[BUG] OpenSSL function has been deprecated
In src/lib-ssl-iostream/iostream-openssl-params.c a call is made to DH_generate_parameters. This function has been deprecated since OpenSSL 0.9.8. With OpenSSL 1.1 compilation will throw an error. Not sure how to send patches, I don't even know if the patch I wrote actually works (I don't program in C, but gave it a shot anyway) but below is the patch. --- a/src/lib-ssl-iostream/iostream-openssl-params.c +++ b/src/lib-ssl-iostream/iostream-openssl-params.c @@ -13,13 +13,21 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) { DH *dh; unsigned char *p; - int len, len2; + int len, len2, success; +#if OPENSSL_VERSION_NUMBER >= 0x00908000L + success = DH_generate_parameters_ex(dh, bitsize, DH_GENERATOR, NULL); +#else dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL); if (dh == NULL) { + success = 0; + } +#endif + + if (success == 0) { *error_r = t_strdup_printf( - "DH_generate_parameters(bits=%d, gen=%d) failed: %s", - bitsize, DH_GENERATOR, openssl_iostream_error()); + "DH_generate_parameters(bits=%d, gen=%d) failed: %s", + bitsize, DH_GENERATOR, openssl_iostream_error()); return -1; } -- If anybody knows the instruction on how to send patches, please let me know and I follow those instructions. Regards, Peter van der Does
Patch v2 --- a/src/lib-ssl-iostream/iostream-openssl-params.c +++ b/src/lib-ssl-iostream/iostream-openssl-params.c @@ -13,10 +13,19 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) { DH *dh; unsigned char *p; - int len, len2; + int len, len2, success; +#if OPENSSL_VERSION_NUMBER >= 0x00908000L + success = DH_generate_parameters_ex(dh, bitsize, DH_GENERATOR, NULL); +#else + success = 1; dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL); if (dh == NULL) { + success = 0; + } +#endif + + if (success == 0) { *error_r = t_strdup_printf( "DH_generate_parameters(bits=%d, gen=%d) failed: %s", bitsize, DH_GENERATOR, openssl_iostream_error()); --
On April 26, 2017 at 3:15 PM Peter van der Does
wrote: Patch v2
--- a/src/lib-ssl-iostream/iostream-openssl-params.c +++ b/src/lib-ssl-iostream/iostream-openssl-params.c @@ -13,10 +13,19 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) { DH *dh; unsigned char *p; - int len, len2; + int len, len2, success;
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L + success = DH_generate_parameters_ex(dh, bitsize, DH_GENERATOR, NULL); +#else + success = 1; dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL); if (dh == NULL) { + success = 0; + } +#endif + + if (success == 0) { *error_r = t_strdup_printf( "DH_generate_parameters(bits=%d, gen=%d) failed: %s", bitsize, DH_GENERATOR, openssl_iostream_error()); --
I encourage you to open pull request at https://github.com/dovecot/core/pulls Aki
On 4/26/17 8:26 AM, Aki Tuomi wrote:
I encourage you to open pull request at https://github.com/dovecot/core/pulls
Aki
Thanks Aki.
I'll do that.
Peter
participants (2)
-
Aki Tuomi
-
Peter van der Does