github
/
mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix openssl 3 deprecations.

Browse Source
pull/2735/head
Roger A. Light 3 years ago
parent 291e46bb1a
commit 475a708d30
3 changed files with 46 additions and 20 deletions
Show Stats Download Patch File Download Diff File

28
lib/net_mosq.c
Unescape Escape View File

@ -153,12 +153,12 @@ void net__cleanup(void)
ERR_free_strings(); ERR_free_strings();
ERR_remove_thread_state(NULL); ERR_remove_thread_state(NULL);
EVP_cleanup(); EVP_cleanup();
# endif
# if !defined(OPENSSL_NO_ENGINE) # if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
ENGINE_cleanup(); ENGINE_cleanup();
# endif
is_tls_initialized = false;
# endif # endif
is_tls_initialized = false;
cleanup_ui_method(); cleanup_ui_method();
#endif #endif
@ -182,7 +182,7 @@ void net__init_tls(void)
SSL_library_init(); SSL_library_init();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
# endif # endif
#if !defined(OPENSSL_NO_ENGINE) #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
ENGINE_load_builtin_engines(); ENGINE_load_builtin_engines();
#endif #endif
setup_ui_method(); setup_ui_method();
@ -646,12 +646,12 @@ static int net__tls_load_ca(struct mosquitto *mosq)
static int net__init_ssl_ctx(struct mosquitto *mosq) static int net__init_ssl_ctx(struct mosquitto *mosq)
{ {
int ret; int ret;
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
ENGINE *engine = NULL; ENGINE *engine = NULL;
uint8_t tls_alpn_wire[256];
uint8_t tls_alpn_len;
#if !defined(OPENSSL_NO_ENGINE)
EVP_PKEY *pkey; EVP_PKEY *pkey;
#endif #endif
uint8_t tls_alpn_wire[256];
uint8_t tls_alpn_len;
#ifndef WITH_BROKER #ifndef WITH_BROKER
if(mosq->user_ssl_ctx){ if(mosq->user_ssl_ctx){
@ -726,7 +726,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
SSL_CTX_set_mode(mosq->ssl_ctx, SSL_MODE_RELEASE_BUFFERS); SSL_CTX_set_mode(mosq->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
#endif #endif
#if !defined(OPENSSL_NO_ENGINE) #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
if(mosq->tls_engine){ if(mosq->tls_engine){
engine = ENGINE_by_id(mosq->tls_engine); engine = ENGINE_by_id(mosq->tls_engine);
if(!engine){ if(!engine){
@ -747,7 +747,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
ret = SSL_CTX_set_cipher_list(mosq->ssl_ctx, mosq->tls_ciphers); ret = SSL_CTX_set_cipher_list(mosq->ssl_ctx, mosq->tls_ciphers);
if(ret == 0){ if(ret == 0){
log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to set TLS ciphers. Check cipher list \"%s\".", mosq->tls_ciphers); log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to set TLS ciphers. Check cipher list \"%s\".", mosq->tls_ciphers);
#if !defined(OPENSSL_NO_ENGINE) #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
ENGINE_FINISH(engine); ENGINE_FINISH(engine);
#endif #endif
net__print_ssl_error(mosq); net__print_ssl_error(mosq);
@ -768,7 +768,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
if(mosq->tls_cafile || mosq->tls_capath || mosq->tls_use_os_certs){ if(mosq->tls_cafile || mosq->tls_capath || mosq->tls_use_os_certs){
ret = net__tls_load_ca(mosq); ret = net__tls_load_ca(mosq);
if(ret != MOSQ_ERR_SUCCESS){ if(ret != MOSQ_ERR_SUCCESS){
# if !defined(OPENSSL_NO_ENGINE) # if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
ENGINE_FINISH(engine); ENGINE_FINISH(engine);
# endif # endif
net__print_ssl_error(mosq); net__print_ssl_error(mosq);
@ -793,7 +793,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
#else #else
log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client certificate \"%s\".", mosq->tls_certfile); log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client certificate \"%s\".", mosq->tls_certfile);
#endif #endif
#if !defined(OPENSSL_NO_ENGINE) #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
ENGINE_FINISH(engine); ENGINE_FINISH(engine);
#endif #endif
net__print_ssl_error(mosq); net__print_ssl_error(mosq);
@ -802,7 +802,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
} }
if(mosq->tls_keyfile){ if(mosq->tls_keyfile){
if(mosq->tls_keyform == mosq_k_engine){ if(mosq->tls_keyform == mosq_k_engine){
#if !defined(OPENSSL_NO_ENGINE) #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
UI_METHOD *ui_method = net__get_ui_method(); UI_METHOD *ui_method = net__get_ui_method();
if(mosq->tls_engine_kpass_sha1){ if(mosq->tls_engine_kpass_sha1){
if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){ if(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){
@ -841,7 +841,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
#else #else
log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client key file \"%s\".", mosq->tls_keyfile); log__printf(mosq, MOSQ_LOG_ERR, "Error: Unable to load client key file \"%s\".", mosq->tls_keyfile);
#endif #endif
#if !defined(OPENSSL_NO_ENGINE) #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
ENGINE_FINISH(engine); ENGINE_FINISH(engine);
#endif #endif
net__print_ssl_error(mosq); net__print_ssl_error(mosq);
@ -851,7 +851,7 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
ret = SSL_CTX_check_private_key(mosq->ssl_ctx); ret = SSL_CTX_check_private_key(mosq->ssl_ctx);
if(ret != 1){ if(ret != 1){
log__printf(mosq, MOSQ_LOG_ERR, "Error: Client certificate/key are inconsistent."); log__printf(mosq, MOSQ_LOG_ERR, "Error: Client certificate/key are inconsistent.");
#if !defined(OPENSSL_NO_ENGINE) #if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
ENGINE_FINISH(engine); ENGINE_FINISH(engine);
#endif #endif
net__print_ssl_error(mosq); net__print_ssl_error(mosq);

