openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-12-22 01:44:32 +04:00
Code Issues Packages Projects Releases Wiki Activity
Files
97b7ff2f466bded00b9f7061e4c5f1f30e6a6ee9
packages/net/freeradius3/patches/010-openssl-deprecated.patch
Paul Donald 8102674b6d freeradius3: bump to 3.2.7 
Changed source URL to github (faster/geo-redundancy).

build: x86_64
run tested: x86_64

```
 # radiusd -v
radiusd: FreeRADIUS Version 3.2.7, for host x86_64-openwrt-linux-gnu, built on Apr 18 2025 at 00:10:48
FreeRADIUS Version 3.2.7
```

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2025-05-02 09:19:18 +03:00

118 lines
3.4 KiB
Diff
Raw Blame History

--- a/src/main/threads.c
+++ b/src/main/threads.c
@@ -275,6 +275,7 @@ static void ssl_locking_function(int mod
*/
int tls_mutexes_init(void)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
int i, num;
rad_assert(ssl_mutexes == NULL);
@@ -292,6 +293,7 @@ int tls_mutexes_init(void)
}
CRYPTO_set_locking_callback(ssl_locking_function);
+#endif
return 0;
}
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -59,6 +59,7 @@ USES_APPLE_DEPRECATED_API /* OpenSSL API
# include <openssl/evp.h>
# endif
# include <openssl/ssl.h>
+# include <openssl/dh.h>
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
# include <openssl/provider.h>
@@ -2929,7 +2930,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
int my_ok = ok;
ASN1_INTEGER *sn = NULL;
- ASN1_TIME *asn_time = NULL;
+ const ASN1_TIME *asn_time = NULL;
VALUE_PAIR **certs;
char **identity;
#ifdef HAVE_OPENSSL_OCSP_H
@@ -3021,7 +3022,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
* Get the Expiration Date
*/
buf[0] = '\0';
- asn_time = X509_get_notAfter(client_cert);
+ asn_time = X509_get0_notAfter(client_cert);
if (certs && (lookup <= 1) && asn_time &&
(asn_time->length < (int) sizeof(buf))) {
memcpy(buf, (char*) asn_time->data, asn_time->length);
@@ -3034,7 +3035,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
* Get the Valid Since Date
*/
buf[0] = '\0';
- asn_time = X509_get_notBefore(client_cert);
+ asn_time = X509_get0_notBefore(client_cert);
if (certs && (lookup <= 1) && asn_time &&
(asn_time->length < (int) sizeof(buf))) {
memcpy(buf, (char*) asn_time->data, asn_time->length);
@@ -3638,10 +3639,12 @@ static int set_ecdh_curve(SSL_CTX *ctx,
*/
int tls_global_init(TLS_UNUSED bool spawn_flag, TLS_UNUSED bool check)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_load_error_strings(); /* readable error messages (examples show call before library_init) */
SSL_library_init(); /* initialize library */
OpenSSL_add_all_algorithms(); /* required for SHA2 in OpenSSL < 0.9.8o and 1.0.0.a */
CONF_modules_load_file(NULL, NULL, 0);
+#endif
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_set_default_properties(NULL, "fips=no");
@@ -3745,6 +3748,7 @@ int tls_global_version_check(char const
*/
void tls_global_cleanup(void)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER < 0x10000000L
ERR_remove_state(0);
#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
@@ -3770,6 +3774,7 @@ void tls_global_cleanup(void)
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
+#endif
}
--- a/src/main/version.c
+++ b/src/main/version.c
@@ -54,7 +54,7 @@ int ssl_check_consistency(void)
{
long ssl_linked;
- ssl_linked = SSLeay();
+ ssl_linked = OpenSSL_version_num();
/*
* Major mismatch, that's bad.
@@ -165,7 +165,7 @@ char const *ssl_version_num(void)
{
long ssl_linked;
- ssl_linked = SSLeay();
+ ssl_linked = OpenSSL_version_num();
return ssl_version_by_num((uint32_t)ssl_linked);
}
@@ -201,10 +201,10 @@ char const *ssl_version(void)
{
static char buffer[256];
- uint32_t v = SSLeay();
+ uint32_t v = OpenSSL_version_num();
snprintf(buffer, sizeof(buffer), "%s 0x%.8x (%s)",
- SSLeay_version(SSLEAY_VERSION), /* Not all builds include a useful version number */
+ OpenSSL_version(OPENSSL_VERSION), /* Not all builds include a useful version number */
v,
ssl_version_by_num(v));
Reference in New Issue View Git Blame Copy Permalink