bug-wget
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [PATCH] * src/openssl.c: fix ssl_init for openssl 1.1.1

From: Tim Rühsen
Subject: Re: [Bug-wget] [PATCH] * src/openssl.c: fix ssl_init for openssl 1.1.1
Date: Fri, 26 Apr 2019 11:05:18 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 
Thank you, pushed !

On 4/22/19 4:03 PM, Eneas U de Queiroz wrote:
> ssl_init fails with openssl 1.1.1 when openssl.cnf is not found.
> Redundant calls to intialization functions were removed as
> OPENSSL_config takes care of them for openssl versions < 1.1.0.
> For versions > 1.1.0, OPENSSL_init_ssl is preferred.
> 
> Signed-off-by: Eneas U de Queiroz <address@hidden>
> ---
> 
> wget currently fails to use SSL with openssl 1.1.1b:
> $ wget https://google.com
> --2019-04-22 10:10:16--  https://google.com/
> Disabling SSL due to encountered errors.
> 
> This may be considered a workaround, as it should not generate the
> error, but it really is an API update, as openssl 1.1.1 deprecated
> OPENSSL_config in favor of OPENSSL_init_crypto anyway.  See
> https://github.com/openssl/openssl/issues/8528
> 
> OPENSSL_init_ssl can be seen as a superset of OPENSSL_init_crypto (it
> calls OPENSSL_init_crypto), and we are already calling it, so we just
> need to pass these flags: OPENSSL_INIT_LOAD_CONFIG to load the
> openssl.cnf file, and OPENSSL_INIT_ENGINE_ALL_BUILTIN to load the
> builtin engines.
> 
> Also, for versions >= 0.9.7 < 1.1.0, OPENSSL_config takes care of
> loading builtin modules, engines, and config file, just as ssl_init
> does, so those calls are all redundant and can be removed.
> https://github.com/openssl/openssl/blob/OpenSSL_0_9_7-stable/crypto/conf/conf_sap.c#L82
> https://github.com/openssl/openssl/blob/OpenSSL_0_9_8-stable/crypto/conf/conf_sap.c#L84
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_0-stable/crypto/conf/conf_sap.c#L84
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/crypto/conf/conf_sap.c#L84
> https://github.com/openssl/openssl/blob/OpenSSL_1_0_2-stable/crypto/conf/conf_sap.c#L84
> 
> No changes are made here if openssl version < 0.9.7.
> 
> diff --git a/src/openssl.c b/src/openssl.c
> index a1502173..03737d7a 100644
> --- a/src/openssl.c
> +++ b/src/openssl.c
> @@ -174,7 +174,9 @@ ssl_init (void)
>  #if OPENSSL_VERSION_NUMBER >= 0x00907000
>    if (ssl_true_initialized == 0)
>      {
> -#if OPENSSL_API_COMPAT < 0x10100000L
> +#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 
> 0x10100000L)
> +      OPENSSL_init_ssl (OPENSSL_INIT_LOAD_CONFIG | 
> OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
> +#else
>        OPENSSL_config (NULL);
>  #endif
>        ssl_true_initialized = 1;
> @@ -194,21 +196,9 @@ ssl_init (void)
>        goto error;
>      }
>  
> -#if OPENSSL_VERSION_NUMBER >= 0x00907000
> -  OPENSSL_load_builtin_modules();
> -#ifndef OPENSSL_NO_ENGINE
> -  ENGINE_load_builtin_engines();
> -#endif
> -  CONF_modules_load_file(NULL, NULL,
> -      CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE);
> -#endif
> -#if OPENSSL_API_COMPAT >= 0x10100000L
> -  OPENSSL_init_ssl(0, NULL);
> -#else
> +#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 
> 0x10100000L)
>    SSL_library_init ();
>    SSL_load_error_strings ();
> -#endif
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
>    SSLeay_add_all_algorithms ();
>    SSLeay_add_ssl_algorithms ();
>  #endif
>

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]