1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
|
From ecd1d7b800a8e5d54bd2bb04019759f2bc8b1326 Mon Sep 17 00:00:00 2001
From: Barry Smith <bsmith@mcs.anl.gov>
Date: Fri, 25 Nov 2016 20:14:29 -0600
Subject: [PATCH] Update so that ssl support will compile and run with SSL 1.1
Tested on Apple with brew install openssl@1.1 and on linux with manual install of 1.1
Please report any problems
Resolves issue #145
Reported-by: Drew Parsons
---
config/BuildSystem/config/packages/ssl.py | 4 ++--
src/sys/webclient/client.c | 7 ++++++-
2 files changed, 8 insertions(+), 3 deletions(-)
Index: petsc/config/BuildSystem/config/packages/ssl.py
===================================================================
--- petsc.orig/config/BuildSystem/config/packages/ssl.py
+++ petsc/config/BuildSystem/config/packages/ssl.py
@@ -4,7 +4,7 @@ import os
class Configure(config.package.Package):
def __init__(self, framework):
config.package.Package.__init__(self, framework)
- self.functions = ['SSLv23_method']
+ self.functions = ['SSL_version']
self.includes = ['openssl/ssl.h']
self.liblist = [['libssl.a','libcrypto.a']]
self.lookforbydefault = 1
@@ -22,7 +22,7 @@ class Configure(config.package.Package):
def getSearchDirectories(self):
'''macOS no longer provides openssl include files. On macOS brew puts them in the second location listed here'''
- return ['',os.path.join('/usr','local','opt','openssl')]
+ return ['',os.path.join('/usr','local','opt','openssl@1.1'),os.path.join('/usr','local','opt','openssl')]
def configureLibrary(self):
if 'with-ios' in self.argDB and self.argDB['with-ios']:
Index: petsc/src/sys/webclient/client.c
===================================================================
--- petsc.orig/src/sys/webclient/client.c
+++ petsc/src/sys/webclient/client.c
@@ -53,7 +53,12 @@ PetscErrorCode PetscSSLInitializeContext
/* Set up a SIGPIPE handler */
signal(SIGPIPE,sigpipe_handle);
- ctx = SSL_CTX_new(SSLv23_method());
+/* suggested at https://mta.openssl.org/pipermail/openssl-dev/2015-May/001449.html */
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ ctx = SSL_CTX_new(TLS_client_method());
+#else
+ ctx = SSL_CTX_new(SSLv23_client_method());
+#endif
SSL_CTX_set_mode(ctx,SSL_MODE_AUTO_RETRY);
#if defined(PETSC_USE_SSL_CERTIFICATE)
|