bacula/bacula-openssl.patch

44 lines
1.6 KiB
Diff
Raw Normal View History

2019-01-12 14:25:34 +00:00
diff -Naur bacula-9.4.0.old/src/lib/crypto.c bacula-9.4.0/src/lib/crypto.c
--- bacula-9.4.0.old/src/lib/crypto.c 2018-12-16 11:30:25.000000000 +0100
+++ bacula-9.4.0/src/lib/crypto.c 2019-01-12 15:18:04.623955646 +0100
2016-01-25 20:12:28 +00:00
@@ -42,7 +42,7 @@
2014-05-15 14:02:42 +00:00
* For OpenSSL version 1.x, EVP_PKEY_encrypt no longer
* exists. It was not an official API.
*/
-#ifdef HAVE_OPENSSLv1
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
#define EVP_PKEY_encrypt EVP_PKEY_encrypt_old
#define EVP_PKEY_decrypt EVP_PKEY_decrypt_old
#endif
2019-01-12 14:25:34 +00:00
diff -Naur bacula-9.4.0.old/src/lib/tls.c bacula-9.4.0/src/lib/tls.c
--- bacula-9.4.0.old/src/lib/tls.c 2018-12-16 11:30:25.000000000 +0100
+++ bacula-9.4.0/src/lib/tls.c 2019-01-12 15:18:04.646956092 +0100
2017-12-07 14:47:44 +00:00
@@ -47,9 +47,6 @@
2017-12-07 14:47:44 +00:00
#include "openssl-compat.h"
-/* No anonymous ciphers, no <128 bit ciphers, no export ciphers, no MD5 ciphers */
-#define TLS_DEFAULT_CIPHERS "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
-
/* TLS Context Structure */
struct TLS_Context {
SSL_CTX *openssl;
2019-01-12 14:25:34 +00:00
@@ -215,7 +212,7 @@
SSL_CTX_set_options(ctx->openssl, SSL_OP_SINGLE_DH_USE);
}
- if (SSL_CTX_set_cipher_list(ctx->openssl, TLS_DEFAULT_CIPHERS) != 1) {
+ if (SSL_CTX_set_cipher_list(ctx->openssl, "PROFILE=SYSTEM") != 1) {
Jmsg0(NULL, M_ERROR, 0,
_("Error setting cipher list, no valid ciphers available\n"));
goto err;
2019-01-12 14:25:34 +00:00
@@ -336,7 +333,7 @@
2017-12-07 14:47:44 +00:00
extname = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext)));
if (strcmp(extname, "subjectAltName") == 0) {
-#ifdef HAVE_OPENSSLv1
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
const X509V3_EXT_METHOD *method;
#else
X509V3_EXT_METHOD *method;