On Tue, Jan 05, 2016 at 09:19:32AM -0700, The Doctor wrote: > On Mon, Jan 04, 2016 at 07:22:04PM +0000, Viktor Dukhovni wrote: > > On Mon, Jan 04, 2016 at 09:08:31AM -0700, The Doctor wrote: > > > > > if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(), > > > SSLeay_version(SSLEAY_VERSION))) <0) > > > > > > Could there be anything that is causing openssh not to see the new openssl 1.1 > > > > The above. The SSLeay names are gone. The new way is: > > > > if ((rc = fprintf(fd ,"%08x (%s)\n", OpenSSL_version_num(), > > OpenSSL_version(OPENSSL_VERSION))) <0) > > > > I think it is likely prudent at this time to restore source- > > backwards-compatible behaviour, by adding to <openssl/crypto.h>: > > > > #if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L > > # include <openssl/opensslv.h> > > # define SSLeay OpenSSL_version_num > > # define SSLeay_version OpenSSL_version > > # define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER > > # define SSLEAY_VERSION OPENSSL_VERSION > > # define SSLEAY_CFLAGS OPENSSL_CFLAGS > > # define SSLEAY_BUILT_ON OPENSSL_BUILT_ON > > # define SSLEAY_PLATFORM OPENSSL_PLATFORM > > # define SSLEAY_DIR OPENSSL_DIR > > #endif /* OPENSSL_API_COMPAT */ > > > > Users who want to make sure they are avoiding interfaces that are > > deprecated with 1.1.0 can set OPENSSL_API_COMPAT to 0x10100000L or > > higher as appropriate. > > > Tip of the iceberg. > > Number of changes are needed to be committed before launching. > > >From inn: > > tls.o: In function `tmp_dh_cb': > /usr/source/inn-CURRENT-20160105/nnrpd/tls.c:219: undefined reference to `DH_generate_parameters' > tls.o: In function `tls_init_serverengine': > /usr/source/inn-CURRENT-20160105/nnrpd/tls.c:498: undefined reference to `SSLv23_server_method' > gmake[1]: *** [nnrpd] Error 1 > > so 219 and that area gives us > > default: > /* We should check current keylength vs. requested keylength > * also, this is an extremely expensive operation! */ > dh = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NU > LL); > r = dh; > > I just comment these 2 lines out for now > > line 498 is > > CTX = SSL_CTX_new(SSLv23_server_method()); > > I just replace as follows > > CTX = SSL_CTX_new(TLS_server_method()); > > A better fix is neeeded. > > And there is Apache 2.4 > > Making all in support > /usr/source/httpd-2.4.18/srclib/apr/libtool --silent --mode=link /usr/bin/gcc -std=gnu99 -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wpointer-arith -Wformat -Wformat-security -Wall -g -O2 -L/usr/contrib/lib -lssl -lcrypto -lpthread -o ab -static ab.lo -L/usr/lib -lc -lm -ldl -liconv -lintl -lutil -ldb -levent /usr/source/httpd-2.4.18/srclib/apr-util/libaprutil-1.la -lexpat /usr/source/httpd-2.4.18/srclib/apr/libapr-1.la -lpthread -lm > ab.o: In function `test': > /usr/source/httpd-2.4.18/support/ab.c:1863: undefined reference to `SSL_state' > > and this piece of code is > > set_conn_state(c, STATE_CONNECTED); > #ifdef USE_SSL > if (c->ssl) > ssl_proceed_handshake(c); > else > #endif > write_request(c); > > Looks like a lots of rewriting to do. > > > In exim we get gcc -o exim tls.o: In function `rsa_callback': tls.o(.text+0x19a): undefined reference to `RSA_generate_key' tls.o: In function `tls_servername_cb': tls.o(.text+0xf32): undefined reference to `SSLv23_server_method' tls.o: In function `tls_init': tls.o(.text+0x1654): undefined reference to `SSLv23_server_method' tls.o(.text+0x165e): undefined reference to `SSLv23_client_method' tls.o(.text+0x18d2): undefined reference to `SSL_CTX_set_tmp_rsa_callback' tls.o: In function `tls_validate_require_cipher': tls.o(.text+0x2a6d): undefined reference to `SSLv23_server_method' tls.o: In function `tls_version_report': tls.o(.text+0x2b29): undefined reference to `SSLeay_version' tls.o(.text+0x2b36): undefined reference to `SSLeay_version' tls.o: In function `vaguely_random_number': tls.o(.text+0x2bf0): undefined reference to `RAND_pseudo_bytes' Do we need more examples? > > > > > -- > > Viktor. > > _______________________________________________ > > openssl-users mailing list > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- > Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca > God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! > http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism > Birthdate 29 Jan 1969 Redhill, Surrey, UK > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Birthdate 29 Jan 1969 Redhill, Surrey, UK
