Merge pull request #13032 from neheb/freer

freeradius3: fix compilation without deprecated OpenSSL APIs
author: Rosen Penev <rosenp@gmail.com> 2020-08-05 13:10:49 -0700
committer: GitHub <noreply@github.com> 2020-08-05 13:10:49 -0700
commit: dca6a5b2fd927410295d236097720e9b18e634a2 (patch)
tree: 291868232fd2c6c4dec96ae833fea181f38632c2 /net
parent: a640cfa263d2e03508a31dfb05e971f31d59502a (diff)
parent: 9594a8540489b8282fe3d58a4bac412e44680257 (diff)
2 files changed, 118 insertions, 1 deletions
diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile
index 8e63e4228..e3a2a152e 100644
--- a/net/freeradius3/Makefile
+++ b/net/freeradius3/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=freeradius3
 PKG_VERSION:=release_3_0_21
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive
diff --git a/net/freeradius3/patches/010-openssl-deprecated.patch b/net/freeradius3/patches/010-openssl-deprecated.patch
new file mode 100644
index 000000000..203b71378
--- /dev/null
+++ b/net/freeradius3/patches/010-openssl-deprecated.patch
@@ -0,0 +1,117 @@
+--- a/src/main/threads.c
++++ b/src/main/threads.c
+@@ -298,6 +298,7 @@ static void ssl_locking_function(int mode, int n, UNUSED char const *file, UNUSE
+  */
+ int tls_mutexes_init(void)
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	int i;
+ 
+ 	ssl_mutexes = rad_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+@@ -316,6 +317,7 @@ int tls_mutexes_init(void)
+ #ifdef HAVE_CRYPTO_SET_LOCKING_CALLBACK
+ 	CRYPTO_set_locking_callback(ssl_locking_function);
+ #endif
++#endif
+ 
+ 	return 0;
+ }
+--- a/src/main/tls.c
++++ b/src/main/tls.c
+@@ -55,6 +55,7 @@ USES_APPLE_DEPRECATED_API	/* OpenSSL API has been deprecated by Apple */
+ #    include <openssl/evp.h>
+ #  endif
+ #  include <openssl/ssl.h>
++#  include <openssl/dh.h>
+ 
+ #define LOG_PREFIX "tls"
+ 
+@@ -2133,7 +2134,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+ 	int		my_ok = ok;
+ 
+ 	ASN1_INTEGER	*sn = NULL;
+-	ASN1_TIME	*asn_time = NULL;
++	const ASN1_TIME	*asn_time = NULL;
+ 	VALUE_PAIR	**certs;
+ 	char **identity;
+ #ifdef HAVE_OPENSSL_OCSP_H
+@@ -2207,7 +2208,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+ 	 *	Get the Expiration Date
+ 	 */
+ 	buf[0] = '\0';
+-	asn_time = X509_get_notAfter(client_cert);
++	asn_time = X509_get0_notAfter(client_cert);
+ 	if (certs && (lookup <= 1) && asn_time &&
+ 	    (asn_time->length < (int) sizeof(buf))) {
+ 		memcpy(buf, (char*) asn_time->data, asn_time->length);
+@@ -2220,7 +2221,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+ 	 *	Get the Valid Since Date
+ 	 */
+ 	buf[0] = '\0';
+-	asn_time = X509_get_notBefore(client_cert);
++	asn_time = X509_get0_notBefore(client_cert);
+ 	if (certs && (lookup <= 1) && asn_time &&
+ 	    (asn_time->length < (int) sizeof(buf))) {
+ 		memcpy(buf, (char*) asn_time->data, asn_time->length);
+@@ -2690,10 +2691,12 @@ static int set_ecdh_curve(SSL_CTX *ctx, char const *ecdh_curve, bool disable_sin
+  */
+ int tls_global_init(bool spawn_flag, bool check)
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	SSL_load_error_strings();	/* readable error messages (examples show call before library_init) */
+ 	SSL_library_init();		/* initialize library */
+ 	OpenSSL_add_all_algorithms();	/* required for SHA2 in OpenSSL < 0.9.8o and 1.0.0.a */
+ 	CONF_modules_load_file(NULL, NULL, 0);
++#endif
+ 
+ 	/*
+ 	 *	Initialize the index for the certificates.
+@@ -2769,6 +2772,7 @@ int tls_global_version_check(char const *acknowledged)
+  */
+ void tls_global_cleanup(void)
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #if OPENSSL_VERSION_NUMBER < 0x10000000L
+ 	ERR_remove_state(0);
+ #elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+@@ -2781,6 +2785,7 @@ void tls_global_cleanup(void)
+ 	ERR_free_strings();
+ 	EVP_cleanup();
+ 	CRYPTO_cleanup_all_ex_data();
++#endif
+ }
+ 
+ 
+--- a/src/main/version.c
++++ b/src/main/version.c
+@@ -54,7 +54,7 @@ int ssl_check_consistency(void)
+ {
+ 	long ssl_linked;
+ 
+-	ssl_linked = SSLeay();
++	ssl_linked = OpenSSL_version_num();
+ 
+ 	/*
+ 	 *	Major and minor versions mismatch, that's bad.
+@@ -152,7 +152,7 @@ char const *ssl_version_num(void)
+ {
+ 	long ssl_linked;
+ 
+-	ssl_linked = SSLeay();
++	ssl_linked = OpenSSL_version_num();
+ 	return ssl_version_by_num((uint32_t)ssl_linked);
+ }
+ 
+@@ -188,10 +188,10 @@ char const *ssl_version(void)
+ {
+ 	static char buffer[256];
+ 
+-	uint32_t v = SSLeay();
++	uint32_t v = OpenSSL_version_num();
+ 
+ 	snprintf(buffer, sizeof(buffer), "%s 0x%.8x (%s)",
+-		 SSLeay_version(SSLEAY_VERSION),		/* Not all builds include a useful version number */
++		 OpenSSL_version(OPENSSL_VERSION),		/* Not all builds include a useful version number */
+ 		 v,
+ 		 ssl_version_by_num(v));
+
author	Rosen Penev <rosenp@gmail.com>	2020-08-05 13:10:49 -0700
committer	GitHub <noreply@github.com>	2020-08-05 13:10:49 -0700
commit	dca6a5b2fd927410295d236097720e9b18e634a2 (patch)
tree	291868232fd2c6c4dec96ae833fea181f38632c2 /net
parent	a640cfa263d2e03508a31dfb05e971f31d59502a (diff)
parent	9594a8540489b8282fe3d58a4bac412e44680257 (diff)