Merge pull request #158 from neheb/n

michalvasko · web-flow · commit 26ea284c86d9 · 2019-06-27T08:22:01.000+02:00
Remove deprecated OpenSSL APIs
diff --git a/src/session.c b/src/session.c
@@ -1445,11 +1445,11 @@ tls_thread_id_func(CRYPTO_THREADID *tid)
 static void
 nc_tls_init(void)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
     SSL_load_error_strings();
     ERR_load_BIO_strings();
     SSL_library_init();
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
     int i;
 
     tls_locks = malloc(CRYPTO_num_locks() * sizeof *tls_locks);
@@ -1473,6 +1473,7 @@ nc_tls_init(void)
 static void
 nc_tls_destroy(void)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
     FIPS_mode_set(0);
     CRYPTO_cleanup_all_ex_data();
     nc_thread_destroy();
@@ -1484,7 +1485,6 @@ nc_tls_destroy(void)
     SSL_COMP_free_compression_methods();
 #endif
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
     int i;
 
     CRYPTO_THREADID_set_callback(NULL);
@@ -1507,13 +1507,13 @@ nc_tls_destroy(void)
 static void
 nc_ssh_tls_init(void)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
     SSL_load_error_strings();
     ERR_load_BIO_strings();
     SSL_library_init();
 
     nc_ssh_init();
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
     CRYPTO_set_dynlock_create_callback(tls_dyn_create_func);
     CRYPTO_set_dynlock_lock_callback(tls_dyn_lock_func);
     CRYPTO_set_dynlock_destroy_callback(tls_dyn_destroy_func);
@@ -1523,6 +1523,7 @@ nc_ssh_tls_init(void)
 static void
 nc_ssh_tls_destroy(void)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
     ERR_free_strings();
 #if OPENSSL_VERSION_NUMBER < 0x10002000L // < 1.0.2
     sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
@@ -1532,7 +1533,6 @@ nc_ssh_tls_destroy(void)
 
     nc_ssh_destroy();
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // < 1.1.0
     CRYPTO_set_dynlock_create_callback(NULL);
     CRYPTO_set_dynlock_lock_callback(NULL);
     CRYPTO_set_dynlock_destroy_callback(NULL);
diff --git a/src/session_client_tls.c b/src/session_client_tls.c
@@ -29,6 +29,10 @@
 #include "session_client_ch.h"
 #include "libnetconf.h"
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject
+#endif
+
 struct nc_client_context *nc_client_context_location(void);
 int nc_session_new_ctx( struct nc_session *session, struct ly_ctx *ctx);
 
@@ -74,7 +78,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
     store_ctx = X509_STORE_CTX_new();
     obj = X509_OBJECT_new();
     X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL);
-    rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
+    rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
     X509_STORE_CTX_free(store_ctx);
     crl = X509_OBJECT_get0_X509_CRL(obj);
     if (rc > 0 && crl) {
@@ -113,7 +117,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
     store_ctx = X509_STORE_CTX_new();
     obj = X509_OBJECT_new();
     X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL);
-    rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
+    rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
     X509_STORE_CTX_free(store_ctx);
     crl = X509_OBJECT_get0_X509_CRL(obj);
     if (rc > 0 && crl) {
@@ -169,7 +173,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
      * the current certificate in order to verify it's integrity */
     memset((char *)&obj, 0, sizeof obj);
     X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL);
-    rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
+    rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
     X509_STORE_CTX_cleanup(&store_ctx);
     crl = obj.data.crl;
     if (rc > 0 && crl) {
@@ -207,7 +211,7 @@ tlsauth_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
      * the current certificate in order to check for revocation */
     memset((char *)&obj, 0, sizeof obj);
     X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL);
-    rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
+    rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
     X509_STORE_CTX_cleanup(&store_ctx);
     crl = obj.data.crl;
     if (rc > 0 && crl) {
diff --git a/src/session_server_tls.c b/src/session_server_tls.c
@@ -28,6 +28,10 @@
 #include "session_server_ch.h"
 #include "libnetconf.h"
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject
+#endif
+
 struct nc_server_tls_opts tls_ch_opts;
 pthread_mutex_t tls_ch_opts_lock = PTHREAD_MUTEX_INITIALIZER;
 extern struct nc_server_opts server_opts;
@@ -563,7 +567,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
         store_ctx = X509_STORE_CTX_new();
         obj = X509_OBJECT_new();
         X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL);
-        rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
+        rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
         X509_STORE_CTX_free(store_ctx);
         crl = X509_OBJECT_get0_X509_CRL(obj);
         if (rc > 0 && crl) {
@@ -616,7 +620,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
         store_ctx = X509_STORE_CTX_new();
         obj = X509_OBJECT_new();
         X509_STORE_CTX_init(store_ctx, opts->crl_store, NULL, NULL);
-        rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
+        rc = X509_STORE_CTX_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
         X509_STORE_CTX_free(store_ctx);
         crl = X509_OBJECT_get0_X509_CRL(obj);
         if (rc > 0 && crl) {
@@ -776,7 +780,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
          * the current certificate in order to verify it's integrity */
         memset((char *)&obj, 0, sizeof(obj));
         X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL);
-        rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
+        rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, subject, &obj);
         X509_STORE_CTX_cleanup(&store_ctx);
         crl = obj.data.crl;
         if (rc > 0 && crl) {
@@ -828,7 +832,7 @@ nc_tlsclb_verify(int preverify_ok, X509_STORE_CTX *x509_ctx)
          * the current certificate in order to check for revocation */
         memset((char *)&obj, 0, sizeof(obj));
         X509_STORE_CTX_init(&store_ctx, opts->crl_store, NULL, NULL);
-        rc = X509_STORE_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
+        rc = X509_STORE_CTX_get_by_subject(&store_ctx, X509_LU_CRL, issuer, &obj);
         X509_STORE_CTX_cleanup(&store_ctx);
         crl = obj.data.crl;
         if (rc > 0 && crl) {
