1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
From 088af365ce4f715b9f1d41754651e01db6ebf39a Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat, 2 Jul 2016 00:12:01 +0200
Subject: make it compile against openssl 1.1.0
- SSL_library_init() is no longer a function but a define invoking
another function with parameters. Thus a link check against this
function will fail. As a fix AC_LINK_IFELSE is used so the header file
can be included.
- X509_CRL is opaque and needs an accessor. X509_CRL_get_nextUpdate() is
around since OpenSSL 0.9.1c. X509_cmp_current_time() seems to be
around since SSLeay 0.8.1b.
BTS: https://bugs.debian.org/828083
clamav: https://bugzilla.clamav.net/show_bug.cgi?id=11594
Patch-Name: make_it_compile_against_openssl_1_1_0.patch
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
libclamav/crypto.c | 21 ++++++---------------
m4/reorganization/libs/openssl.m4 | 12 +++++++++---
2 files changed, 15 insertions(+), 18 deletions(-)
diff --git a/libclamav/crypto.c b/libclamav/crypto.c
index c62c65a..4be900f 100644
--- a/libclamav/crypto.c
+++ b/libclamav/crypto.c
@@ -1096,7 +1096,6 @@ X509_CRL *cl_load_crl(const char *file)
{
X509_CRL *x=NULL;
FILE *fp;
- struct tm *tm;
if (!(file))
return NULL;
@@ -1110,21 +1109,13 @@ X509_CRL *cl_load_crl(const char *file)
fclose(fp);
if ((x)) {
- tm = cl_ASN1_GetTimeT(x->crl->nextUpdate);
- if (!(tm)) {
- X509_CRL_free(x);
- return NULL;
- }
+ ASN1_TIME *tme;
-#if !defined(_WIN32)
- if (timegm(tm) < time(NULL)) {
- X509_CRL_free(x);
- free(tm);
- return NULL;
- }
-#endif
-
- free(tm);
+ tme = X509_CRL_get_nextUpdate(x);
+ if (!tme || X509_cmp_current_time(tme) < 0) {
+ X509_CRL_free(x);
+ return NULL;
+ }
}
return x;
diff --git a/m4/reorganization/libs/openssl.m4 b/m4/reorganization/libs/openssl.m4
index 78e2c23..45ee02d 100644
--- a/m4/reorganization/libs/openssl.m4
+++ b/m4/reorganization/libs/openssl.m4
@@ -26,12 +26,13 @@ save_LDFLAGS="$LDFLAGS"
save_CFLAGS="$CFLAGS"
save_LIBS="$LIBS"
-SSL_LIBS="-lssl -lcrypto -lz"
+SSL_LIBS="$LIBS -lssl -lcrypto -lz"
+LIBS="$LIBS $SSL_LIBS"
if test "$LIBSSL_HOME" != "/usr"; then
SSL_LDFLAGS="-L$LIBSSL_HOME/lib"
SSL_CPPFLAGS="-I$LIBSSL_HOME/include"
- LDFLAGS="-L$LIBSSL_HOME/lib $SSL_LIBS"
+ LDFLAGS="-L$LIBSSL_HOME/lib"
CFLAGS="$SSL_CPPFLAGS"
else
SSL_LDFLAGS=""
@@ -41,7 +42,12 @@ fi
have_ssl="no"
have_crypto="no"
-AC_CHECK_LIB([ssl], [SSL_library_init], [have_ssl="yes"], [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])], [-lcrypto -lz])
+AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[#include <openssl/ssl.h>]],
+ [[SSL_library_init();]])],
+ [have_ssl="yes";],
+ [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])])
+
AC_CHECK_LIB([crypto], [EVP_EncryptInit], [have_crypto="yes"], [AC_MSG_ERROR([Your OpenSSL installation is misconfigured or missing])], [-lcrypto -lz])
|
