Fix compilation without OPENSSL_API_COMPAT

Use the following for openssl 1.1+:
- X509_getm_notBefore over X509_get_notBefore
- X509_getm_notAfter  over X509_get_notAfter
- use OPENSSL_VERSION_NUMBER over SSLeay()
- add missing headers

Refs: openssl/openssl@0b7347effee5

diff --git a/openssl-compat.h b/openssl-compat.h
index 5d91ac6402d8cf3d007f28ac8f72446dfb0d1402..a23e34251b90d5dfd068b2b55de10c6332e65304 100644 (file)
--- a/openssl-compat.h
+++ b/openssl-compat.h
@@ -34,6 +34,9 @@ static inline BIO_METHOD *BIO_meth_new(int type, const char *name)
 
 #define TLS_method SSLv23_method
 
+#define X509_getm_notBefore X509_get_notBefore
+#define X509_getm_notAfter X509_get_notAfter
+
 #endif /* (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
        (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) */
 

diff --git a/sample/becat.c b/sample/becat.c
index bc453db4b79ff5d353a3f09a0e23956304d66bff..ade77c279f7339b123605b43c553d055735319d4 100644 (file)
--- a/sample/becat.c
+++ b/sample/becat.c
@@ -14,6 +14,9 @@
 
 #include <event2/bufferevent_ssl.h>
 #include <openssl/ssl.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/x509.h>
 #include <openssl/err.h>
 #include "openssl-compat.h"
 
@@ -201,9 +204,9 @@ static int ssl_load_cert(struct ssl_context *ssl)
 
        ASN1_INTEGER_set(X509_get_serialNumber(ssl->cert), 1);
 
-       X509_gmtime_adj(X509_get_notBefore(ssl->cert), 0);
+       X509_gmtime_adj(X509_getm_notBefore(ssl->cert), 0);
        /** 1 year lifetime */
-       X509_gmtime_adj(X509_get_notAfter(ssl->cert),
+       X509_gmtime_adj(X509_getm_notAfter(ssl->cert),
                (long)time(NULL) + 365 * 86400);
 
        X509_set_pubkey(ssl->cert, ssl->pkey);

diff --git a/test/regress_ssl.c b/test/regress_ssl.c
index 68c28114f7eaf52fe198d438f3415304260d835a..4b91f11db33aa20e58879ed760fd8fd161eb43b5 100644 (file)
--- a/test/regress_ssl.c
+++ b/test/regress_ssl.c
@@ -148,9 +148,9 @@ ssl_getcert(EVP_PKEY *key)
        X509_set_issuer_name(x509, name);
        X509_NAME_free(name);
 
-       X509_time_adj(X509_get_notBefore(x509), 0, &now);
+       X509_time_adj(X509_getm_notBefore(x509), 0, &now);
        now += 3600;
-       X509_time_adj(X509_get_notAfter(x509), 0, &now);
+       X509_time_adj(X509_getm_notAfter(x509), 0, &now);
        X509_set_pubkey(x509, key);
        tt_assert(0 != X509_sign(x509, key, EVP_sha1()));
 
@@ -469,8 +469,8 @@ regress_bufferevent_openssl(void *arg)
        type = (enum regress_openssl_type)data->setup_data;
 
        if (type & REGRESS_OPENSSL_RENEGOTIATE) {
-               if (SSLeay() >= 0x10001000 &&
-                   SSLeay() <  0x1000104f) {
+               if (OPENSSL_VERSION_NUMBER >= 0x10001000 &&
+                   OPENSSL_VERSION_NUMBER <  0x1000104f) {
                        /* 1.0.1 up to 1.0.1c has a bug where TLS1.1 and 1.2
                         * can't renegotiate with themselves. Disable. */
                        disable_tls_11_and_12 = 1;