lör 2017-09-09 klockan 05:00 +0000 skrev Globe Trotter:
> Hi,
>
> Thank you for your detailed response. However, I tried replacing
>
> AC_CHECK_LIB(ssl, SSL_library_init, ssl_ok=yes, ssl_ok=no, -lcrypto)
>
> with
>
> AC_CHECK_LIB(ssl, SSL_writet, ssl_ok=yes, ssl_ok=no, -lcrypto)
>
> but I get the following error later on in the compilation:
>
> https.c: In function 'handle_certificate_problem':
> https.c:479:38: error: dereferencing pointer to incomplete type 'X509 {aka struct x509_st}'
> if ((cn = strstr(remote_cert->name, "/CN=")) == NULL) {
> ^~
> make[2]: *** [Makefile:887: https.o] Error 1
>
> I presume that this is an error on account of my change. How do I get around this error?
>
> Many thanks again!
With your change, the configure script detects openssl properly again.
However, you still need to do the necessary porting of the code itself
to support openssl 1.1. This is a different problem than getting
configure to work.
This is not the most obvious change, but you need to replace
remote_cert->name
with
X509_NAME_oneline(X509_get_subject_name(remote_cert)
Though the string returned by X509_NAME_oneline needs to be freed, so
just doing the replacement would result in a memory leak.
Patch attached.
Mattias
diff -ur dillo-3.0.5.orig/configure.ac dillo-3.0.5/configure.ac
--- dillo-3.0.5.orig/configure.ac 2015-06-30 16:07:06.000000000 +0200
+++ dillo-3.0.5/configure.ac 2017-09-11 15:51:57.910529543 +0200
@@ -286,7 +286,7 @@
if test "x$ssl_ok" = "xyes"; then
old_libs="$LIBS"
- AC_CHECK_LIB(ssl, SSL_library_init, ssl_ok=yes, ssl_ok=no, -lcrypto)
+ AC_CHECK_LIB(ssl, SSL_write, ssl_ok=yes, ssl_ok=no, -lcrypto)
LIBS="$old_libs"
fi
diff -ur dillo-3.0.5.orig/dpi/https.c dillo-3.0.5/dpi/https.c
--- dillo-3.0.5.orig/dpi/https.c 2015-06-30 16:06:08.000000000 +0200
+++ dillo-3.0.5/dpi/https.c 2017-09-11 16:03:39.862924064 +0200
@@ -443,6 +443,7 @@
char buf[4096], *d_cmd, *msg;
X509 * remote_cert;
+ char * remote_cert_name;
remote_cert = SSL_get_peer_certificate(ssl_connection);
if (remote_cert == NULL){
@@ -476,7 +477,9 @@
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
/*Either self signed and untrusted*/
/*Extract CN from certificate name information*/
- if ((cn = strstr(remote_cert->name, "/CN=")) == NULL) {
+ remote_cert_name =
+ X509_NAME_oneline(X509_get_subject_name(remote_cert), NULL, 0);
+ if ((cn = strstr(remote_cert_name, "/CN=")) == NULL) {
strcpy(buf, "(no CN given)");
} else {
char *cn_end;
@@ -489,6 +492,7 @@
strncpy(buf, cn, (size_t) (cn_end - cn));
buf[cn_end - cn] = '\0';
}
+ OPENSSL_free(remote_cert_name);
msg = dStrconcat("The remote certificate is self-signed and "
"untrusted.\nFor address: ", buf, NULL);
d_cmd = a_Dpip_build_cmd(
<<attachment: smime.p7s>>
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
