mirror of
https://github.com/znc/znc.git
synced 2026-07-02 07:51:26 +02:00
Remove old ssl compatibility code
This commit is contained in:
@@ -86,16 +86,6 @@ if(WANT_OPENSSL)
|
||||
find_package(OpenSSL 1.1.1 ${TRISTATE_OPENSSL_REQUIRED})
|
||||
|
||||
if(OPENSSL_FOUND)
|
||||
# SSL_SESSION was made opaque in OpenSSL 1.1.0;
|
||||
# LibreSSL gained that function later too.
|
||||
# TODO: maybe remove this check at some point, and stop supporting old
|
||||
# libssl versions
|
||||
cmake_push_check_state(RESET)
|
||||
set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES})
|
||||
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
|
||||
check_cxx_symbol_exists(SSL_SESSION_get0_cipher openssl/ssl.h
|
||||
HAVE_SSL_SESSION_get0_cipher)
|
||||
cmake_pop_check_state()
|
||||
set(ZNC_CMAKE_FIND_DEPS
|
||||
"${ZNC_CMAKE_FIND_DEPS}\nfind_dependency(OpenSSL)")
|
||||
list(APPEND zncpubdeps OpenSSL::SSL)
|
||||
|
||||
@@ -31,7 +31,6 @@
|
||||
#define HAVE_PTHREAD 1
|
||||
#cmakedefine HAVE_THREADED_DNS 1
|
||||
#cmakedefine HAVE_LIBSSL 1
|
||||
#cmakedefine HAVE_SSL_SESSION_get0_cipher 1
|
||||
#cmakedefine HAVE_IPV6 1
|
||||
#cmakedefine HAVE_ZLIB 1
|
||||
#cmakedefine HAVE_I18N 1
|
||||
|
||||
@@ -68,43 +68,6 @@ class CCryptMod : public CModule {
|
||||
CString m_sPrivKey;
|
||||
CString m_sPubKey;
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0X10100000L || \
|
||||
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
|
||||
static int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g) {
|
||||
/* If the fields p and g in dh are nullptr, the corresponding input
|
||||
* parameters MUST be non-nullptr. q may remain nullptr.
|
||||
*/
|
||||
if (dh == nullptr || (dh->p == nullptr && p == nullptr) ||
|
||||
(dh->g == nullptr && g == nullptr))
|
||||
return 0;
|
||||
|
||||
if (p != nullptr) {
|
||||
BN_free(dh->p);
|
||||
dh->p = p;
|
||||
}
|
||||
if (g != nullptr) {
|
||||
BN_free(dh->g);
|
||||
dh->g = g;
|
||||
}
|
||||
if (q != nullptr) {
|
||||
BN_free(dh->q);
|
||||
dh->q = q;
|
||||
dh->length = BN_num_bits(q);
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void DH_get0_key(const DH* dh, const BIGNUM** pub_key,
|
||||
const BIGNUM** priv_key) {
|
||||
if (dh != nullptr) {
|
||||
if (pub_key != nullptr) *pub_key = dh->pub_key;
|
||||
if (priv_key != nullptr) *priv_key = dh->priv_key;
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
bool DH1080_gen() {
|
||||
/* Generate our keys on first call */
|
||||
if (m_sPrivKey.empty() || m_sPubKey.empty()) {
|
||||
|
||||
@@ -25,13 +25,6 @@
|
||||
#include <znc/User.h>
|
||||
#include <znc/IRCNetwork.h>
|
||||
|
||||
#ifndef HAVE_SSL_SESSION_get0_cipher
|
||||
/* SSL_SESSION was made opaque in OpenSSL 1.1.0, cipher accessor was added 2
|
||||
weeks before the public release.
|
||||
See openssl/openssl@e92813234318635639dba0168c7ef5568757449b. */
|
||||
# define SSL_SESSION_get0_cipher(pSession) ((pSession)->cipher)
|
||||
#endif
|
||||
|
||||
using std::pair;
|
||||
using std::stringstream;
|
||||
using std::map;
|
||||
|
||||
+4
-10
@@ -19,12 +19,6 @@
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#ifdef HAVE_LIBSSL
|
||||
#if defined(OPENSSL_VERSION_NUMBER) && !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100007
|
||||
# define CONST_ASN1_STRING_DATA const /* 1.1.0-pre7: openssl/openssl@17ebf85abda18c3875b1ba6670fe7b393bc1f297 */
|
||||
#else
|
||||
# define ASN1_STRING_get0_data( x ) ASN1_STRING_data( x )
|
||||
# define CONST_ASN1_STRING_DATA
|
||||
#endif
|
||||
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
@@ -308,7 +302,7 @@ static HostnameValidationResult matches_common_name(const char* hostname,
|
||||
int common_name_loc = -1;
|
||||
const X509_NAME_ENTRY* common_name_entry = nullptr;
|
||||
const ASN1_STRING* common_name_asn1 = nullptr;
|
||||
CONST_ASN1_STRING_DATA char* common_name_str = nullptr;
|
||||
const char* common_name_str = nullptr;
|
||||
|
||||
// Find the position of the CN field in the Subject field of the certificate
|
||||
common_name_loc = X509_NAME_get_index_by_NID(
|
||||
@@ -330,7 +324,7 @@ static HostnameValidationResult matches_common_name(const char* hostname,
|
||||
return Error;
|
||||
}
|
||||
common_name_str =
|
||||
(CONST_ASN1_STRING_DATA char*)ASN1_STRING_get0_data(common_name_asn1);
|
||||
