From: Viktor Dukhovni Date: Mon, 15 Feb 2016 06:13:06 +0000 (-0500) Subject: Bitrot: auto-initialization of OpenSSL 1.1.0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9991064364f8630b165fb20d928e4db1f9aaf308;p=thirdparty%2Fpostfix.git Bitrot: auto-initialization of OpenSSL 1.1.0 The functions SSL_library_init(), SSL_load_error_strings() and OpenSSL_add_ssl_algorithms() are deprecated in OpenSSL 1.1.0. Instead the library auto-initializes. Though it is possible to call OPENSSL_init_crypto() and OPENSSL_init_ssl() for explicit control over initialization, for now there is no apparent reason to do so. This may change, so explicit initialization might yet become necessary. --- diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c index 6739d1f58..de50a73f8 100644 --- a/postfix/src/tls/tls_client.c +++ b/postfix/src/tls/tls_client.c @@ -298,6 +298,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) */ tls_check_version(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L /* * Initialize the OpenSSL library by the book! To start with, we must * initialize the algorithms. We want cleartext error messages instead of @@ -305,6 +306,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) */ SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); +#endif /* * Create an application data index for SSL objects, so that we can diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c index 879fd0963..3f6060980 100644 --- a/postfix/src/tls/tls_dane.c +++ b/postfix/src/tls/tls_dane.c @@ -2155,8 +2155,10 @@ static SSL_CTX *ctx_init(const char *CAfile) tls_param_init(); tls_check_version(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_load_error_strings(); SSL_library_init(); +#endif if (!tls_validate_digest(LN_sha1)) msg_fatal("%s digest algorithm not available", LN_sha1); diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c index 8d4d0c523..56c83eb80 100644 --- a/postfix/src/tls/tls_server.c +++ b/postfix/src/tls/tls_server.c @@ -375,6 +375,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) */ tls_check_version(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L /* * Initialize the OpenSSL library by the book! To start with, we must * initialize the algorithms. We want cleartext error messages instead of @@ -382,6 +383,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) */ SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); +#endif /* * First validate the protocols. If these are invalid, we can't continue.