summarylogtreecommitdiffstats
path: root/openssl-1.1.patch
diff options
context:
space:
mode:
authorFelix Morgner2017-11-18 11:26:31 +0100
committerFelix Morgner2017-11-18 11:26:31 +0100
commit51dc8bd82fef201c96666001e54614518a08fc0e (patch)
tree9c91ad472f991c0b388cf60054644e96806e261c /openssl-1.1.patch
parent7bc188510dd283c4264b26b58101d8651f697cdf (diff)
downloadaur-51dc8bd82fef201c96666001e54614518a08fc0e.tar.gz
fix OpenSSL 1.1 compatibility
Thanks to @discostar for the patch!
Diffstat (limited to 'openssl-1.1.patch')
-rw-r--r--openssl-1.1.patch60
1 files changed, 60 insertions, 0 deletions
diff --git a/openssl-1.1.patch b/openssl-1.1.patch
new file mode 100644
index 00000000000..ea6435cde00
--- /dev/null
+++ b/openssl-1.1.patch
@@ -0,0 +1,60 @@
+diff -aur dnssec-trigger-0.14/riggerd/cfg.c dnssec-trigger-0.14-patched/riggerd/cfg.c
+--- dnssec-trigger-0.14/riggerd/cfg.c 2017-06-08 17:06:17.000000000 +0200
++++ dnssec-trigger-0.14-patched/riggerd/cfg.c 2017-11-18 11:21:50.477359449 +0100
+@@ -540,9 +540,11 @@
+ if(!ctx)
+ return ctx_err_ret(ctx, err, errlen,
+ "could not allocate SSL_CTX pointer");
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
+ return ctx_err_ret(ctx, err, errlen,
+ "could not set SSL_OP_NO_SSLv2");
++#endif
+ if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
+ !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
+ || !SSL_CTX_check_private_key(ctx))
+diff -aur dnssec-trigger-0.14/riggerd/net_help.c dnssec-trigger-0.14-patched/riggerd/net_help.c
+--- dnssec-trigger-0.14/riggerd/net_help.c 2017-06-08 17:06:17.000000000 +0200
++++ dnssec-trigger-0.14-patched/riggerd/net_help.c 2017-11-18 11:22:40.546960367 +0100
+@@ -447,11 +447,13 @@
+ return NULL;
+ }
+ /* no SSLv2 because has defects */
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
+ log_crypto_err("could not set SSL_OP_NO_SSLv2");
+ SSL_CTX_free(ctx);
+ return NULL;
+ }
++#endif
+ if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) {
+ log_err("error for cert file: %s", pem);
+ log_crypto_err("error in SSL_CTX use_certificate_file");
+diff -aur dnssec-trigger-0.14/riggerd/reshook.c dnssec-trigger-0.14-patched/riggerd/reshook.c
+--- dnssec-trigger-0.14/riggerd/reshook.c 2017-06-08 17:06:17.000000000 +0200
++++ dnssec-trigger-0.14-patched/riggerd/reshook.c 2017-11-18 11:23:54.853034153 +0100
+@@ -256,7 +256,7 @@
+ win_set_resolv("127.0.0.1");
+ #else /* not on windows */
+ # ifndef HOOKS_OSX /* on Linux/BSD */
+- if (system("/usr/libexec/dnssec-trigger-script --setup") == 0)
++ if (system(LIBEXEC_DIR "/dnssec-trigger-script --setup") == 0)
+ return;
+
+ if(really_set_to_localhost(cfg)) {
+diff -aur dnssec-trigger-0.14/riggerd/svr.c dnssec-trigger-0.14-patched/riggerd/svr.c
+--- dnssec-trigger-0.14/riggerd/svr.c 2017-06-08 17:06:17.000000000 +0200
++++ dnssec-trigger-0.14-patched/riggerd/svr.c 2017-11-18 11:23:10.156724197 +0100
+@@ -162,10 +162,12 @@
+ return 0;
+ }
+ /* no SSLv2 because has defects */
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ if(!(SSL_CTX_set_options(s->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
+ log_crypto_err("could not set SSL_OP_NO_SSLv2");
+ return 0;
+ }
++#endif
+ s_cert = s->cfg->server_cert_file;
+ s_key = s->cfg->server_key_file;
+ verbose(VERB_ALGO, "setup SSL certificates");