crypto: remove support for ancient openssl

author Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Wed, 8 Nov 2017 13:37:31 +0000 (14:37 +0100)

committer Kern Sibbald <kern@sibbald.com>

Sun, 19 Nov 2017 15:53:40 +0000 (16:53 +0100)
author Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Wed, 8 Nov 2017 13:37:31 +0000 (14:37 +0100)
committer Kern Sibbald <kern@sibbald.com>
Sun, 19 Nov 2017 15:53:40 +0000 (16:53 +0100)
diff --git a/bacula/src/lib/crypto.c b/bacula/src/lib/crypto.c

index 9f309d58e4739d0be6b7d3e0ce4fb1c69c7884f9..b4403eb45618a466d0a4ddbaaace9101c3b95fb9 100644 (file)
--- a/bacula/src/lib/crypto.c
+++ b/bacula/src/lib/crypto.c
@@ -307,12 +307,7 @@ static ASN1_OCTET_STRING *openssl_cert_keyid(X509 *cert) {
     const X509V3_EXT_METHOD *method;
     ASN1_OCTET_STRING *keyid;
     int i;
-#if (OPENSSL_VERSION_NUMBER >= 0x0090800FL)
     const unsigned char *ext_value_data;
-#else
-   unsigned char *ext_value_data;
-#endif
-
  
     /* Find the index to the subjectKeyIdentifier extension */
     i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
@@ -331,7 +326,6 @@ static ASN1_OCTET_STRING *openssl_cert_keyid(X509 *cert) {
  
     ext_value_data = ext->value->data;
  
-#if (OPENSSL_VERSION_NUMBER > 0x00907000L)
     if (method->it) {
        /* New style ASN1 */
  
@@ -345,10 +339,6 @@ static ASN1_OCTET_STRING *openssl_cert_keyid(X509 *cert) {
        keyid = (ASN1_OCTET_STRING *) method->d2i(NULL, &ext_value_data, ext->value->length);
     }
  
-#else
-   keyid = (ASN1_OCTET_STRING *) method->d2i(NULL, &ext_value_data, ext->value->length);
-#endif
-
     return keyid;
  }
  
@@ -783,11 +773,7 @@ crypto_error_t crypto_sign_verify(SIGNATURE *sig, X509_KEYPAIR *keypair, DIGEST
     SignerInfo *si;
     int ok, i;
     unsigned int sigLen;
-#if (OPENSSL_VERSION_NUMBER >= 0x0090800FL)
     const unsigned char *sigData;
-#else
-   unsigned char *sigData;
-#endif
  
     signers = sig->sigData->signerInfo;
  
@@ -934,11 +920,7 @@ int crypto_sign_encode(SIGNATURE *sig, uint8_t *dest, uint32_t *length)
  SIGNATURE *crypto_sign_decode(JCR *jcr, const uint8_t *sigData, uint32_t length)
  {
     SIGNATURE *sig;
-#if (OPENSSL_VERSION_NUMBER >= 0x0090800FL)
     const unsigned char *p = (const unsigned char *) sigData;
-#else
-   unsigned char *p = (unsigned char *)sigData;
-#endif
  
     sig = (SIGNATURE *)malloc(sizeof(SIGNATURE));
     if (!sig) {
@@ -1156,11 +1138,7 @@ crypto_error_t crypto_session_decode(const uint8_t *data, uint32_t length, alist
     X509_KEYPAIR *keypair;
     STACK_OF(RecipientInfo) *recipients;
     crypto_error_t retval = CRYPTO_ERROR_NONE;
-#if (OPENSSL_VERSION_NUMBER >= 0x0090800FL)
     const unsigned char *p = (const unsigned char *)data;
-#else
-   unsigned char *p = (unsigned char *)data;
-#endif
  
     /* bacula-fd.conf doesn't contains any key */
     if (!keypairs) {
diff --git a/bacula/src/lib/tls.c b/bacula/src/lib/tls.c

index f444a276a5e2723b06364fb592c60223890f517f..992265b38ad22069f4274a3cac048175bdd3dc92 100644 (file)
--- a/bacula/src/lib/tls.c
+++ b/bacula/src/lib/tls.c
@@ -118,13 +118,10 @@ TLS_CONTEXT *new_tls_context(const char *ca_certfile, const char *ca_certdir,
     /* Allows SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols */
     ctx->openssl = SSL_CTX_new(TLS_method());
  
-#elif (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+#else
     /* Allows most all protocols */
     ctx->openssl = SSL_CTX_new(SSLv23_method());
  
-#else
-   /* Older method only understands TLSv1 */
-   ctx->openssl = SSL_CTX_new(TLSv1_method());
  #endif
  
     /* Use SSL_OP_ALL to turn on all "rather harmless" workarounds that
@@ -337,11 +334,7 @@ bool tls_postconnect_verify_host(JCR *jcr, TLS_CONNECTION *tls, const char *host
              STACK_OF(CONF_VALUE) *val;
              CONF_VALUE *nval;
              void *extstr = NULL;
-#if (OPENSSL_VERSION_NUMBER >= 0x0090800FL)
              const unsigned char *ext_value_data;
-#else
-            unsigned char *ext_value_data;
-#endif
  
              /* Get x509 extension method structure */
              if (!(method = X509V3_EXT_get(ext))) {
@@ -350,7 +343,6 @@ bool tls_postconnect_verify_host(JCR *jcr, TLS_CONNECTION *tls, const char *host
  
              ext_value_data = ext->value->data;
  
-#if (OPENSSL_VERSION_NUMBER > 0x00907000L)
              if (method->it) {
                 /* New style ASN1 */
  
@@ -364,10 +356,6 @@ bool tls_postconnect_verify_host(JCR *jcr, TLS_CONNECTION *tls, const char *host
                 extstr = method->d2i(NULL, &ext_value_data, ext->value->length);
              }
  
-#else
-            extstr = method->d2i(NULL, &ext_value_data, ext->value->length);
-#endif
-
              /* Iterate through to find the dNSName field(s) */
              val = method->i2v(method, extstr, NULL);
author	Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
	Wed, 8 Nov 2017 13:37:31 +0000 (14:37 +0100)
committer	Kern Sibbald <kern@sibbald.com>
	Sun, 19 Nov 2017 15:53:40 +0000 (16:53 +0100)
bacula/src/lib/crypto.c		patch \| blob \| history
bacula/src/lib/tls.c		patch \| blob \| history