[Bug-wget] [PATCH] * src/openssl.c: fix ssl

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] [PATCH] * src/openssl.c: fix ssl_init for openssl 1.1.1

From:	Eneas U de Queiroz
Subject:	[Bug-wget] [PATCH] * src/openssl.c: fix ssl_init for openssl 1.1.1
Date:	Mon, 22 Apr 2019 11:03:25 -0300

ssl_init fails with openssl 1.1.1 when openssl.cnf is not found.
Redundant calls to intialization functions were removed as
OPENSSL_config takes care of them for openssl versions < 1.1.0.
For versions > 1.1.0, OPENSSL_init_ssl is preferred.

Signed-off-by: Eneas U de Queiroz <address@hidden>
---

wget currently fails to use SSL with openssl 1.1.1b:
$ wget https://google.com
--2019-04-22 10:10:16--  https://google.com/
Disabling SSL due to encountered errors.

This may be considered a workaround, as it should not generate the
error, but it really is an API update, as openssl 1.1.1 deprecated
OPENSSL_config in favor of OPENSSL_init_crypto anyway.  See
https://github.com/openssl/openssl/issues/8528

OPENSSL_init_ssl can be seen as a superset of OPENSSL_init_crypto (it
calls OPENSSL_init_crypto), and we are already calling it, so we just
need to pass these flags: OPENSSL_INIT_LOAD_CONFIG to load the
openssl.cnf file, and OPENSSL_INIT_ENGINE_ALL_BUILTIN to load the
builtin engines.

Also, for versions >= 0.9.7 < 1.1.0, OPENSSL_config takes care of
loading builtin modules, engines, and config file, just as ssl_init
does, so those calls are all redundant and can be removed.
https://github.com/openssl/openssl/blob/OpenSSL_0_9_7-stable/crypto/conf/conf_sap.c#L82
https://github.com/openssl/openssl/blob/OpenSSL_0_9_8-stable/crypto/conf/conf_sap.c#L84
https://github.com/openssl/openssl/blob/OpenSSL_1_0_0-stable/crypto/conf/conf_sap.c#L84
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/crypto/conf/conf_sap.c#L84
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/conf/conf_sap.c#L84

No changes are made here if openssl version < 0.9.7.

diff --git a/src/openssl.c b/src/openssl.c
index a1502173..03737d7a 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -174,7 +174,9 @@ ssl_init (void)
 #if OPENSSL_VERSION_NUMBER >= 0x00907000
   if (ssl_true_initialized == 0)
     {
-#if OPENSSL_API_COMPAT < 0x10100000L
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 
0x10100000L)
+      OPENSSL_init_ssl (OPENSSL_INIT_LOAD_CONFIG | 
OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+#else
       OPENSSL_config (NULL);
 #endif
       ssl_true_initialized = 1;
@@ -194,21 +196,9 @@ ssl_init (void)
       goto error;
     }
 
-#if OPENSSL_VERSION_NUMBER >= 0x00907000
-  OPENSSL_load_builtin_modules();
-#ifndef OPENSSL_NO_ENGINE
-  ENGINE_load_builtin_engines();
-#endif
-  CONF_modules_load_file(NULL, NULL,
-      CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE);
-#endif
-#if OPENSSL_API_COMPAT >= 0x10100000L
-  OPENSSL_init_ssl(0, NULL);
-#else
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
   SSL_library_init ();
   SSL_load_error_strings ();
-#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
   SSLeay_add_all_algorithms ();
   SSLeay_add_ssl_algorithms ();
 #endif

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] [PATCH] * src/openssl.c: fix ssl_init for openssl 1.1.1, Eneas U de Queiroz <=
- Re: [Bug-wget] * src/openssl.c: fix ssl_init for openssl 1.1.1, Jernej Simončič, 2019/04/24
- Re: [Bug-wget] [PATCH] * src/openssl.c: fix ssl_init for openssl 1.1.1, Tim Rühsen, 2019/04/26

Prev by Date: Re: [Bug-wget] FAIL: 6
Next by Date: Re: [Bug-wget] FAIL: 6
Previous by thread: [Bug-wget] FAIL: 6
Next by thread: Re: [Bug-wget] * src/openssl.c: fix ssl_init for openssl 1.1.1
Index(es):
- Date
- Thread