Remove old ssl compatibility code

This commit is contained in:
Alexey Sokolov
2026-06-29 19:19:40 +01:00
parent f416b5ba60
commit 5bd5ecc5b8
7 changed files with 4 additions and 152 deletions
-10
View File
@@ -86,16 +86,6 @@ if(WANT_OPENSSL)
find_package(OpenSSL 1.1.1 ${TRISTATE_OPENSSL_REQUIRED})
if(OPENSSL_FOUND)
# SSL_SESSION was made opaque in OpenSSL 1.1.0;
# LibreSSL gained that function later too.
# TODO: maybe remove this check at some point, and stop supporting old
# libssl versions
cmake_push_check_state(RESET)
set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES})
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
check_cxx_symbol_exists(SSL_SESSION_get0_cipher openssl/ssl.h
HAVE_SSL_SESSION_get0_cipher)
cmake_pop_check_state()
set(ZNC_CMAKE_FIND_DEPS
"${ZNC_CMAKE_FIND_DEPS}\nfind_dependency(OpenSSL)")
list(APPEND zncpubdeps OpenSSL::SSL)
-1
View File
@@ -31,7 +31,6 @@
#define HAVE_PTHREAD 1
#cmakedefine HAVE_THREADED_DNS 1
#cmakedefine HAVE_LIBSSL 1
#cmakedefine HAVE_SSL_SESSION_get0_cipher 1
#cmakedefine HAVE_IPV6 1
#cmakedefine HAVE_ZLIB 1
#cmakedefine HAVE_I18N 1
-37
View File
@@ -68,43 +68,6 @@ class CCryptMod : public CModule {
CString m_sPrivKey;
CString m_sPubKey;
#if OPENSSL_VERSION_NUMBER < 0X10100000L || \
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
static int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) {
/* If the fields p and g in dh are nullptr, the corresponding input
* parameters MUST be non-nullptr. q may remain nullptr.
*/
if (dh == nullptr || (dh->p == nullptr && p == nullptr) ||
(dh->g == nullptr && g == nullptr))
return 0;
if (p != nullptr) {
BN_free(dh->p);
dh->p = p;
}
if (g != nullptr) {
BN_free(dh->g);
dh->g = g;
}
if (q != nullptr) {
BN_free(dh->q);
dh->q = q;
dh->length = BN_num_bits(q);
}
return 1;
}
static void DH_get0_key(const DH* dh, const BIGNUM** pub_key,
const BIGNUM** priv_key) {
if (dh != nullptr) {
if (pub_key != nullptr) *pub_key = dh->pub_key;
if (priv_key != nullptr) *priv_key = dh->priv_key;
}
}
#endif
bool DH1080_gen() {
/* Generate our keys on first call */
if (m_sPrivKey.empty() || m_sPubKey.empty()) {
-7
View File
@@ -25,13 +25,6 @@
#include <znc/User.h>
#include <znc/IRCNetwork.h>
#ifndef HAVE_SSL_SESSION_get0_cipher
/* SSL_SESSION was made opaque in OpenSSL 1.1.0, cipher accessor was added 2
weeks before the public release.
