53 lines
1.7 KiB
Diff
53 lines
1.7 KiB
Diff
From a9d297969457e4f1a835e7481ddcbb4a2241692b Mon Sep 17 00:00:00 2001
|
|
From: Peter Nikolow <peter@mobiliodevelopment.com>
|
|
Date: Fri, 29 Jan 2021 13:24:58 +0200
|
|
Subject: [PATCH 2/3] Update ssl.c
|
|
|
|
Fixing OpenSSL 1.1 deprecation of OPENSSL_config
|
|
---
|
|
src/ssl.c | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/ssl.c b/src/ssl.c
|
|
index 4f0405c..996e9b0 100644
|
|
--- a/src/ssl.c
|
|
+++ b/src/ssl.c
|
|
@@ -225,7 +225,11 @@ static SSL_CTX *ssl_ctx = NULL;
|
|
|
|
void *vpn_ws_ssl_handshake(vpn_ws_peer *peer, char *sni, char *key, char *crt) {
|
|
if (!ssl_initialized) {
|
|
- OPENSSL_config(NULL);
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+ OPENSSL_config(NULL);
|
|
+#else
|
|
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG,NULL);
|
|
+#endif
|
|
SSL_library_init();
|
|
SSL_load_error_strings();
|
|
OpenSSL_add_all_algorithms();
|
|
|
|
From ec10c3526b115ea32775f495abd449948cc1d807 Mon Sep 17 00:00:00 2001
|
|
From: Peter Nikolow <peter@mobiliodevelopment.com>
|
|
Date: Fri, 29 Jan 2021 13:30:22 +0200
|
|
Subject: [PATCH 3/3] Update ssl.c
|
|
|
|
Adding default locations for trusted CA certificates.
|
|
|
|
This helps is your server uses 3rd party certificate like Let's Encrypt.
|
|
---
|
|
src/ssl.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/src/ssl.c b/src/ssl.c
|
|
index 996e9b0..3759d5b 100644
|
|
--- a/src/ssl.c
|
|
+++ b/src/ssl.c
|
|
@@ -254,6 +254,7 @@ void *vpn_ws_ssl_handshake(vpn_ws_peer *peer, char *sni, char *key, char *crt) {
|
|
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
|
|
}
|
|
else {
|
|
+ SSL_CTX_load_verify_locations(ssl_ctx, "/etc/ssl/certs/ca-certificates.crt", "/etc/ssl/certs/");
|
|
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
|
|
}
|
|
ssl_peer_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);
|