make_it_compile_against_openssl_1_1_0.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

From 088af365ce4f715b9f1d41754651e01db6ebf39a Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat, 2 Jul 2016 00:12:01 +0200
Subject: make it compile against openssl 1.1.0

- SSL_library_init() is no longer a function but a define invoking
  another function with parameters. Thus a link check against this
  function will fail. As a fix AC_LINK_IFELSE is used so the header file
  can be included.

- X509_CRL is opaque and needs an accessor. X509_CRL_get_nextUpdate() is
  around since OpenSSL 0.9.1c. X509_cmp_current_time() seems to be
  around since SSLeay 0.8.1b.

BTS: https://bugs.debian.org/828083
clamav: https://bugzilla.clamav.net/show_bug.cgi?id=11594
Patch-Name: make_it_compile_against_openssl_1_1_0.patch

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
 libclamav/crypto.c                | 21 ++++++---------------
 m4/reorganization/libs/openssl.m4 | 12 +++++++++---
 2 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/libclamav/crypto.c b/libclamav/crypto.c
index c62c65a..4be900f 100644
--- a/libclamav/crypto.c
+++ b/libclamav/crypto.c
@@ -1096,7 +1096,6 @@ X509_CRL *cl_load_crl(const char *file)
 {
     X509_CRL *x=NULL;
     FILE *fp;
-    struct tm *tm;
 
     if (!(file))
         return NULL;
@@ -1110,21 +1109,13 @@ X509_CRL *cl_load_crl(const char *file)
     fclose(fp);
 
     if ((x)) {
-        tm = cl_ASN1_GetTimeT(x->crl->nextUpdate);
-        if (!(tm)) {
-            X509_CRL_free(x);
-            return NULL;
-        }
+	ASN1_TIME *tme;
 
-#if !defined(_WIN32)
-        if (timegm(tm) < time(NULL)) {
-            X509_CRL_free(x);
-            free(tm);
-            return NULL;
-        }
-#endif
-
-        free(tm);
+	tme = X509_CRL_get_nextUpdate(x);
+	if (!tme || X509_cmp_current_time(tme) < 0) {
+		X509_CRL_free(x);
+		return NULL;
+	}
     }
 
     return x;
diff --git a/m4/reorganization/libs/openssl.m4 b/m4/reorganization/libs/openssl.m4
index 78e2c23..45ee02d 100644
--- a/m4/reorganization/libs/openssl.m4
+++ b/m4/reorganization/libs/openssl.m4
@@ -26,12 +26,13 @@ save_LDFLAGS="$LDFLAGS"
 save_CFLAGS="$CFLAGS"
 save_LIBS="$LIBS"
 
-SSL_LIBS="-lssl -lcrypto -lz"
+SSL_LIBS="$LIBS -lssl -lcrypto -lz"
+LIBS="$LIBS $SSL_LIBS"
 
 if test "$LIBSSL_HOME" != "/usr"; then
     SSL_LDFLAGS="-L$LIBSSL_HOME/lib"
     SSL_CPPFLAGS="-I$LIBSSL_HOME/include"
-    LDFLAGS="-L$LIBSSL_HOME/lib $SSL_LIBS"
+    LDFLAGS="-L$LIBSSL_HOME/lib"
     CFLAGS="$SSL_CPPFLAGS"
 else
     SSL_LDFLAGS=""
@@ -41,7 +42,12 @@ fi
 have_ssl="no"
 have_crypto="no"
 
-AC_CHECK_LIB([ssl], [SSL_library_init], [have_ssl="yes"], [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])], [-lcrypto -lz])
+AC_LINK_IFELSE(
+	       [AC_LANG_PROGRAM([[#include <openssl/ssl.h>]],
+				[[SSL_library_init();]])],
+	       [have_ssl="yes";],
+	       [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])])
+
 
 AC_CHECK_LIB([crypto], [EVP_EncryptInit], [have_crypto="yes"], [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])], [-lcrypto -lz])