See openssl/openssl@e92813234318635639dba0168c7ef5568757449b. */
# define SSL_SESSION_get0_cipher(pSession) ((pSession)->cipher)
#endif
using std::pair;
using std::stringstream;
using std::map;
+4 -10
View File
@@ -19,12 +19,6 @@
#include <arpa/inet.h>
#ifdef HAVE_LIBSSL
#if defined(OPENSSL_VERSION_NUMBER) && !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100007
# define CONST_ASN1_STRING_DATA const /* 1.1.0-pre7: openssl/openssl@17ebf85abda18c3875b1ba6670fe7b393bc1f297 */
#else
# define ASN1_STRING_get0_data( x ) ASN1_STRING_data( x )
# define CONST_ASN1_STRING_DATA
#endif
#include <openssl/x509v3.h>
@@ -308,7 +302,7 @@ static HostnameValidationResult matches_common_name(const char* hostname,
int common_name_loc = -1;
const X509_NAME_ENTRY* common_name_entry = nullptr;
const ASN1_STRING* common_name_asn1 = nullptr;
CONST_ASN1_STRING_DATA char* common_name_str = nullptr;
const char* common_name_str = nullptr;
// Find the position of the CN field in the Subject field of the certificate
common_name_loc = X509_NAME_get_index_by_NID(
@@ -330,7 +324,7 @@ static HostnameValidationResult matches_common_name(const char* hostname,
return Error;
}
common_name_str =
(CONST_ASN1_STRING_DATA char*)ASN1_STRING_get0_data(common_name_asn1);
(const char*)ASN1_STRING_get0_data(common_name_asn1);
// Make sure there isn't an embedded NUL character in the CN
if (ASN1_STRING_length(common_name_asn1) !=
@@ -384,8 +378,8 @@ static HostnameValidationResult matches_subject_alternative_name(
if (current_name->type == GEN_DNS) {
// Current name is a DNS name, let's check it
CONST_ASN1_STRING_DATA char* dns_name =
(CONST_ASN1_STRING_DATA char*)ASN1_STRING_get0_data(
const char* dns_name =
(const char*)ASN1_STRING_get0_data(
current_name->d.dNSName);
// Make sure there isn't an embedded NUL character in the DNS name
-4
View File
@@ -30,10 +30,6 @@
#include <openssl/bn.h>
#include <openssl/crypto.h>
#include <openssl/rsa.h>
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x20700000L))
#define X509_getm_notBefore X509_get_notBefore
#define X509_getm_notAfter X509_get_notAfter
#endif
#endif /* HAVE_LIBSSL */
#include <memory>
#include <unistd.h>
-83
View File
@@ -19,87 +19,6 @@
#include <time.h>
#include <thread>
#if defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD) && \
(!defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100004)
/* Starting with version 1.1.0-pre4, OpenSSL has a new threading implementation
that doesn't need locking callbacks.
"OpenSSL now uses a new threading API. It is no longer necessary to set
locking callbacks to use OpenSSL in a multi-threaded environment. There are
two supported threading models: pthreads and windows threads. It is also
possible to configure OpenSSL at compile time for "no-threads". The old
threading API should no longer be used. The functions have been replaced
with "no-op" compatibility macros."
See openssl/openssl@2e52e7df518d80188c865ea3f7bb3526d14b0c08. */
#include <znc/Threads.h>
#include <openssl/crypto.h>
#include <memory>
static std::vector<std::unique_ptr<CMutex>> lock_cs;
static void locking_callback(int mode, int type, const char* file, int line) {
if (mode & CRYPTO_LOCK) {
lock_cs[type]->lock();
} else {
lock_cs[type]->unlock();
}
}
#if OPENSSL_VERSION_NUMBER >= 0x10000000
static void thread_id_callback(CRYPTO_THREADID *id) {
CRYPTO_THREADID_set_numeric(id, (unsigned long)pthread_self());
}
#else
static unsigned long thread_id_callback() {
return (unsigned long)pthread_self();
}
#endif
static CRYPTO_dynlock_value* dyn_create_callback(const char* file, int line) {
return (CRYPTO_dynlock_value*)new CMutex;
}
static void dyn_lock_callback(int mode, CRYPTO_dynlock_value* dlock,
const char* file, int line) {
CMutex* mtx = (CMutex*)dlock;
if (mode & CRYPTO_LOCK) {
mtx->lock();
} else {
mtx->unlock();
}
}
static void dyn_destroy_callback(CRYPTO_dynlock_value* dlock, const char* file,
int line) {
CMutex* mtx = (CMutex*)dlock;
delete mtx;
}
static void thread_setup() {
lock_cs.resize(CRYPTO_num_locks());
for (std::unique_ptr<CMutex>& mtx : lock_cs)
mtx = std::unique_ptr<CMutex>(new CMutex());
#if OPENSSL_VERSION_NUMBER >= 0x10000000
CRYPTO_THREADID_set_callback(&thread_id_callback);
#else
CRYPTO_set_id_callback(&thread_id_callback);
#endif
CRYPTO_set_locking_callback(&locking_callback);
CRYPTO_set_dynlock_create_callback(&dyn_create_callback);
CRYPTO_set_dynlock_lock_callback(&dyn_lock_callback);
CRYPTO_set_dynlock_destroy_callback(&dyn_destroy_callback);
}
#else
#define thread_setup()
#endif
using std::cout;
using std::endl;
using std::set;
@@ -295,8 +214,6 @@ int main(int argc, char** argv) {
CString sConfig;
CString sDataDir = "";
thread_setup();
seedPRNG();
CDebug::SetStdoutIsTTY(isatty(1));