8
lib/options.c
Unescape Escape View File

@ -266,7 +266,7 @@ int mosquitto_tls_insecure_set(struct mosquitto *mosq, bool value)
int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, const char *value) int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, const char *value)
{ {
#ifdef WITH_TLS #if defined(WITH_TLS) && !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
ENGINE *eng; ENGINE *eng;
char *str; char *str;
#endif #endif
@ -275,7 +275,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons
switch(option){ switch(option){
case MOSQ_OPT_TLS_ENGINE: case MOSQ_OPT_TLS_ENGINE:
#if defined(WITH_TLS) && !defined(OPENSSL_NO_ENGINE) #if defined(WITH_TLS) && !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
mosquitto__FREE(mosq->tls_engine); mosquitto__FREE(mosq->tls_engine);
if(value){ if(value){
eng = ENGINE_by_id(value); eng = ENGINE_by_id(value);
@ -295,7 +295,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons
break; break;
case MOSQ_OPT_TLS_KEYFORM: case MOSQ_OPT_TLS_KEYFORM:
#ifdef WITH_TLS #if defined(WITH_TLS) && !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
if(!value) return MOSQ_ERR_INVAL; if(!value) return MOSQ_ERR_INVAL;
if(!strcasecmp(value, "pem")){ if(!strcasecmp(value, "pem")){
mosq->tls_keyform = mosq_k_pem; mosq->tls_keyform = mosq_k_pem;
@ -312,7 +312,7 @@ int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, cons
case MOSQ_OPT_TLS_ENGINE_KPASS_SHA1: case MOSQ_OPT_TLS_ENGINE_KPASS_SHA1:
#ifdef WITH_TLS #if defined(WITH_TLS) && !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
mosquitto__FREE(mosq->tls_engine_kpass_sha1); mosquitto__FREE(mosq->tls_engine_kpass_sha1);
if(mosquitto__hex2bin_sha1(value, (unsigned char**)&str) != MOSQ_ERR_SUCCESS){ if(mosquitto__hex2bin_sha1(value, (unsigned char**)&str) != MOSQ_ERR_SUCCESS){
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;

