68 lines
2.6 KiB
Diff
68 lines
2.6 KiB
Diff
--- src/ssl.c 2014-07-12 06:13:07.356889656 +0000
|
|
+++ src/ssl.c 2014-07-12 06:15:39.032889896 +0000
|
|
@@ -195,6 +195,7 @@
|
|
}
|
|
s_log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG");
|
|
#else
|
|
+#ifdef HAVE_RAND_EGD
|
|
if(global->egd_sock) {
|
|
if((bytes=RAND_egd(global->egd_sock))==-1) {
|
|
s_log(LOG_WARNING, "EGD Socket %s failed", global->egd_sock);
|
|
@@ -207,6 +208,7 @@
|
|
so no need to check if seeded sufficiently */
|
|
}
|
|
}
|
|
+#endif
|
|
/* try the good-old default /dev/urandom, if available */
|
|
totbytes+=add_rand_file(global, "/dev/urandom");
|
|
if(RAND_status())
|
|
--- src/verify.c.orig 2015-04-24 12:13:40.887968414 +0200
|
|
+++ src/verify.c 2015-04-24 12:16:03.379359153 +0200
|
|
@@ -48,7 +48,7 @@
|
|
NOEXPORT int verify_callback(int, X509_STORE_CTX *);
|
|
NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
|
|
NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && OPENSSL_VERSION_NUMBER<0x20000000L
|
|
NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
|
|
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
|
|
NOEXPORT int cert_check_local(X509_STORE_CTX *);
|
|
@@ -258,7 +258,7 @@
|
|
}
|
|
|
|
if(depth==0) { /* additional peer certificate checks */
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && OPENSSL_VERSION_NUMBER<0x20000000L
|
|
if(!cert_check_subject(c, callback_ctx))
|
|
return 0; /* reject */
|
|
#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
|
|
@@ -269,7 +269,7 @@
|
|
return 1; /* accept */
|
|
}
|
|
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && OPENSSL_VERSION_NUMBER<0x20000000L
|
|
NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
|
|
X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
|
|
NAME_LIST *ptr;
|
|
--- src/options.c.orig
|
|
+++ src/options.c
|
|
@@ -2450,7 +2450,7 @@
|
|
/* sslVersion */
|
|
switch(cmd) {
|
|
case CMD_BEGIN:
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && OPENSSL_VERSION_NUMBER<0x20000000L
|
|
section->client_method=(SSL_METHOD *)TLS_client_method();
|
|
section->server_method=(SSL_METHOD *)TLS_server_method();
|
|
#else
|
|
@@ -2462,7 +2462,7 @@
|
|
if(strcasecmp(opt, "sslVersion"))
|
|
break;
|
|
if(!strcasecmp(arg, "all")) {
|
|
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
|
|
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && OPENSSL_VERSION_NUMBER<0x20000000L
|
|
section->client_method=(SSL_METHOD *)TLS_client_method();
|
|
section->server_method=(SSL_METHOD *)TLS_server_method();
|
|
#else
|