diff options
author | Peter Powell <petpow@saberuk.com> | 2018-03-04 13:58:00 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-03-04 13:58:00 +0000 |
commit | ded44748551a0aaa117420324f324168dadaf1db (patch) | |
tree | 1d6f6c0e9b9ff4c2a08a559cf482fe4c1c6284d3 /src | |
parent | 52e8d8b72e6a7e20f94dbe4fb637f437b4ab98ec (diff) | |
parent | 4cfed4e5f68a1b9a2370dfceec3b97fb65e6ef46 (diff) |
Merge pull request #1463 from clinew/insp20+openssl-v1.1-compat
m_ssl_openssl: Remove deprecated API members.
Diffstat (limited to 'src')
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index aee7a5e34..f2189f257 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -33,6 +33,7 @@ #include "inspircd.h" #include <openssl/ssl.h> #include <openssl/err.h> +#include <openssl/dh.h> #include "ssl.h" #ifdef _WIN32 @@ -42,6 +43,15 @@ # define MAX_DESCRIPTORS 10000 #endif +// Compatibility layer to allow OpenSSL 1.0 to use the 1.1 API. +#if ((defined LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)) +# define X509_getm_notAfter X509_get_notAfter +# define X509_getm_notBefore X509_get_notBefore +# define OPENSSL_init_ssl(OPTIONS, SETTINGS) \ + SSL_library_init(); \ + SSL_load_error_strings(); +#endif + /* $ModDesc: Provides SSL support for clients */ /* $LinkerFlags: if("USE_FREEBSD_BASE_SSL") -lssl -lcrypto */ @@ -216,8 +226,7 @@ class ModuleSSLOpenSSL : public Module sessions = new issl_session[ServerInstance->SE->GetMaxFds()]; /* Global SSL library initialization*/ - SSL_library_init(); - SSL_load_error_strings(); + OPENSSL_init_ssl(0, NULL); /* Build our SSL contexts: * NOTE: OpenSSL makes us have two contexts, one for servers and one for clients. ICK. @@ -835,7 +844,7 @@ class ModuleSSLOpenSSL : public Module certinfo->fingerprint = irc::hex(md, n); } - if ((ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), ServerInstance->Time()) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), ServerInstance->Time()) == 0)) + if ((ASN1_UTCTIME_cmp_time_t(X509_getm_notAfter(cert), ServerInstance->Time()) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_getm_notBefore(cert), ServerInstance->Time()) == 0)) { certinfo->error = "Not activated, or expired certificate"; } |