30
src/net.c
Unescape Escape View File

@ -345,8 +345,13 @@ int net__tls_server_ctx(struct mosquitto__listener *listener)
{ {
char buf[256]; char buf[256];
int rc; int rc;
#if OPENSSL_VERSION_NUMBER >= 0x30000000
BIO *bio;
EVP_PKEY *dhparam = NULL;
#else
FILE *dhparamfile; FILE *dhparamfile;
DH *dhparam = NULL; DH *dhparam = NULL;
#endif
if(listener->ssl_ctx){ if(listener->ssl_ctx){
SSL_CTX_free(listener->ssl_ctx); SSL_CTX_free(listener->ssl_ctx);
@ -458,6 +463,26 @@ int net__tls_server_ctx(struct mosquitto__listener *listener)
#endif #endif
if(listener->dhparamfile){ if(listener->dhparamfile){
#if OPENSSL_VERSION_NUMBER >= 0x30000000
bio = BIO_new_file(listener->dhparamfile, "r");
if(!bio){
log__printf(NULL, MOSQ_LOG_ERR, "Error loading dhparamfile \"%s\".", listener->dhparamfile);
return MOSQ_ERR_TLS;
}
dhparam = EVP_PKEY_new();
if(dhparam == NULL || !PEM_read_bio_Parameters(bio, &dhparam)){
BIO_free(bio);
log__printf(NULL, MOSQ_LOG_ERR, "Error loading dhparamfile \"%s\".", listener->dhparamfile);
net__print_ssl_error(NULL);
return MOSQ_ERR_TLS;
}
BIO_free(bio);
if(dhparam == NULL || SSL_CTX_set0_tmp_dh_pkey(listener->ssl_ctx, dhparam) != 1){
log__printf(NULL, MOSQ_LOG_ERR, "Error loading dhparamfile \"%s\".", listener->dhparamfile);
net__print_ssl_error(NULL);
return MOSQ_ERR_TLS;
}
#else
dhparamfile = fopen(listener->dhparamfile, "r"); dhparamfile = fopen(listener->dhparamfile, "r");
if(!dhparamfile){ if(!dhparamfile){
log__printf(NULL, MOSQ_LOG_ERR, "Error loading dhparamfile \"%s\".", listener->dhparamfile); log__printf(NULL, MOSQ_LOG_ERR, "Error loading dhparamfile \"%s\".", listener->dhparamfile);
@ -471,6 +496,7 @@ int net__tls_server_ctx(struct mosquitto__listener *listener)
net__print_ssl_error(NULL); net__print_ssl_error(NULL);
return MOSQ_ERR_TLS; return MOSQ_ERR_TLS;
} }
#endif
} }
return MOSQ_ERR_SUCCESS; return MOSQ_ERR_SUCCESS;
} }
@ -549,7 +575,7 @@ int net__load_certificates(struct mosquitto__listener *listener)
} }
#if defined(WITH_TLS) && !defined(OPENSSL_NO_ENGINE) #if defined(WITH_TLS) && !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
static int net__load_engine(struct mosquitto__listener *listener) static int net__load_engine(struct mosquitto__listener *listener)
{ {
ENGINE *engine = NULL; ENGINE *engine = NULL;
@ -644,7 +670,7 @@ int net__tls_load_verify(struct mosquitto__listener *listener)
} }
# endif # endif
# if !defined(OPENSSL_NO_ENGINE) # if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
if(net__load_engine(listener)){ if(net__load_engine(listener)){
return MOSQ_ERR_TLS; return MOSQ_ERR_TLS;
} }

Write Preview
Loading…
Cancel
Save