/*
Bacula(R) - The Network Backup Solution
- Copyright (C) 2000-2016 Kern Sibbald
+ Copyright (C) 2000-2017 Kern Sibbald
The original author of Bacula is Kern Sibbald, with contributions
from many others, a complete list can be found in the file AUTHORS.
#ifdef HAVE_OPENSSL /* How about OpenSSL? */
+#include "openssl-compat.h"
+
/* No anonymous ciphers, no <128 bit ciphers, no export ciphers, no MD5 ciphers */
#define TLS_DEFAULT_CIPHERS "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
/* Allows SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols */
ctx->openssl = SSL_CTX_new(TLS_method());
-#elif (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+#else
/* Allows most all protocols */
ctx->openssl = SSL_CTX_new(SSLv23_method());
-#else
- /* Older method only understands TLSv1 */
- ctx->openssl = SSL_CTX_new(TLSv1_method());
#endif
/* Use SSL_OP_ALL to turn on all "rather harmless" workarounds that
STACK_OF(CONF_VALUE) *val;
CONF_VALUE *nval;
void *extstr = NULL;
-#if (OPENSSL_VERSION_NUMBER >= 0x0090800FL)
const unsigned char *ext_value_data;
-#else
- unsigned char *ext_value_data;
-#endif
+ const ASN1_STRING *asn1_ext_val;
/* Get x509 extension method structure */
if (!(method = X509V3_EXT_get(ext))) {
break;
}
- ext_value_data = ext->value->data;
+ asn1_ext_val = X509_EXTENSION_get_data(ext);
+ ext_value_data = ASN1_STRING_get0_data(asn1_ext_val);
-#if (OPENSSL_VERSION_NUMBER > 0x00907000L)
if (method->it) {
/* New style ASN1 */
/* Decode ASN1 item in data */
- extstr = ASN1_item_d2i(NULL, &ext_value_data, ext->value->length,
+ extstr = ASN1_item_d2i(NULL, &ext_value_data, ASN1_STRING_length(asn1_ext_val),
ASN1_ITEM_ptr(method->it));
} else {
/* Old style ASN1 */
/* Decode ASN1 item in data */
- extstr = method->d2i(NULL, &ext_value_data, ext->value->length);
+ extstr = method->d2i(NULL, &ext_value_data, ASN1_STRING_length(asn1_ext_val));
}
-#else
- extstr = method->d2i(NULL, &ext_value_data, ext->value->length);
-#endif
-
/* Iterate through to find the dNSName field(s) */
val = method->i2v(method, extstr, NULL);
{
TLS_CONNECTION *tls = bsock->tls;
int err;
- int fdmax, flags;
+ int flags;
int stat = true;
- fd_set fdset;
- struct timeval tv;
-
- /* Zero the fdset, we'll set our fd prior to each invocation of select() */
- FD_ZERO(&fdset);
- fdmax = bsock->m_fd + 1;
/* Ensure that socket is non-blocking */
flags = bsock->set_nonblocking();
stat = false;
goto cleanup;
case SSL_ERROR_WANT_READ:
- /* If we timeout of a select, this will be unset */
- FD_SET((unsigned) bsock->m_fd, &fdset);
- /* Set our timeout */
- tv.tv_sec = 10;
- tv.tv_usec = 0;
/* Block until we can read */
- select(fdmax, &fdset, NULL, NULL, &tv);
+ fd_wait_data(bsock->m_fd, WAIT_READ, 10, 0);
break;
case SSL_ERROR_WANT_WRITE:
- /* If we timeout of a select, this will be unset */
- FD_SET((unsigned) bsock->m_fd, &fdset);
- /* Set our timeout */
- tv.tv_sec = 10;
- tv.tv_usec = 0;
/* Block until we can write */
- select(fdmax, NULL, &fdset, NULL, &tv);
+ fd_wait_data(bsock->m_fd, WAIT_WRITE, 10, 0);
break;
default:
/* Socket Error Occurred */
static inline int openssl_bsock_readwrite(BSOCK *bsock, char *ptr, int nbytes, bool write)
{
TLS_CONNECTION *tls = bsock->tls;
- int fdmax, flags;
- fd_set fdset;
- struct timeval tv;
+ int flags;
int nleft = 0;
int nwritten = 0;
- /* Zero the fdset, we'll set our fd prior to each invocation of select() */
- FD_ZERO(&fdset);
- fdmax = bsock->m_fd + 1;
-
/* Ensure that socket is non-blocking */
flags = bsock->set_nonblocking();
goto cleanup;
case SSL_ERROR_WANT_READ:
- /* If we timeout on a select, this will be unset */
- FD_SET((unsigned)bsock->m_fd, &fdset);
- tv.tv_sec = 10;
- tv.tv_usec = 0;
/* Block until we can read */
- select(fdmax, &fdset, NULL, NULL, &tv);
+ fd_wait_data(bsock->m_fd, WAIT_READ, 10, 0);
break;
case SSL_ERROR_WANT_WRITE:
- /* If we timeout on a select, this will be unset */
- FD_SET((unsigned)bsock->m_fd, &fdset);
- tv.tv_sec = 10;
- tv.tv_usec = 0;
- /* Block until we can write */
- select(fdmax, NULL, &fdset, NULL, &tv);
+ /* Block until we can read */
+ fd_wait_data(bsock->m_fd, WAIT_WRITE, 10, 0);
break;
case SSL_ERROR_ZERO_RETURN: