Fix compilation without deprecated OpenSSL 1.1 APIs

All threading APIs are gone with 1.1. dh.h header does not get included with ssl.h automatically when deprecated APIs are disabled. X509_getBefore/After were replaced with get0 and getm variants. Switched to the former as it can be const.
Yellow-Camper · Jan 23, 2019 · 78e8e41 · 78e8e41
1 parent bdefac6
commit 78e8e41
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 12 deletions.
diff --git a/evhtp.c b/evhtp.c
@@ -2827,6 +2827,7 @@ htp__accept_cb_(struct evconnlistener * serv, int fd, struct sockaddr * s, int s
 
 #ifndef EVHTP_DISABLE_SSL
 #ifndef EVHTP_DISABLE_EVTHR
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
 void
@@ -2854,6 +2855,8 @@ htp__ssl_get_thread_id_(
 #else
     return tid;
 #endif
+
+#endif
 }
 
 static void
@@ -4692,6 +4695,7 @@ evhtp_set_post_accept_cb(evhtp_t * htp, evhtp_post_accept_cb cb, void * arg)
 
 #ifndef EVHTP_DISABLE_SSL
 #ifndef EVHTP_DISABLE_EVTHR
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 int
 evhtp_ssl_use_threads(void)
 {
@@ -4724,6 +4728,7 @@ evhtp_ssl_use_threads(void)
     return 0;
 }
 
+#endif
 #endif
 
 int

diff --git a/include/evhtp/evhtp.h b/include/evhtp/evhtp.h
@@ -26,6 +26,7 @@
 
 #ifndef EVHTP_DISABLE_SSL
 #include <event2/bufferevent_ssl.h>
+#include <openssl/dh.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>

diff --git a/sslutils.c b/sslutils.c
@@ -10,6 +10,11 @@
 #include "evhtp/sslutils.h"
 #include "internal.h"
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_get0_notBefore X509_get_notBefore
+#define X509_get0_notAfter X509_get_notAfter
+#endif
+
 unsigned char *
 htp_sslutil_subject_tostr(evhtp_ssl_t * ssl) {
     unsigned char * subj_str;
@@ -78,11 +83,11 @@ htp_sslutil_issuer_tostr(evhtp_ssl_t * ssl) {
 
 unsigned char *
 htp_sslutil_notbefore_tostr(evhtp_ssl_t * ssl) {
-    BIO           * bio;
-    X509          * cert;
-    ASN1_TIME     * time;
-    size_t          len;
-    unsigned char * time_str;
+    BIO             * bio;
+    X509            * cert;
+    const ASN1_TIME * time;
+    size_t            len;
+    unsigned char   * time_str;
 
     if (!ssl) {
         return NULL;
@@ -92,7 +97,7 @@ htp_sslutil_notbefore_tostr(evhtp_ssl_t * ssl) {
         return NULL;
     }
 
-    if (!(time = X509_get_notBefore(cert))) {
+    if (!(time = X509_get0_notBefore(cert))) {
         X509_free(cert);
         return NULL;
     }
@@ -128,11 +133,11 @@ htp_sslutil_notbefore_tostr(evhtp_ssl_t * ssl) {
 
 unsigned char *
 htp_sslutil_notafter_tostr(evhtp_ssl_t * ssl) {
-    BIO           * bio;
-    X509          * cert;
-    ASN1_TIME     * time;
-    size_t          len;
-    unsigned char * time_str;
+    BIO             * bio;
+    X509            * cert;
+    const ASN1_TIME * time;
+    size_t            len;
+    unsigned char   * time_str;
 
     if (!ssl) {
         return NULL;
@@ -142,7 +147,7 @@ htp_sslutil_notafter_tostr(evhtp_ssl_t * ssl) {
         return NULL;
     }
 
-    if (!(time = X509_get_notAfter(cert))) {
+    if (!(time = X509_get0_notAfter(cert))) {
         X509_free(cert);
         return NULL;
     }