From daa88b765111b14047c97256bd2a9a2daabe123b Mon Sep 17 00:00:00 2001 From: Christoph Biedl Date: Mon, 5 Dec 2016 20:26:00 +0100 Subject: [PATCH] Fix building ngIRCd with OpenSSL 1.1 At the moment, ngIRCd fails to build against OpenSSL 1.1 since the configure check probes for the SSL_library_init symbol which was removed, but probing for a different function availabe in both versions solves that problem: SSL_new(). And as SSL_library_init is no longer needed, the patch boils down to probing SSL_new to assert libssl is available, and disabling the SSL_library_init invokation from OpenSSL 1.1 on, see also another application[1] (NSCA-ng) that did pretty much the same. Patch was compile-tested on both Debian jessie (OpenSSL 1.0.2) and stretch (OpenSSL 1.1). [1] (Patch by Christoph, commit message cherry-picked from the email thread on the mailing list by Alex. Thanks!) --- configure.ng | 4 ++-- src/ngircd/conn-ssl.c | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/configure.ng b/configure.ng index 34094a48..56139968 100644 --- a/configure.ng +++ b/configure.ng @@ -418,8 +418,8 @@ AC_ARG_WITH(openssl, LDFLAGS="-L$withval/lib $LDFLAGS" fi AC_CHECK_LIB(crypto, BIO_s_mem) - AC_CHECK_LIB(ssl, SSL_library_init) - AC_CHECK_FUNCS(SSL_library_init, x_ssl_openssl=yes, + AC_CHECK_LIB(ssl, SSL_new) + AC_CHECK_FUNCS(SSL_new, x_ssl_openssl=yes, AC_MSG_ERROR([Can't enable openssl]) ) fi diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c index 2cb734d4..705c29d5 100644 --- a/src/ngircd/conn-ssl.c +++ b/src/ngircd/conn-ssl.c @@ -283,10 +283,12 @@ ConnSSL_InitLibrary( void ) #ifdef HAVE_LIBSSL SSL_CTX *newctx; +#if OPENSSL_API_COMPAT < 0x10100000L if (!ssl_ctx) { SSL_library_init(); SSL_load_error_strings(); } +#endif if (!RAND_status()) { Log(LOG_ERR, "OpenSSL PRNG not seeded: /dev/urandom missing?");