From: Viktor Dukhovni Date: Mon, 15 Feb 2016 06:13:06 +0000 (-0500) Subject: Bitrot: auto-initialization of OpenSSL 1.1.0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=914001539c158933cbfe0cf6d270b1370b6f804a;p=thirdparty%2Fpostfix.git Bitrot: auto-initialization of OpenSSL 1.1.0 The functions SSL_library_init(), SSL_load_error_strings() and OpenSSL_add_ssl_algorithms() are deprecated in OpenSSL 1.1.0. Instead the library auto-initializes. Though it is possible to call OPENSSL_init_crypto() and OPENSSL_init_ssl() for explicit control over initialization, for now there is no apparent reason to do so. This may change, so explicit initialization might yet become necessary. --- diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c index 2695cb31e..878ed3156 100644 --- a/postfix/src/tls/tls_client.c +++ b/postfix/src/tls/tls_client.c @@ -314,6 +314,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) */ tls_check_version(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L /* * Initialize the OpenSSL library by the book! To start with, we must * initialize the algorithms. We want cleartext error messages instead of @@ -321,6 +322,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) */ SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); +#endif /* * Create an application data index for SSL objects, so that we can diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c index 773f8defd..f0bd2e93d 100644 --- a/postfix/src/tls/tls_server.c +++ b/postfix/src/tls/tls_server.c @@ -328,6 +328,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) */ tls_check_version(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L /* * Initialize the OpenSSL library by the book! To start with, we must * initialize the algorithms. We want cleartext error messages instead of @@ -335,6 +336,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) */ SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); +#endif /* * First validate the protocols. If these are invalid, we can't continue.