diff --git a/elinks-0.12pre6-openssl11.patch b/elinks-0.12pre6-openssl11.patch index 92f2f0d..210af63 100644 --- a/elinks-0.12pre6-openssl11.patch +++ b/elinks-0.12pre6-openssl11.patch @@ -1,6 +1,53 @@ -diff -up elinks-0.12pre6/src/network/ssl/socket.c.openssl11 elinks-0.12pre6/src/network/ssl/socket.c ---- elinks-0.12pre6/src/network/ssl/socket.c.openssl11 2017-02-17 16:41:26.346909430 +0100 -+++ elinks-0.12pre6/src/network/ssl/socket.c 2017-02-17 16:40:34.000000000 +0100 +From d83c0edf4c6ae42359ff856d7a879ecba5769595 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Fri, 17 Feb 2017 16:51:41 +0100 +Subject: [PATCH 1/2] fix compatibility with OpenSSL 1.1 + +--- + src/network/ssl/socket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c +index c9e2be4..467fc48 100644 +--- a/src/network/ssl/socket.c ++++ b/src/network/ssl/socket.c +@@ -83,7 +83,7 @@ static void + ssl_set_no_tls(struct socket *socket) + { + #ifdef CONFIG_OPENSSL +- ((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1; ++ SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1); + #elif defined(CONFIG_GNUTLS) + { + /* GnuTLS does not support SSLv2 because it is "insecure". +@@ -419,7 +419,7 @@ ssl_connect(struct socket *socket) + } + + if (client_cert) { +- SSL_CTX *ctx = ((SSL *) socket->ssl)->ctx; ++ SSL_CTX *ctx = SSL_get_SSL_CTX((SSL *) socket->ssl); + + SSL_CTX_use_certificate_chain_file(ctx, client_cert); + SSL_CTX_use_PrivateKey_file(ctx, client_cert, +-- +2.7.4 + + +From ec952cc5b79973bee73fcfc813159d40c22b7228 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 17 Feb 2017 16:44:11 +0100 +Subject: [PATCH 2/2] drop disablement of TLS1.0 on second attempt to connect + +It would not work correctly anyway and the code does not build +with OpenSSL-1.1.0. +--- + src/network/ssl/socket.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c +index 467fc48..b981c1e 100644 +--- a/src/network/ssl/socket.c ++++ b/src/network/ssl/socket.c @@ -82,6 +82,11 @@ static void ssl_set_no_tls(struct socket *socket) @@ -11,7 +58,7 @@ diff -up elinks-0.12pre6/src/network/ssl/socket.c.openssl11 elinks-0.12pre6/src/ + * because it would just switch off TLS 1.0 keeping TLS 1.1 and 1.2 enabled. + */ #ifdef CONFIG_OPENSSL - ((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1; + SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1); #elif defined(CONFIG_GNUTLS) @@ -96,6 +101,7 @@ ssl_set_no_tls(struct socket *socket) gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority); @@ -21,12 +68,6 @@ diff -up elinks-0.12pre6/src/network/ssl/socket.c.openssl11 elinks-0.12pre6/src/ } #ifdef USE_OPENSSL -@@ -419,7 +425,7 @@ ssl_connect(struct socket *socket) - } - - if (client_cert) { -- SSL_CTX *ctx = ((SSL *) socket->ssl)->ctx; -+ SSL_CTX *ctx = SSL_get_SSL_CTX((SSL *) socket->ssl); - - SSL_CTX_use_certificate_chain_file(ctx, client_cert); - SSL_CTX_use_PrivateKey_file(ctx, client_cert, +-- +2.7.4 + diff --git a/elinks.spec b/elinks.spec index c892701..7747e05 100644 --- a/elinks.spec +++ b/elinks.spec @@ -75,6 +75,7 @@ Patch17: elinks-0.12pre6-libidn2.patch # make configure.ac recognize recent versions of GCC Patch18: elinks-0.12pre6-recent-gcc-versions.patch +# fix compatibility with OpenSSL 1.1 (#1423519) and ... # drop disablement of TLS1.0 on second attempt to connect Patch19: elinks-0.12pre6-openssl11.patch @@ -166,6 +167,7 @@ exit 0 %changelog * Fri Feb 17 2017 Kamil Dudka - 0.12-0.51.pre6 +- fix compatibility with OpenSSL 1.1 (#1423519) - make configure.ac recognize recent versions of GCC - apply patches automatically to ease maintenance