110-drop_egd_sslv3_support.patch 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184
  1. --- a/sslcls.c
  2. +++ b/sslcls.c
  3. @@ -55,6 +55,7 @@ const SSL_METHOD *sycSSLv2_server_method
  4. }
  5. #endif
  6. +#ifdef HAVE_SSLv3_client_method
  7. const SSL_METHOD *sycSSLv3_client_method(void) {
  8. const SSL_METHOD *result;
  9. Debug("SSLv3_client_method()");
  10. @@ -62,7 +63,9 @@ const SSL_METHOD *sycSSLv3_client_method
  11. Debug1("SSLv3_client_method() -> %p", result);
  12. return result;
  13. }
  14. +#endif
  15. +#ifdef HAVE_SSLv3_server_method
  16. const SSL_METHOD *sycSSLv3_server_method(void) {
  17. const SSL_METHOD *result;
  18. Debug("SSLv3_server_method()");
  19. @@ -70,6 +73,7 @@ const SSL_METHOD *sycSSLv3_server_method
  20. Debug1("SSLv3_server_method() -> %p", result);
  21. return result;
  22. }
  23. +#endif
  24. const SSL_METHOD *sycSSLv23_client_method(void) {
  25. const SSL_METHOD *result;
  26. @@ -331,14 +335,6 @@ void sycSSL_free(SSL *ssl) {
  27. return;
  28. }
  29. -int sycRAND_egd(const char *path) {
  30. - int result;
  31. - Debug1("RAND_egd(\"%s\")", path);
  32. - result = RAND_egd(path);
  33. - Debug1("RAND_egd() -> %d", result);
  34. - return result;
  35. -}
  36. -
  37. DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) {
  38. DH *result;
  39. Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)",
  40. @@ -375,7 +371,7 @@ int sycFIPS_mode_set(int onoff) {
  41. }
  42. #endif /* WITH_FIPS */
  43. -#if OPENSSL_VERSION_NUMBER >= 0x00908000L
  44. +#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
  45. const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl) {
  46. const COMP_METHOD *result;
  47. Debug1("SSL_get_current_compression(%p)", ssl);
  48. --- a/sslcls.h
  49. +++ b/sslcls.h
  50. @@ -47,7 +47,6 @@ X509 *sycSSL_get_peer_certificate(SSL *s
  51. int sycSSL_shutdown(SSL *ssl);
  52. void sycSSL_CTX_free(SSL_CTX *ctx);
  53. void sycSSL_free(SSL *ssl);
  54. -int sycRAND_egd(const char *path);
  55. DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
  56. @@ -55,7 +54,7 @@ BIO *sycBIO_new_file(const char *filenam
  57. int sycFIPS_mode_set(int onoff);
  58. -#if OPENSSL_VERSION_NUMBER >= 0x00908000L
  59. +#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
  60. const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl);
  61. const COMP_METHOD *sycSSL_get_current_expansion(SSL *ssl);
  62. const char *sycSSL_COMP_get_name(const COMP_METHOD *comp);
  63. @@ -98,7 +97,6 @@ const char *sycSSL_COMP_get_name(const C
  64. #define sycSSL_shutdown(s) SSL_shutdown(s)
  65. #define sycSSL_CTX_free(c) SSL_CTX_free(c)
  66. #define sycSSL_free(s) SSL_free(s)
  67. -#define sycRAND_egd(p) RAND_egd(p)
  68. #define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u)
  69. --- a/test.sh
  70. +++ b/test.sh
  71. @@ -576,9 +576,6 @@ filloptionvalues() {
  72. *,dh,*) OPTS=$(echo "$OPTS" |sed "s/,dh,/,dh=/tmp/hugo,/g");;
  73. esac
  74. case "$OPTS" in
  75. - *,egd,*) OPTS=$(echo "$OPTS" |sed "s/,egd,/,egd=/tmp/hugo,/g");;
  76. - esac
  77. - case "$OPTS" in
  78. *,compress,*) OPTS=$(echo "$OPTS" |sed "s/,compress,/,compress=none,/g");;
  79. esac
  80. # PROXY
  81. --- a/xio-openssl.c
  82. +++ b/xio-openssl.c
  83. @@ -108,7 +108,6 @@ const struct optdesc opt_openssl_key
  84. const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
  85. const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
  86. const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
  87. -const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
