[PATCH 2/2] Fix tls_openssl compile on systems with OpenSSL 1.0 installed.

greearb@xxxxxxxxxxxxxxx · Tue, 21 Jan 2020 12:09:27 -0800

From: Ben Greear <greearb@xxxxxxxxxxxxxxx>

This lets me compile once more on Fedora 17 and other older
systems.

Signed-off-by: Ben Greear <greearb@xxxxxxxxxxxxxxx>
---
 src/crypto/tls_openssl.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 9d11c8a..3fb29e3 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -2682,6 +2682,7 @@ static int tls_connection_ca_cert(struct tls_data *data,
 				      (const unsigned char **) &ca_cert_blob,
 				      ca_cert_blob_len);
 		if (cert == NULL) {
+#if OPENSSL_VERSION_NUMBER >= 0x10200000L
 			BIO *bio = BIO_new_mem_buf(ca_cert_blob,
 						   ca_cert_blob_len);
 
@@ -2699,6 +2700,11 @@ static int tls_connection_ca_cert(struct tls_data *data,
 			while (ERR_get_error()) {
 				/* Ignore errors from DER conversion. */
 			}
+#else
+			tls_show_errors(MSG_WARNING, __func__,
+					"Failed to parse ca_cert_blob");
+			return -1;
+#endif
 		}
 
 		if (!X509_STORE_add_cert(SSL_CTX_get_cert_store(ssl_ctx),
@@ -5253,6 +5259,7 @@ static void openssl_debug_dump_cipher_list(SSL_CTX *ssl_ctx)
 
 
 #if !defined(LIBRESSL_VERSION_NUMBER) && !defined(BORINGSSL_API_VERSION)
+#if OPENSSL_VERSION_NUMBER >= 0x10200000L
 
 static const char * openssl_pkey_type_str(const EVP_PKEY *pkey)
 {
@@ -5312,11 +5319,13 @@ static void openssl_debug_dump_certificates(SSL_CTX *ssl_ctx)
 }
 
 #endif
+#endif
 
 
 static void openssl_debug_dump_certificate_chains(SSL_CTX *ssl_ctx)
 {
 #if !defined(LIBRESSL_VERSION_NUMBER) && !defined(BORINGSSL_API_VERSION)
+#if OPENSSL_VERSION_NUMBER >= 0x10200000L
 	int res;
 
 	for (res = SSL_CTX_set_current_cert(ssl_ctx, SSL_CERT_SET_FIRST);
@@ -5326,6 +5335,7 @@ static void openssl_debug_dump_certificate_chains(SSL_CTX *ssl_ctx)
 
 	SSL_CTX_set_current_cert(ssl_ctx, SSL_CERT_SET_FIRST);
 #endif
+#endif
 }
 
 
@@ -5660,6 +5670,10 @@ u16 tls_connection_get_cipher_suite(struct tls_connection *conn)
 #if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
 	return SSL_CIPHER_get_protocol_id(cipher);
 #else
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	return cipher->id & 0XFFFF;
+#else
 	return SSL_CIPHER_get_id(cipher) & 0xFFFF;
 #endif
+#endif
 }
-- 
2.7.5


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap






