crypto_libs=""
AC_CHECK_LIB(z, deflate, [crypto_libs=-lz])
- AC_CHECK_LIB(crypto, X509_new,
- [crypto_libs="-lcrypto $crypto_libs"],, [$crypto_libs])
+ AC_CHECK_LIB(crypto, X509_STORE_CTX_new,
+ [crypto_libs="-lcrypto $crypto_libs"],
+ AC_MSG_ERROR([Unable to find SSL library]), [$crypto_libs])
AC_CHECK_LIB(ssl, SSL_new,,
AC_MSG_ERROR([Unable to find SSL library]), [$crypto_libs])
LIBS="$LIBS $crypto_libs"
AC_CHECK_FUNCS(RAND_status RAND_egd)
+ AC_CHECK_DECLS([SSL_set_mode, SSL_MODE_AUTO_RETRY],,
+ AC_MSG_ERROR([Unable to find decent SSL header]), [[#include <openssl/ssl.h>]])
AC_DEFINE(USE_SSL,1,[ Define if you want support for SSL. ])
AC_DEFINE(USE_SSL_OPENSSL,1,[ Define if you want support for SSL via OpenSSL. ])
#include "mutt_ssl.h"
#include "mutt_idna.h"
-#if OPENSSL_VERSION_NUMBER >= 0x00904000L
-#define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL, NULL)
-#else
-#define READ_X509_KEY(fp, key) PEM_read_X509(fp, key, NULL)
-#endif
-
/* Just in case OpenSSL doesn't define DEVRANDOM */
#ifndef DEVRANDOM
#define DEVRANDOM "/dev/urandom"
int err;
const char* errmsg;
-#if OPENSSL_VERSION_NUMBER >= 0x00906000L
- /* This only exists in 0.9.6 and above. Without it we may get interrupted
- * reads or writes. Bummer. */
SSL_set_mode (ssldata->ssl, SSL_MODE_AUTO_RETRY);
-#endif
if ((err = SSL_connect (ssldata->ssl)) != 1)
{
static int check_certificate_by_signer (X509 *peercert)
{
- X509_STORE_CTX xsc;
+ X509_STORE_CTX *xsc;
X509_STORE *ctx;
int pass = 0, i;
return 0;
}
- X509_STORE_CTX_init (&xsc, ctx, peercert, SslSessionCerts);
+ xsc = X509_STORE_CTX_new();
+ if (xsc == NULL) return 0;
+ X509_STORE_CTX_init (xsc, ctx, peercert, SslSessionCerts);
- pass = (X509_verify_cert (&xsc) > 0);
+ pass = (X509_verify_cert (xsc) > 0);
#ifdef DEBUG
if (! pass)
{
char buf[SHORT_STRING];
int err;
- err = X509_STORE_CTX_get_error (&xsc);
+ err = X509_STORE_CTX_get_error (xsc);
snprintf (buf, sizeof (buf), "%s (%d)",
X509_verify_cert_error_string(err), err);
dprint (2, (debugfile, "X509_verify_cert: %s\n", buf));
dprint (2, (debugfile, " [%s]\n", peercert->name));
}
#endif
- X509_STORE_CTX_cleanup (&xsc);
+ X509_STORE_CTX_free (xsc);
X509_STORE_free (ctx);
return pass;
return 0;
}
- while ((cert = READ_X509_KEY (fp, &cert)) != NULL)
+ while ((cert = PEM_read_X509 (fp, &cert, NULL, NULL)) != NULL)
{
pass = compare_certificates (cert, peercert, peermd, peermdlen) ? 0 : 1;