  88. const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC };
  89. #if OPENSSL_VERSION_NUMBER >= 0x00908000L
  90. const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC };
  91. @@ -147,7 +146,7 @@ int xio_reset_fips_mode(void) {
  92. static void openssl_conn_loginfo(SSL *ssl) {
  93. Notice1("SSL connection using %s", SSL_get_cipher(ssl));
  94. -#if OPENSSL_VERSION_NUMBER >= 0x00908000L
  95. +#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
  96. {
  97. const COMP_METHOD *comp, *expansion;
  98. @@ -722,7 +721,6 @@ int
  99. char *opt_dhparam = NULL; /* file name of DH params */
  100. char *opt_cafile = NULL; /* certificate authority file */
  101. char *opt_capath = NULL; /* certificate authority directory */
  102. - char *opt_egd = NULL; /* entropy gathering daemon socket path */
  103. #if OPENSSL_VERSION_NUMBER >= 0x00908000L
  104. char *opt_compress = NULL; /* compression method */
  105. #endif
  106. @@ -741,7 +739,6 @@ int
  107. retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath);
  108. retropt_string(opts, OPT_OPENSSL_KEY, &opt_key);
  109. retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam);
  110. - retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd);
  111. retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo);
  112. #if OPENSSL_VERSION_NUMBER >= 0x00908000L
  113. retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress);
  114. @@ -877,10 +874,6 @@ int
  115. }
  116. }
  117. - if (opt_egd) {
  118. - sycRAND_egd(opt_egd);
  119. - }
  120. -
  121. if (opt_pseudo) {
  122. long int randdata;
  123. /* initialize libc random from actual microseconds */
  124. @@ -1105,7 +1098,7 @@ static int openssl_SSL_ERROR_SSL(int lev
  125. if (e == ((ERR_LIB_RAND<<24)|
  126. (RAND_F_SSLEAY_RAND_BYTES<<12)|
  127. (RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) {
  128. - Error("too few entropy; use options \"egd\" or \"pseudo\"");
  129. + Error("too few entropy; use option \"pseudo\"");
  130. stat = STAT_NORETRY;
  131. } else {
  132. Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf));
  133. --- a/xio-openssl.h
  134. +++ b/xio-openssl.h
  135. @@ -21,7 +21,6 @@ extern const struct optdesc opt_openssl_
  136. extern const struct optdesc opt_openssl_dhparam;
  137. extern const struct optdesc opt_openssl_cafile;
  138. extern const struct optdesc opt_openssl_capath;
  139. -extern const struct optdesc opt_openssl_egd;
  140. extern const struct optdesc opt_openssl_pseudo;
  141. #if OPENSSL_VERSION_NUMBER >= 0x00908000L
  142. extern const struct optdesc opt_openssl_compress;
  143. --- a/xioopts.c
  144. +++ b/xioopts.c
  145. @@ -412,7 +412,6 @@ const struct optname optionnames[] = {
  146. #ifdef ECHOPRT
  147. IF_TERMIOS("echoprt", &opt_echoprt)
  148. #endif
  149. - IF_OPENSSL("egd", &opt_openssl_egd)
  150. IF_ANY ("end-close", &opt_end_close)
  151. IF_TERMIOS("eof", &opt_veof)
  152. IF_TERMIOS("eol", &opt_veol)
  153. @@ -1102,7 +1101,6 @@ const struct optname optionnames[] = {
  154. IF_OPENSSL("openssl-compress", &opt_openssl_compress)
  155. #endif
  156. IF_OPENSSL("openssl-dhparam", &opt_openssl_dhparam)
  157. - IF_OPENSSL("openssl-egd", &opt_openssl_egd)
  158. #if WITH_FIPS
  159. IF_OPENSSL("openssl-fips", &opt_openssl_fips)
  160. #endif
  161. --- a/xioopts.h
  162. +++ b/xioopts.h
  163. @@ -478,7 +478,6 @@ enum e_optcode {
  164. OPT_OPENSSL_COMPRESS,
  165. #endif
  166. OPT_OPENSSL_DHPARAM,
  167. - OPT_OPENSSL_EGD,
  168. OPT_OPENSSL_FIPS,
  169. OPT_OPENSSL_KEY,
  170. OPT_OPENSSL_METHOD,