Commit Diff
Diff:
2924b3d52ac2ab89e3bc517a1f664ec056a45edd
daa88b765111b14047c97256bd2a9a2daabe123b
daa88b765111b14047c97256bd2a9a2daabe123b
Commit:
daa88b765111b14047c97256bd2a9a2daabe123b
Tree:
d4db453d8f4a9b8e329bf3618d7922d8ce2775a4
Committer:
Christoph Biedl <ngircd.anoy@manchmal.in-ulm.de>
Date:
Mon Dec 5 22:51:07 2016
UTC
Message:
Fix building ngIRCd with OpenSSL 1.1
At the moment, ngIRCd fails to build against OpenSSL 1.1 since the
configure check probes for the SSL_library_init symbol which was
removed, but probing for a different function availabe in both versions
solves that problem: SSL_new().
And as SSL_library_init is no longer needed, the patch boils down to
probing SSL_new to assert libssl is available, and disabling the
SSL_library_init invokation from OpenSSL 1.1 on, see also another
application[1] (NSCA-ng) that did pretty much the same.
Patch was compile-tested on both Debian jessie (OpenSSL 1.0.2) and
stretch (OpenSSL 1.1).
[1]
(Patch by Christoph, commit message cherry-picked from the email thread
on the mailing list by Alex. Thanks!)
--- configure.ng
+++ configure.ng
@@ -418,8 +418,8 @@ AC_ARG_WITH(openssl,
LDFLAGS="-L$withval/lib $LDFLAGS"
fi
AC_CHECK_LIB(crypto, BIO_s_mem)
- AC_CHECK_LIB(ssl, SSL_library_init)
- AC_CHECK_FUNCS(SSL_library_init, x_ssl_openssl=yes,
+ AC_CHECK_LIB(ssl, SSL_new)
+ AC_CHECK_FUNCS(SSL_new, x_ssl_openssl=yes,
AC_MSG_ERROR([Can't enable openssl])
)
fi
--- src/ngircd/conn-ssl.c
+++ src/ngircd/conn-ssl.c
@@ -283,10 +283,12 @@ ConnSSL_InitLibrary( void )
#ifdef HAVE_LIBSSL
SSL_CTX *newctx;
+#if OPENSSL_API_COMPAT < 0x10100000L
if (!ssl_ctx) {
SSL_library_init();
SSL_load_error_strings();
}
+#endif
if (!RAND_status()) {
Log(LOG_ERR, "OpenSSL PRNG not seeded: /dev/urandom missing?");