(const char*)ASN1_STRING_get0_data(common_name_asn1);
|
||||
|
||||
// Make sure there isn't an embedded NUL character in the CN
|
||||
if (ASN1_STRING_length(common_name_asn1) !=
|
||||
@@ -384,8 +378,8 @@ static HostnameValidationResult matches_subject_alternative_name(
|
||||
|
||||
if (current_name->type == GEN_DNS) {
|
||||
// Current name is a DNS name, let's check it
|
||||
CONST_ASN1_STRING_DATA char* dns_name =
|
||||
(CONST_ASN1_STRING_DATA char*)ASN1_STRING_get0_data(
|
||||
const char* dns_name =
|
||||
(const char*)ASN1_STRING_get0_data(
|
||||
current_name->d.dNSName);
|
||||
|
||||
// Make sure there isn't an embedded NUL character in the DNS name
|
||||
|
||||
@@ -30,10 +30,6 @@
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/rsa.h>
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x20700000L))
|
||||
#define X509_getm_notBefore X509_get_notBefore
|
||||
#define X509_getm_notAfter X509_get_notAfter
|
||||
#endif
|
||||
#endif /* HAVE_LIBSSL */
|
||||
#include <memory>
|
||||
#include <unistd.h>
|
||||
|
||||
@@ -19,87 +19,6 @@
|
||||
#include <time.h>
|
||||
#include <thread>
|
||||
|
||||
#if defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD) && \
|
||||
(!defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100004)
|
||||
/* Starting with version 1.1.0-pre4, OpenSSL has a new threading implementation
|
||||
that doesn't need locking callbacks.
|
||||
|
||||
"OpenSSL now uses a new threading API. It is no longer necessary to set
|
||||
locking callbacks to use OpenSSL in a multi-threaded environment. There are
|
||||
two supported threading models: pthreads and windows threads. It is also
|
||||
possible to configure OpenSSL at compile time for "no-threads". The old
|
||||
threading API should no longer be used. The functions have been replaced
|
||||
with "no-op" compatibility macros."
|
||||
|
||||
See openssl/openssl@2e52e7df518d80188c865ea3f7bb3526d14b0c08. */
|
||||
#include <znc/Threads.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <memory>
|
||||
|
||||
static std::vector<std::unique_ptr<CMutex>> lock_cs;
|
||||
|
||||
static void locking_callback(int mode, int type, const char* file, int line) {
|
||||
if (mode & CRYPTO_LOCK) {
|
||||
lock_cs[type]->lock();
|
||||
} else {
|
||||
lock_cs[type]->unlock();
|
||||
}
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000
|
||||
static void thread_id_callback(CRYPTO_THREADID *id) {
|
||||
CRYPTO_THREADID_set_numeric(id, (unsigned long)pthread_self());
|
||||
}
|
||||
#else
|
||||
static unsigned long thread_id_callback() {
|
||||
return (unsigned long)pthread_self();
|
||||
}
|
||||
#endif
|
||||
|
||||
static CRYPTO_dynlock_value* dyn_create_callback(const char* file, int line) {
|
||||
return (CRYPTO_dynlock_value*)new CMutex;
|
||||
}
|
||||
|
||||
static void dyn_lock_callback(int mode, CRYPTO_dynlock_value* dlock,
|
||||
const char* file, int line) {
|
||||
CMutex* mtx = (CMutex*)dlock;
|
||||
|
||||
if (mode & CRYPTO_LOCK) {
|
||||
mtx->lock();
|
||||
} else {
|
||||
mtx->unlock();
|
||||
}
|
||||
}
|
||||
|
||||
static void dyn_destroy_callback(CRYPTO_dynlock_value* dlock, const char* file,
|
||||
int line) {
|
||||
CMutex* mtx = (CMutex*)dlock;
|
||||
|
||||
delete mtx;
|
||||
}
|
||||
|
||||
static void thread_setup() {
|
||||
lock_cs.resize(CRYPTO_num_locks());
|
||||
|
||||
for (std::unique_ptr<CMutex>& mtx : lock_cs)
|
||||
mtx = std::unique_ptr<CMutex>(new CMutex());
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000
|
||||
CRYPTO_THREADID_set_callback(&thread_id_callback);
|
||||
#else
|
||||
CRYPTO_set_id_callback(&thread_id_callback);
|
||||
#endif
|
||||
CRYPTO_set_locking_callback(&locking_callback);
|
||||
|
||||
CRYPTO_set_dynlock_create_callback(&dyn_create_callback);
|
||||
CRYPTO_set_dynlock_lock_callback(&dyn_lock_callback);
|
||||
CRYPTO_set_dynlock_destroy_callback(&dyn_destroy_callback);
|
||||
}
|
||||
|
||||
#else
|
||||
#define thread_setup()
|
||||
#endif
|
||||
|
||||
using std::cout;
|
||||
using std::endl;
|
||||
using std::set;
|
||||
@@ -295,8 +214,6 @@ int main(int argc, char** argv) {
|
||||
CString sConfig;
|
||||
CString sDataDir = "";
|
||||
|
||||
thread_setup();
|
||||
|
||||
seedPRNG();
|
||||
CDebug::SetStdoutIsTTY(isatty(1));
|
||||
|
||||
|
||||
Reference in New Issue
Block a user