41 lines
1.4 KiB
Diff
41 lines
1.4 KiB
Diff
Source: maxice8
|
|
Upstream: not upstreamable
|
|
Reason: Fixes compilation with LibreSSL
|
|
|
|
--- src/tls_openssl.c
|
|
+++ src/tls_openssl.c
|
|
@@ -51,12 +51,8 @@ static void _tls_log_error(xmpp_ctx_t *ctx);
|
|
|
|
void tls_initialize(void)
|
|
{
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
SSL_library_init();
|
|
SSL_load_error_strings();
|
|
-#else
|
|
- OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
|
|
-#endif
|
|
}
|
|
|
|
void tls_shutdown(void)
|
|
@@ -120,20 +116,6 @@ tls_t *tls_new(xmpp_conn_t *conn)
|
|
/* Trust server's certificate when user sets the flag explicitly. */
|
|
mode = conn->tls_trust ? SSL_VERIFY_NONE : SSL_VERIFY_PEER;
|
|
SSL_set_verify(tls->ssl, mode, 0);
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
- /* Hostname verification is supported in OpenSSL 1.0.2 and newer. */
|
|
- X509_VERIFY_PARAM *param = SSL_get0_param(tls->ssl);
|
|
-
|
|
- /*
|
|
- * Allow only complete wildcards. RFC 6125 discourages wildcard usage
|
|
- * completely, and lists internationalized domain names as a reason
|
|
- * against partial wildcards.
|
|
- * See https://tools.ietf.org/html/rfc6125#section-7.2 for more information.
|
|
- */
|
|
- X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
|
|
- X509_VERIFY_PARAM_set1_host(param, conn->domain, 0);
|
|
-#endif
|
|
-
|
|
ret = SSL_set_fd(tls->ssl, conn->sock);
|
|
if (ret <= 0)
|
|
goto err_free_ssl;
|