/*
Bacula(R) - The Network Backup Solution
- Copyright (C) 2000-2015 Kern Sibbald
- Copyright (C) 2005-2014 Free Software Foundation Europe e.V.
+ Copyright (C) 2000-2017 Kern Sibbald
The original author of Bacula is Kern Sibbald, with contributions
from many others, a complete list can be found in the file AUTHORS.
#ifdef HAVE_OPENSSL /* How about OpenSSL? */
+#include "openssl-compat.h"
+
/* No anonymous ciphers, no <128 bit ciphers, no export ciphers, no MD5 ciphers */
#define TLS_DEFAULT_CIPHERS "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
/* Allows SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols */
ctx->openssl = SSL_CTX_new(TLS_method());
-#elif (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+#else
/* Allows most all protocols */
ctx->openssl = SSL_CTX_new(SSLv23_method());
-#else
- /* Older method only understands TLSv1 */
- ctx->openssl = SSL_CTX_new(TLSv1_method());
#endif
/* Use SSL_OP_ALL to turn on all "rather harmless" workarounds that
STACK_OF(CONF_VALUE) *val;
CONF_VALUE *nval;
void *extstr = NULL;
-#if (OPENSSL_VERSION_NUMBER >= 0x0090800FL)
const unsigned char *ext_value_data;
-#else
- unsigned char *ext_value_data;
-#endif
/* Get x509 extension method structure */
if (!(method = X509V3_EXT_get(ext))) {
ext_value_data = ext->value->data;
-#if (OPENSSL_VERSION_NUMBER > 0x00907000L)
if (method->it) {
/* New style ASN1 */
extstr = method->d2i(NULL, &ext_value_data, ext->value->length);
}
-#else
- extstr = method->d2i(NULL, &ext_value_data, ext->value->length);
-#endif
-
/* Iterate through to find the dNSName field(s) */
val = method->i2v(method, extstr, NULL);
{
TLS_CONNECTION *tls = bsock->tls;
int err;
- int fdmax, flags;
+ int flags;
int stat = true;
- fd_set fdset;
- struct timeval tv;
-
- /* Zero the fdset, we'll set our fd prior to each invocation of select() */
- FD_ZERO(&fdset);
- fdmax = bsock->m_fd + 1;
/* Ensure that socket is non-blocking */
flags = bsock->set_nonblocking();
stat = false;
goto cleanup;
case SSL_ERROR_WANT_READ:
- /* If we timeout of a select, this will be unset */
- FD_SET((unsigned) bsock->m_fd, &fdset);
- /* Set our timeout */
- tv.tv_sec = 10;
- tv.tv_usec = 0;
/* Block until we can read */
- select(fdmax, &fdset, NULL, NULL, &tv);
+ fd_wait_data(bsock->m_fd, WAIT_READ, 10, 0);
break;
case SSL_ERROR_WANT_WRITE:
- /* If we timeout of a select, this will be unset */
- FD_SET((unsigned) bsock->m_fd, &fdset);
- /* Set our timeout */
- tv.tv_sec = 10;
- tv.tv_usec = 0;
/* Block until we can write */
- select(fdmax, NULL, &fdset, NULL, &tv);
+ fd_wait_data(bsock->m_fd, WAIT_WRITE, 10, 0);
break;
default:
/* Socket Error Occurred */
static inline int openssl_bsock_readwrite(BSOCK *bsock, char *ptr, int nbytes, bool write)
{
TLS_CONNECTION *tls = bsock->tls;
- int fdmax, flags;
- fd_set fdset;
- struct timeval tv;
+ int flags;
int nleft = 0;
int nwritten = 0;
- /* Zero the fdset, we'll set our fd prior to each invocation of select() */
- FD_ZERO(&fdset);
- fdmax = bsock->m_fd + 1;
-
/* Ensure that socket is non-blocking */
flags = bsock->set_nonblocking();
goto cleanup;
case SSL_ERROR_WANT_READ:
- /* If we timeout on a select, this will be unset */
- FD_SET((unsigned)bsock->m_fd, &fdset);
- tv.tv_sec = 10;
- tv.tv_usec = 0;
/* Block until we can read */
- select(fdmax, &fdset, NULL, NULL, &tv);
+ fd_wait_data(bsock->m_fd, WAIT_READ, 10, 0);
break;
case SSL_ERROR_WANT_WRITE:
- /* If we timeout on a select, this will be unset */
- FD_SET((unsigned)bsock->m_fd, &fdset);
- tv.tv_sec = 10;
- tv.tv_usec = 0;
- /* Block until we can write */
- select(fdmax, NULL, &fdset, NULL, &tv);
+ /* Block until we can read */
+ fd_wait_data(bsock->m_fd, WAIT_WRITE, 10, 0);
break;
case SSL_ERROR_ZERO_RETURN: