krb5/krb5-1.7-openssl-1.0.patch

This isn't a proper fix (it doesn't actually switch to using the new API),
but it'll do for now.
diff -up src/plugins/preauth/pkinit/pkinit_crypto_openssl.c src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
--- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c.openssl-1.0	2009-01-23 01:51:03.000000000 -0500
+++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c	2009-08-24 11:19:35.000000000 -0400
@@ -3652,7 +3652,11 @@ decode_data(unsigned char **out_data, un
     if (buf == NULL)
 	goto cleanup;
 
+#if OPENSSL_VERSION_NUMBER < 0x10000000L
     retval = EVP_PKEY_decrypt(buf, data, (int)data_len, pkey);
+#else
+    retval = EVP_PKEY_decrypt_old(buf, data, (int)data_len, pkey);
+#endif
     if (retval <= 0) {
 	pkiDebug("unable to decrypt received data (len=%d)\n", data_len);
 	goto cleanup;
- work around a compile problem with new openssl 2009-08-24 15:51:36 +00:00			`This isn't a proper fix (it doesn't actually switch to using the new API),`
			`but it'll do for now.`
			`diff -up src/plugins/preauth/pkinit/pkinit_crypto_openssl.c src/plugins/preauth/pkinit/pkinit_crypto_openssl.c`
			`--- src/plugins/preauth/pkinit/pkinit_crypto_openssl.c.openssl-1.0 2009-01-23 01:51:03.000000000 -0500`
			`+++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2009-08-24 11:19:35.000000000 -0400`
			`@@ -3652,7 +3652,11 @@ decode_data(unsigned char **out_data, un`
			`if (buf == NULL)`
			`goto cleanup;`

			`+#if OPENSSL_VERSION_NUMBER < 0x10000000L`
			`retval = EVP_PKEY_decrypt(buf, data, (int)data_len, pkey);`
			`+#else`
			`+ retval = EVP_PKEY_decrypt_old(buf, data, (int)data_len, pkey);`
			`+#endif`
			`if (retval <= 0) {`
			`pkiDebug("unable to decrypt received data (len=%d)\n", data_len);`
			`goto cleanup;`