73 lines
2.2 KiB
Diff
73 lines
2.2 KiB
Diff
diff --git a/configure.ac b/configure.ac
|
|
index 556f220..2c0693d 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -303,7 +303,7 @@ if test x$with_openssl != xno ; then
|
|
)
|
|
fi
|
|
if test x$with_openssl != xno ; then
|
|
- AC_CHECK_LIB(ssl, SSL_library_init, [
|
|
+ AC_CHECK_LIB(ssl, SSL_new, [
|
|
with_openssl=yes
|
|
LIBS="-lssl -lcrypto $LIBS"
|
|
], [
|
|
diff --git a/smtp-tls.c b/smtp-tls.c
|
|
index 9a66806..cfc6589 100644
|
|
--- a/smtp-tls.c
|
|
+++ b/smtp-tls.c
|
|
@@ -57,6 +57,7 @@ static void *ctx_password_cb_arg;
|
|
#ifdef USE_PTHREADS
|
|
#include <pthread.h>
|
|
static pthread_mutex_t starttls_mutex = PTHREAD_MUTEX_INITIALIZER;
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000
|
|
static pthread_mutex_t *openssl_mutex;
|
|
|
|
static void
|
|
@@ -70,6 +71,7 @@ openssl_mutexcb (int mode, int n,
|
|
pthread_mutex_unlock (&openssl_mutex[n]);
|
|
}
|
|
#endif
|
|
+#endif
|
|
|
|
static int
|
|
starttls_init (void)
|
|
@@ -77,6 +79,10 @@ starttls_init (void)
|
|
if (tls_init)
|
|
return 1;
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000
|
|
+ /* starting from OpenSSL 1.1.0, OpenSSL uses a new threading API and does its own locking */
|
|
+ /* also initialization has been reworked and is done automatically */
|
|
+ /* so there's not much to do here any more */
|
|
#ifdef USE_PTHREADS
|
|
/* Set up mutexes for the OpenSSL library */
|
|
if (openssl_mutex == NULL)
|
|
@@ -94,9 +100,10 @@ starttls_init (void)
|
|
CRYPTO_set_locking_callback (openssl_mutexcb);
|
|
}
|
|
#endif
|
|
- tls_init = 1;
|
|
SSL_load_error_strings ();
|
|
SSL_library_init ();
|
|
+#endif
|
|
+ tls_init = 1;
|
|
return 1;
|
|
}
|
|
|
|
@@ -201,7 +208,15 @@ starttls_create_ctx (smtp_session_t session)
|
|
3207. Servers typically support SSL as well as TLS because some
|
|
versions of Netscape do not support TLS. I am assuming that all
|
|
currently deployed servers correctly support TLS. */
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000
|
|
ctx = SSL_CTX_new (TLSv1_client_method ());
|
|
+#else
|
|
+ ctx = SSL_CTX_new (TLS_client_method ());
|
|
+ if (!SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION)) {
|
|
+ /* FIXME: set an error code AND free the allocated ctx */
|
|
+ return NULL;
|
|
+ }
|
|
+#endif
|
|
|
|
/* Load our keys and certificates. To avoid messing with configuration
|
|
variables etc, use fixed paths for the certificate store. These are
|