2021-05-17 17:27:07 +00:00
|
|
|
diff --git a/src/ssl/support.cc b/src/ssl/support.cc
|
|
|
|
index 3ad135d..73912ce 100644
|
|
|
|
--- a/src/ssl/support.cc
|
|
|
|
+++ b/src/ssl/support.cc
|
|
|
|
@@ -557,7 +557,11 @@ Ssl::VerifyCallbackParameters::At(Security::Connection &sconn)
|
|
|
|
}
|
|
|
|
|
|
|
|
// "dup" function for SSL_get_ex_new_index("cert_err_check")
|
|
|
|
-#if SQUID_USE_CONST_CRYPTO_EX_DATA_DUP
|
|
|
|
+#if OPENSSL_VERSION_MAJOR >= 3
|
|
|
|
+static int
|
|
|
|
+ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void **,
|
|
|
|
+ int, long, void *)
|
|
|
|
+#elif SQUID_USE_CONST_CRYPTO_EX_DATA_DUP
|
|
|
|
static int
|
|
|
|
ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *,
|
|
|
|
int, long, void *)
|
2021-08-05 20:33:36 +00:00
|
|
|
diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc
|
|
|
|
index cf1d4ba..4346ba5 100644
|
|
|
|
--- a/src/security/PeerOptions.cc
|
|
|
|
+++ b/src/security/PeerOptions.cc
|
|
|
|
@@ -297,130 +297,130 @@ static struct ssl_option {
|
|
|
|
|
|
|
|
} ssl_options[] = {
|
|
|
|
|
|
|
|
-#if SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
|
|
|
|
+#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
|
|
|
|
{
|
|
|
|
"NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
|
|
|
|
+#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
|
|
|
|
{
|
|
|
|
"SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
|
|
|
|
+#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
|
|
|
|
{
|
|
|
|
"MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_SSLEAY_080_CLIENT_DH_BUG
|
|
|
|
+#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
|
|
|
|
{
|
|
|
|
"SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_TLS_D5_BUG
|
|
|
|
+#ifdef SSL_OP_TLS_D5_BUG
|
|
|
|
{
|
|
|
|
"TLS_D5_BUG", SSL_OP_TLS_D5_BUG
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_TLS_BLOCK_PADDING_BUG
|
|
|
|
+#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG
|
|
|
|
{
|
|
|
|
"TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_TLS_ROLLBACK_BUG
|
|
|
|
+#ifdef SSL_OP_TLS_ROLLBACK_BUG
|
|
|
|
{
|
|
|
|
"TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_ALL
|
|
|
|
+#ifdef SSL_OP_ALL
|
|
|
|
{
|
|
|
|
"ALL", (long)SSL_OP_ALL
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_SINGLE_DH_USE
|
|
|
|
+#ifdef SSL_OP_SINGLE_DH_USE
|
|
|
|
{
|
|
|
|
"SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_EPHEMERAL_RSA
|
|
|
|
+#ifdef SSL_OP_EPHEMERAL_RSA
|
|
|
|
{
|
|
|
|
"EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_PKCS1_CHECK_1
|
|
|
|
+#ifdef SSL_OP_PKCS1_CHECK_1
|
|
|
|
{
|
|
|
|
"PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_PKCS1_CHECK_2
|
|
|
|
+#ifdef SSL_OP_PKCS1_CHECK_2
|
|
|
|
{
|
|
|
|
"PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_NETSCAPE_CA_DN_BUG
|
|
|
|
+#ifdef SSL_OP_NETSCAPE_CA_DN_BUG
|
|
|
|
{
|
|
|
|
"NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_NON_EXPORT_FIRST
|
|
|
|
+#ifdef SSL_OP_NON_EXPORT_FIRST
|
|
|
|
{
|
|
|
|
"NON_EXPORT_FIRST", SSL_OP_NON_EXPORT_FIRST
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_CIPHER_SERVER_PREFERENCE
|
|
|
|
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
|
|
|
|
{
|
|
|
|
"CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
|
|
|
|
+#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
|
|
|
|
{
|
|
|
|
"NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_NO_SSLv3
|
|
|
|
+#ifdef SSL_OP_NO_SSLv3
|
|
|
|
{
|
|
|
|
"NO_SSLv3", SSL_OP_NO_SSLv3
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_NO_TLSv1
|
|
|
|
+#ifdef SSL_OP_NO_TLSv1
|
|
|
|
{
|
|
|
|
"NO_TLSv1", SSL_OP_NO_TLSv1
|
|
|
|
},
|
|
|
|
#else
|
|
|
|
{ "NO_TLSv1", 0 },
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_NO_TLSv1_1
|
|
|
|
+#ifdef SSL_OP_NO_TLSv1_1
|
|
|
|
{
|
|
|
|
"NO_TLSv1_1", SSL_OP_NO_TLSv1_1
|
|
|
|
},
|
|
|
|
#else
|
|
|
|
{ "NO_TLSv1_1", 0 },
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_NO_TLSv1_2
|
|
|
|
+#ifdef SSL_OP_NO_TLSv1_2
|
|
|
|
{
|
|
|
|
"NO_TLSv1_2", SSL_OP_NO_TLSv1_2
|
|
|
|
},
|
|
|
|
#else
|
|
|
|
{ "NO_TLSv1_2", 0 },
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_NO_TLSv1_3
|
|
|
|
+#ifdef SSL_OP_NO_TLSv1_3
|
|
|
|
{
|
|
|
|
"NO_TLSv1_3", SSL_OP_NO_TLSv1_3
|
|
|
|
},
|
|
|
|
#else
|
|
|
|
{ "NO_TLSv1_3", 0 },
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_NO_COMPRESSION
|
|
|
|
+#ifdef SSL_OP_NO_COMPRESSION
|
|
|
|
{
|
|
|
|
"No_Compression", SSL_OP_NO_COMPRESSION
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_NO_TICKET
|
|
|
|
+#ifdef SSL_OP_NO_TICKET
|
|
|
|
{
|
|
|
|
"NO_TICKET", SSL_OP_NO_TICKET
|
|
|
|
},
|
|
|
|
#endif
|
|
|
|
-#if SSL_OP_SINGLE_ECDH_USE
|
|
|
|
+#ifdef SSL_OP_SINGLE_ECDH_USE
|
|
|
|
{
|
|
|
|
"SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE
|
|
|
|
},
|
|
|
|
@@ -512,7 +512,7 @@ Security::PeerOptions::parseOptions()
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
-#if SSL_OP_NO_SSLv2
|
|
|
|
+#ifdef SSL_OP_NO_SSLv2
|
|
|
|
// compliance with RFC 6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0
|
|
|
|
op = op | SSL_OP_NO_SSLv2;
|
|
|
|
#endif
|