2016-01-25 20:12:28 +00:00
|
|
|
diff -Naur bacula-7.4.0.old/src/lib/crypto.c bacula-7.4.0/src/lib/crypto.c
|
|
|
|
--- bacula-7.4.0.old/src/lib/crypto.c 2016-01-25 21:00:14.019670307 +0100
|
|
|
|
+++ bacula-7.4.0/src/lib/crypto.c 2016-01-25 21:00:22.216798164 +0100
|
|
|
|
@@ -42,7 +42,7 @@
|
2014-05-15 14:02:42 +00:00
|
|
|
* For OpenSSL version 1.x, EVP_PKEY_encrypt no longer
|
|
|
|
* exists. It was not an official API.
|
|
|
|
*/
|
|
|
|
-#ifdef HAVE_OPENSSLv1
|
|
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
|
|
|
|
#define EVP_PKEY_encrypt EVP_PKEY_encrypt_old
|
|
|
|
#define EVP_PKEY_decrypt EVP_PKEY_decrypt_old
|
|
|
|
#endif
|
2016-01-25 20:12:28 +00:00
|
|
|
diff -Naur bacula-7.4.0.old/src/lib/tls.c bacula-7.4.0/src/lib/tls.c
|
|
|
|
--- bacula-7.4.0.old/src/lib/tls.c 2016-01-25 21:00:14.019670307 +0100
|
|
|
|
+++ bacula-7.4.0/src/lib/tls.c 2016-01-25 21:00:22.218798196 +0100
|
|
|
|
@@ -329,7 +329,7 @@
|
2014-05-15 14:02:42 +00:00
|
|
|
extname = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext)));
|
|
|
|
|
|
|
|
if (strcmp(extname, "subjectAltName") == 0) {
|
|
|
|
-#ifdef HAVE_OPENSSLv1
|
|
|
|
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
|
|
|
|
const X509V3_EXT_METHOD *method;
|
|
|
|
#else
|
|
|
|
X509V3_EXT_METHOD *method;
|
2017-07-10 09:02:14 +00:00
|
|
|
diff -Naur bacula-9.0.0.old/src/lib/tls.c bacula-9.0.0/src/lib/tls.c
|
|
|
|
--- bacula-9.0.0.old/src/lib/tls.c 2017-07-10 08:52:38.929834490 +0200
|
|
|
|
+++ bacula-9.0.0/src/lib/tls.c 2017-07-10 10:52:34.032273634 +0200
|
|
|
|
@@ -45,9 +45,6 @@
|
|
|
|
|
|
|
|
#ifdef HAVE_OPENSSL /* How about OpenSSL? */
|
|
|
|
|
|
|
|
-/* No anonymous ciphers, no <128 bit ciphers, no export ciphers, no MD5 ciphers */
|
|
|
|
-#define TLS_DEFAULT_CIPHERS "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
|
|
|
|
-
|
|
|
|
/* TLS Context Structure */
|
|
|
|
struct TLS_Context {
|
|
|
|
SSL_CTX *openssl;
|
|
|
|
@@ -207,7 +204,7 @@
|
|
|
|
SSL_CTX_set_options(ctx->openssl, SSL_OP_SINGLE_DH_USE);
|
|
|
|
}
|
|
|
|
|
|
|
|
- if (SSL_CTX_set_cipher_list(ctx->openssl, TLS_DEFAULT_CIPHERS) != 1) {
|
|
|
|
+ if (SSL_CTX_set_cipher_list(ctx->openssl, "PROFILE=SYSTEM") != 1) {
|
|
|
|
Jmsg0(NULL, M_ERROR, 0,
|
|
|
|
_("Error setting cipher list, no valid ciphers available\n"));
|
|
|
|
goto err;
|