From f627fcf379d9453326672016168e2e73f6c42916 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 5 Apr 2019 13:38:54 +0100 Subject: [PATCH] Fix build with recent LibreSSL, when including DANE. Bug 2386 (cherry picked from commit c19ab167ac and 1fbf41cdf6 (cherry picked from commit 0d82437ff97668a34a67b4ba398d1294ec016d3a) (cherry picked from commit 09cc73f04332f420e07f4bc8bb2e2466c2460067) --- doc/doc-txt/ChangeLog | 3 +++ src/src/dane-openssl.c | 11 ++++++++++- src/src/tlscert-openssl.c | 12 +++++++++--- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index f0704c7d9..70fdc9510 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -52,6 +52,9 @@ JH/11 Harden plaintext authenticator against a badly misconfigured client-send JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no output. +JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old + API was removed, so update to use the newer ones. + Exim version 4.92 diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c index f7ccbd765..79f136eae 100644 --- a/src/src/dane-openssl.c +++ b/src/src/dane-openssl.c @@ -2,7 +2,7 @@ * Author: Viktor Dukhovni * License: THIS CODE IS IN THE PUBLIC DOMAIN. * - * Copyright (c) The Exim Maintainers 2014 - 2018 + * Copyright (c) The Exim Maintainers 2014 - 2019 */ #include #include @@ -25,9 +25,18 @@ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) # define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509) #endif + +/* LibreSSL 2.9.0 and later - 2.9.0 has removed a number of macros ... */ +#ifdef LIBRESSL_VERSION_NUMBER +# if LIBRESSL_VERSION_NUMBER >= 0x2090000fL +# define EXIM_HAVE_ASN1_MACROS +# endif +#endif +/* OpenSSL */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) # define EXIM_HAVE_ASN1_MACROS # define EXIM_OPAQUE_X509 +/* Older OpenSSL and all LibreSSL */ #else # define X509_STORE_CTX_get_verify(ctx) (ctx)->verify # define X509_STORE_CTX_get_verify_cb(ctx) (ctx)->verify_cb diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c index 7e0128ee4..3551045ce 100644 --- a/src/src/tlscert-openssl.c +++ b/src/src/tlscert-openssl.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Jeremy Harris 2014 - 2018 */ +/* Copyright (c) Jeremy Harris 2014 - 2019 */ /* This module provides TLS (aka SSL) support for Exim using the OpenSSL library. It is #included into the tls.c file when that library is used. @@ -17,8 +17,14 @@ library. It is #included into the tls.c file when that library is used. #include #include -#if OPENSSL_VERSION_NUMBER >= 0x10100000L -# define EXIM_HAVE_ASN1_MACROS +#ifdef LIBRESSL_VERSION_NUMBER /* LibreSSL */ +# if LIBRESSL_VERSION_NUMBER >= 0x2090000fL +# define EXIM_HAVE_ASN1_MACROS +# endif +#else /* OpenSSL */ +# if OPENSSL_VERSION_NUMBER >= 0x10100000L +# define EXIM_HAVE_ASN1_MACROS +# endif #endif #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -- 2.30.2