From ccf2556ed821bf2826281a1e9ed8b1da4040050f Mon Sep 17 00:00:00 2001 From: Oleg Jukovec Date: Thu, 7 Jul 2022 10:08:30 +0300 Subject: [PATCH 1/2] Define TLS1_3_VERSION as invalid value if missed The patch fixes build with OpenSSL < 1.1.1: ./ctx.go:372:28: could not determine kind of name for C.TLS1_3_VERSION --- shim.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/shim.h b/shim.h index 94fe8c61..fbd2b26b 100644 --- a/shim.h +++ b/shim.h @@ -67,6 +67,9 @@ extern int X_SSL_verify_cb(int ok, X509_STORE_CTX* store); /* SSL_CTX methods */ extern int X_SSL_CTX_new_index(); +#ifndef TLS1_3_VERSION +#define TLS1_3_VERSION 0 +#endif extern int X_SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); extern int X_SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); extern long X_SSL_CTX_set_options(SSL_CTX* ctx, long options); @@ -181,4 +184,4 @@ extern int OBJ_create(const char *oid,const char *sn,const char *ln); /* Extension helper method */ extern const unsigned char * get_extention(X509 *x, int NID, int *data_len); -extern int add_custom_ext(X509 *cert, int nid, char *value, int len); \ No newline at end of file +extern int add_custom_ext(X509 *cert, int nid, char *value, int len); From fb67ff8066bc30265a440ad25d87cd6823a9d27b Mon Sep 17 00:00:00 2001 From: Oleg Jukovec Date: Thu, 7 Jul 2022 10:14:05 +0300 Subject: [PATCH 2/2] Fix compilation of set proto calls The setter functions were added in OpenSSL 1.1.0 [1]. The patch fixes compilation for previous versions: /usr/bin/ld: $WORK/b079/_x030.o: in function `X_SSL_CTX_set_min_proto_version': ./shim.c:479: undefined reference to `SSL_CTX_set_min_proto_version' /usr/bin/ld: $WORK/b079/_x030.o: in function `X_SSL_CTX_set_max_proto_version': ./shim.c:483: undefined reference to `SSL_CTX_set_max_proto_version' 1. https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_min_proto_version.html --- shim.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/shim.c b/shim.c index b27a5743..ae951029 100644 --- a/shim.c +++ b/shim.c @@ -476,11 +476,19 @@ int X_SSL_CTX_new_index() { } int X_SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version) { +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL return SSL_CTX_set_min_proto_version(ctx, version); +#else + return 0; +#endif } int X_SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version) { +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL return SSL_CTX_set_max_proto_version(ctx, version); +#else + return 0; +#endif } long X_SSL_CTX_set_options(SSL_CTX* ctx, long options) {