openssl-1.1.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

diff -aur dnssec-trigger-0.14/riggerd/cfg.c dnssec-trigger-0.14-patched/riggerd/cfg.c
--- dnssec-trigger-0.14/riggerd/cfg.c	2017-06-08 17:06:17.000000000 +0200
+++ dnssec-trigger-0.14-patched/riggerd/cfg.c	2017-11-18 11:21:50.477359449 +0100
@@ -540,9 +540,11 @@
 	if(!ctx)
 		return ctx_err_ret(ctx, err, errlen,
 			"could not allocate SSL_CTX pointer");
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 	if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
 		return ctx_err_ret(ctx, err, errlen, 
 			"could not set SSL_OP_NO_SSLv2");
+#endif
 	if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
 		!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
 		|| !SSL_CTX_check_private_key(ctx))
diff -aur dnssec-trigger-0.14/riggerd/net_help.c dnssec-trigger-0.14-patched/riggerd/net_help.c
--- dnssec-trigger-0.14/riggerd/net_help.c	2017-06-08 17:06:17.000000000 +0200
+++ dnssec-trigger-0.14-patched/riggerd/net_help.c	2017-11-18 11:22:40.546960367 +0100
@@ -447,11 +447,13 @@
 		return NULL;
 	}
 	/* no SSLv2 because has defects */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 	if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
 		SSL_CTX_free(ctx);
 		return NULL;
 	}
+#endif
 	if(!SSL_CTX_use_certificate_file(ctx, pem, SSL_FILETYPE_PEM)) {
 		log_err("error for cert file: %s", pem);
 		log_crypto_err("error in SSL_CTX use_certificate_file");
diff -aur dnssec-trigger-0.14/riggerd/reshook.c dnssec-trigger-0.14-patched/riggerd/reshook.c
--- dnssec-trigger-0.14/riggerd/reshook.c	2017-06-08 17:06:17.000000000 +0200
+++ dnssec-trigger-0.14-patched/riggerd/reshook.c	2017-11-18 11:23:54.853034153 +0100
@@ -256,7 +256,7 @@
 	win_set_resolv("127.0.0.1");
 #else /* not on windows */
 #  ifndef HOOKS_OSX /* on Linux/BSD */
-	if (system("/usr/libexec/dnssec-trigger-script --setup") == 0)
+	if (system(LIBEXEC_DIR "/dnssec-trigger-script --setup") == 0)
 		return;
 
 	if(really_set_to_localhost(cfg)) {
diff -aur dnssec-trigger-0.14/riggerd/svr.c dnssec-trigger-0.14-patched/riggerd/svr.c
--- dnssec-trigger-0.14/riggerd/svr.c	2017-06-08 17:06:17.000000000 +0200
+++ dnssec-trigger-0.14-patched/riggerd/svr.c	2017-11-18 11:23:10.156724197 +0100
@@ -162,10 +162,12 @@
 		return 0;
 	}
 	/* no SSLv2 because has defects */
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 	if(!(SSL_CTX_set_options(s->ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)){
 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
 		return 0;
 	}
+#endif
 	s_cert = s->cfg->server_cert_file;
 	s_key = s->cfg->server_key_file;
 	verbose(VERB_ALGO, "setup SSL certificates");