From: Viktor Dukhovni Date: Mon, 15 Feb 2016 06:13:06 +0000 (-0500) Subject: Bitrot: auto-initialization of OpenSSL 1.1.0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f8e359085d810c9bd9552000ec3ce440b51949b9;p=thirdparty%2Fpostfix.git Bitrot: auto-initialization of OpenSSL 1.1.0 The functions SSL_library_init(), SSL_load_error_strings() and OpenSSL_add_ssl_algorithms() are deprecated in OpenSSL 1.1.0. Instead the library auto-initializes. Though it is possible to call OPENSSL_init_crypto() and OPENSSL_init_ssl() for explicit control over initialization, for now there is no apparent reason to do so. This may change, so explicit initialization might yet become necessary. --- diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c index 9553995a9..d5c9ea003 100644 --- a/postfix/src/tls/tls_client.c +++ b/postfix/src/tls/tls_client.c @@ -299,6 +299,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) */ tls_check_version(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L /* * Initialize the OpenSSL library by the book! To start with, we must * initialize the algorithms. We want cleartext error messages instead of @@ -306,6 +307,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) */ SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); +#endif /* * Create an application data index for SSL objects, so that we can diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c index 8275ee127..c8712248a 100644 --- a/postfix/src/tls/tls_dane.c +++ b/postfix/src/tls/tls_dane.c @@ -2163,8 +2163,10 @@ static SSL_CTX *ctx_init(const char *CAfile) tls_param_init(); tls_check_version(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_load_error_strings(); SSL_library_init(); +#endif if (!tls_validate_digest(LN_sha1)) msg_fatal("%s digest algorithm not available", LN_sha1); diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c index 71b5988dc..34d3d473d 100644 --- a/postfix/src/tls/tls_server.c +++ b/postfix/src/tls/tls_server.c @@ -375,6 +375,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) */ tls_check_version(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L /* * Initialize the OpenSSL library by the book! To start with, we must * initialize the algorithms. We want cleartext error messages instead of @@ -382,6 +383,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) */ SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); +#endif /* * First validate the protocols. If these are invalid, we can't continue.