_LIBCRYPTO)
if(HAVE_LIBCRYPTO)
- set(OPENSSL_NO_KRB5 1)
check_library_exists(ssl SSL_new "" HAVE_LIBSSL)
endif()
endif()
diff --git a/src/SConscript b/src/SConscript
index 524b090a..1decfda1 100644
--- a/src/SConscript
+++ b/src/SConscript
@@ -120,7 +120,7 @@ if env['with_memcached']:
if env['with_lua']:
modules['mod_magnet'] = { 'src' : [ 'mod_magnet.c', 'mod_magnet_cache.c' ], 'lib' : [ env['LIBLUA'] ] }
-staticenv = env.Clone(CPPFLAGS=[ env['CPPFLAGS'], '-DLIGHTTPD_STATIC', '-DOPENSSL_NO_KRB5'])
+staticenv = env.Clone(CPPFLAGS=[ env['CPPFLAGS'], '-DLIGHTTPD_STATIC' ])
## all the core-sources + the modules
staticsrc = src + common_src
diff --git a/src/base.h b/src/base.h
index 1111d769..f02b56a5 100644
--- a/src/base.h
+++ b/src/base.h
@@ -30,6 +30,12 @@
#if defined HAVE_LIBSSL && defined HAVE_OPENSSL_SSL_H
# define USE_OPENSSL
+# include <openssl/opensslconf.h>
+# ifndef USE_OPENSSL_KERBEROS
+# ifndef OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
+# endif
+# endif
# include <openssl/ssl.h>
# if ! defined OPENSSL_NO_TLSEXT && ! defined SSL_CTRL_SET_TLSEXT_HOSTNAME
# define OPENSSL_NO_TLSEXT
diff --git a/src/config.h.cmake b/src/config.h.cmake
index 19c8843b..8b1f4636 100644
--- a/src/config.h.cmake
+++ b/src/config.h.cmake
@@ -40,7 +40,6 @@
/* OpenSSL */
#cmakedefine HAVE_OPENSSL_SSL_H
#cmakedefine HAVE_LIBCRYPTO
-#cmakedefine OPENSSL_NO_KRB5
#cmakedefine HAVE_LIBSSL
/* BZip */
diff --git a/src/network.c b/src/network.c
index 5b64cdc0..46b4be8e 100644
--- a/src/network.c
+++ b/src/network.c
@@ -780,7 +780,7 @@ int network_init(server *srv) {
if (!s->ssl_use_sslv2) {
/* disable SSLv2 */
- if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
+ if ((SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2)) != SSL_OP_NO_SSLv2) {
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
ERR_error_string(ERR_get_error(), NULL));
return -1;
@@ -789,7 +789,7 @@ int network_init(server *srv) {
if (!s->ssl_use_sslv3) {
/* disable SSLv3 */
- if (!(SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3))) {
+ if ((SSL_OP_NO_SSLv3 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv3)) != SSL_OP_NO_SSLv3) {
log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
ERR_error_string(ERR_get_error(), NULL));
return -1;
@@ -839,7 +839,8 @@ int network_init(server *srv) {
log_error_write(srv, __FILE__, __LINE__, "s", "SSL: BN_bin2bn () failed");
return -1;
}
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L \
+ || defined(LIBRESSL_VERSION_NUMBER)
dh->p = dh_p;
dh->g = dh_g;
dh->length = 160;
diff --git a/src/server.c b/src/server.c
index 1f3a57d4..aee01db8 100644
--- a/src/server.c
+++ b/src/server.c
@@ -387,7 +387,8 @@ static void server_free(server *srv) {
if (srv->ssl_is_init) {
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
- #if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L \
+ && !defined(LIBRESSL_VERSION_NUMBER)
ERR_remove_thread_state();
#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
ERR_remove_thread_state(NULL);
View Lorry Controller Status