Add dynamic linking for functions required by SSL v2/3 disabling patch.
This commit is contained in:
parent
b06b1f15ac
commit
490781d998
2 changed files with 21 additions and 1 deletions
|
@ -136,6 +136,9 @@ int (*SSL_write)(SSL *, const void *, int);
|
||||||
SSL_METHOD * (*SSLv23_server_method)(void);
|
SSL_METHOD * (*SSLv23_server_method)(void);
|
||||||
X509 * (*d2i_X509)(X509 **px, const unsigned char **in, int len);
|
X509 * (*d2i_X509)(X509 **px, const unsigned char **in, int len);
|
||||||
void (*X509_free)(X509 *a);
|
void (*X509_free)(X509 *a);
|
||||||
|
int (*x_SSL_CTX_set_cipher_list)(SSL_CTX *ctx, const char *str);
|
||||||
|
void (*x_sk_zero)(void *st);
|
||||||
|
void * (*x_SSL_COMP_get_compression_methods)(void);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static void sslDestroyCachedContext(void *ssl_, char *context_) {
|
static void sslDestroyCachedContext(void *ssl_, char *context_) {
|
||||||
|
@ -308,7 +311,9 @@ static void loadSSL(void) {
|
||||||
{ { &SSL_write }, "SSL_write" },
|
{ { &SSL_write }, "SSL_write" },
|
||||||
{ { &SSLv23_server_method }, "SSLv23_server_method" },
|
{ { &SSLv23_server_method }, "SSLv23_server_method" },
|
||||||
{ { &d2i_X509 }, "d2i_X509" },
|
{ { &d2i_X509 }, "d2i_X509" },
|
||||||
{ { &X509_free }, "X509_free" }
|
{ { &X509_free }, "X509_free" },
|
||||||
|
{ { &x_SSL_CTX_set_cipher_list }, "SSL_CTX_set_cipher_list" },
|
||||||
|
{ { &x_sk_zero }, "sk_zero" }
|
||||||
};
|
};
|
||||||
for (unsigned i = 0; i < sizeof(symbols)/sizeof(symbols[0]); i++) {
|
for (unsigned i = 0; i < sizeof(symbols)/sizeof(symbols[0]); i++) {
|
||||||
if (!(*symbols[i].var = loadSymbol(path_libssl, symbols[i].fn))) {
|
if (!(*symbols[i].var = loadSymbol(path_libssl, symbols[i].fn))) {
|
||||||
|
@ -320,6 +325,10 @@ static void loadSSL(void) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// These are optional
|
||||||
|
x_SSL_COMP_get_compression_methods = loadSymbol(path_libssl, "SSL_COMP_get_compression_methods");
|
||||||
|
// ends
|
||||||
|
|
||||||
SSL_library_init();
|
SSL_library_init();
|
||||||
dcheck(!ERR_peek_error());
|
dcheck(!ERR_peek_error());
|
||||||
debug("Loaded SSL suppport");
|
debug("Loaded SSL suppport");
|
||||||
|
@ -590,6 +599,11 @@ static SSL_CTX *sslMakeContext(void) {
|
||||||
SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
|
SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
|
||||||
#ifdef SSL_OP_NO_COMPRESSION
|
#ifdef SSL_OP_NO_COMPRESSION
|
||||||
SSL_CTX_set_options(context, SSL_OP_NO_COMPRESSION);
|
SSL_CTX_set_options(context, SSL_OP_NO_COMPRESSION);
|
||||||
|
#endif
|
||||||
|
#if defined(HAVE_DLOPEN)
|
||||||
|
if (SSL_COMP_get_compression_methods) {
|
||||||
|
sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
|
||||||
|
}
|
||||||
#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
|
#elif OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||||
sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
|
sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -111,6 +111,9 @@ extern int (*x_SSL_write)(SSL *, const void *, int);
|
||||||
extern SSL_METHOD *(*x_SSLv23_server_method)(void);
|
extern SSL_METHOD *(*x_SSLv23_server_method)(void);
|
||||||
extern X509 * (*x_d2i_X509)(X509 **px, const unsigned char **in, int len);
|
extern X509 * (*x_d2i_X509)(X509 **px, const unsigned char **in, int len);
|
||||||
extern void (*x_X509_free)(X509 *a);
|
extern void (*x_X509_free)(X509 *a);
|
||||||
|
extern int (*x_SSL_CTX_set_cipher_list)(SSL_CTX *ctx, const char *str);
|
||||||
|
extern void (*x_sk_zero)(void *st);
|
||||||
|
extern void *(*x_SSL_COMP_get_compression_methods)(void);
|
||||||
|
|
||||||
#define BIO_ctrl x_BIO_ctrl
|
#define BIO_ctrl x_BIO_ctrl
|
||||||
#define BIO_f_buffer x_BIO_f_buffer
|
#define BIO_f_buffer x_BIO_f_buffer
|
||||||
|
@ -151,6 +154,9 @@ extern void (*x_X509_free)(X509 *a);
|
||||||
#define SSLv23_server_method x_SSLv23_server_method
|
#define SSLv23_server_method x_SSLv23_server_method
|
||||||
#define d2i_X509 x_d2i_X509
|
#define d2i_X509 x_d2i_X509
|
||||||
#define X509_free x_X509_free
|
#define X509_free x_X509_free
|
||||||
|
#define SSL_CTX_set_cipher_list x_SSL_CTX_set_cipher_list
|
||||||
|
#define sk_zero x_sk_zero
|
||||||
|
#define SSL_COMP_get_compression_methods x_SSL_COMP_get_compression_methods
|
||||||
|
|
||||||
#undef BIO_set_buffer_read_data
|
#undef BIO_set_buffer_read_data
|
||||||
#undef SSL_CTX_set_tlsext_servername_arg
|
#undef SSL_CTX_set_tlsext_servername_arg
|
||||||
|
|
Loading…
Reference in a new issue