1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
From: Ian Goldberg <iang@uwaterloo.ca>
Date: Mon, 15 Aug 2022 15:36:46 -0400
Subject: allow build and run on both openssl 3.x and pre-3.x systems
index 78b99f7..812f5d1 100644
--- a/infrastructure/m4/ax_check_ssl.m4
+++ b/infrastructure/m4/ax_check_ssl.m4
@@ -32,6 +32,7 @@
if test "x$ax_check_ssl_found" = "xyes"; then
AC_DEFINE([HAVE_SSL], 1, [Define to 1 if SSL is available])
+ AC_CHECK_HEADERS([openssl/provider.h],,)
m4_ifvaln([$1],[$1],[:])dnl
m4_ifvaln([$2],[else $2])dnl
fi
--- a/lib/server/SSLLib.cpp
+++ b/lib/server/SSLLib.cpp
@@ -13,6 +13,9 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
+#ifdef HAVE_OPENSSL_PROVIDER_H
+#include <openssl/provider.h>
+#endif
#ifdef WIN32
#include <wincrypt.h>
@@ -49,6 +52,20 @@
// More helpful error messages
::SSL_load_error_strings();
+#ifdef HAVE_OPENSSL_PROVIDER_H
+ // We use Blowfish, so in OpenSSL 3.x we need to explicitly load
+ // the legacy provider. Then if you explicitly load any provider
+ // the default provider is no longer loaded implicitly, so load
+ // that as well.
+ OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
+ OSSL_PROVIDER *deflt = OSSL_PROVIDER_load(NULL, "default");
+ if (legacy == NULL || deflt == NULL) {
+ THROW_EXCEPTION_MESSAGE(ServerException,
+ SSLLibraryInitialisationError,
+ CryptoUtils::LogError("loading OpenSSL providers"));
+ }
+#endif
+
// Extra seeding over and above what's already done by the library
#ifdef WIN32
HCRYPTPROV provider;
|
