Fix build failure against OpenSSL 1.1 built with no-deprecated #160
Conversation
markwright
force-pushed
the
master
branch
2 times, most recently
from
2f4a312 to
e103636
Compare
ext/openssl/ossl.c
Outdated
| OpenSSL_add_ssl_algorithms(); | ||
| OpenSSL_add_all_algorithms(); | ||
| ERR_load_crypto_strings(); | ||
| SSL_load_error_strings(); | ||
| #endif |
There was a problem hiding this comment.
Suffix L and the parentheses around OPENSSL_VERSION_NUMBER >= ~~ are redundant.
The return value from OPENSSL_init_ssl() should be checked.
if (!OPENSSL_init_ssl(0, NULL))
rb_raise(rb_eRuntimeError, "OPENSSL_init_ssl");
While you're at it, can you remove the obsolete comments above and below?
ext/openssl/ossl.h
Outdated
| # include <openssl/dsa.h> | ||
| # include <openssl/evp.h> | ||
| # include <openssl/dh.h> | ||
| #endif |
There was a problem hiding this comment.
They can be unconditionally included since they all exist in OpenSSL 1.0.1 (which is the minimum supported) and LibreSSL.
ext/openssl/ossl_cipher.c
Outdated
| if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER) | ||
| #endif |
There was a problem hiding this comment.
EVP_CIPHER_CTX_cipher() and EVP_CIPHER_flags() exist in OpenSSL 1.0.1.
ext/openssl/ossl_engine.c
Outdated
| OSSL_ENGINE_LOAD_IF_MATCH(dynamic); | ||
| #endif | ||
| #endif |
There was a problem hiding this comment.
This is comparing the string with "DYNAMIC" rather than "dynamic". The return value from OPENSSL_init_crypto() should be checked.
ext/openssl/ossl_x509cert.c
Outdated
| if (!X509_set_notBefore(x509, asn1time)) { | ||
| #endif |
There was a problem hiding this comment.
I'd define macro in ext/openssl/openssl_missing.h. It's actually done for the getter functions, but apparently I forgot to do that for the setters.
#define X509_set1_notBefore(x, t) X509_set_notBefore(x, t)
3eb532f to
badffb6
Compare
ext/openssl/ossl_engine.c
Outdated
| #define OSSL_ENGINE_LOAD_IF_MATCH(x) \ | ||
| do{\ | ||
| if(!strcmp(#x, RSTRING_PTR(name))){\ | ||
| ENGINE_load_##x();\ | ||
| return Qtrue;\ | ||
| }\ | ||
| }while(0) | ||
| #endif |
There was a problem hiding this comment.
strcasecmp() would be overkill. I was expecting something like:
#define OSSL_ENGINE_LOAD_IF_MATCH(engine_name, x) do { \
...
if (!strcmp(#engine_name, RSTRING_PTR(name)))...
...
OSSL_ENGINE_LOAD_IF_MATCH(dynamic, DYNAMIC);
The OpenSSL < 1.1.0 version can have the same signature so the #ifs below can be removed.
Additionally, (this is not documented anywhere, but) ossl_raise() that rewinds "error"s in the OpenSSL error queue should be used with eEngineError instead. ossl.c had to use the raw rb_raise() because OpenSSL wouldn't be initialized at that time.
ext/openssl/ossl_engine.c
Outdated
| @@ -160,7 +198,9 @@ ossl_engine_s_load(int argc, VALUE *argv, VALUE klass) | |||
| static VALUE | |||
| ossl_engine_s_cleanup(VALUE self) | |||
| { | |||
| #if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L) | |||
ext/openssl/ossl_x509crl.c
Outdated
| if (!X509_CRL_set_lastUpdate(crl, asn1time)) { | ||
| #endif |
There was a problem hiding this comment.
Can you add X509_CRL_set1_{last,next}Update() to openssl_missing.h, too?
markwright
force-pushed
the
master
branch
2 times, most recently
from
53bea13 to
8fb6759
Compare
ext/openssl/ossl_engine.c
Outdated
| if (OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_##x, NULL))\ | ||
| return Qtrue;\ | ||
| else\ | ||
| ossl_raise(eEngineError, "OPENSSL_init_ssl"); \ |
Thanks rhenium for the code review and fixes.
|
Thanks I fixed the typo s/_ssl/_crypto/ and squashed all the commits. |
|
Thanks! |
The proposed changes remove the use of the OpenSSL 1.1.0 deprecated API. Which fixes the following build errors that occur on Gentoo when building ruby 2.4.2 with openssl 1.1.0f built with no-deprecated:
compiling ossl.c
ossl.c: In function ‘Init_openssl’:
ossl.c:1014:5: warning: implicit declaration of function ‘OpenSSL_add_all_algorithms’; did you mean ‘OpenSSL_add_ssl_algorithms’? [-Wimplicit-function-declaration]
OpenSSL_add_all_algorithms();
^~~~~~~~~~~~~~~~~~~~~~~~~~
OpenSSL_add_ssl_algorithms
ossl.c:1015:5: warning: implicit declaration of function ‘ERR_load_crypto_strings’; did you mean ‘ERR_load_OCSP_strings’? [-Wimplicit-function-declaration]
ERR_load_crypto_strings();
^~~~~~~~~~~~~~~~~~~~~~~
ERR_load_OCSP_strings
ossl.c:1016:5: warning: implicit declaration of function ‘SSL_load_error_strings’; did you mean ‘ERR_lib_error_string’? [-Wimplicit-function-declaration]
SSL_load_error_strings();
^~~~~~~~~~~~~~~~~~~~~~
ERR_lib_error_string
In file included from ../.././include/ruby/ruby.h:36:0,
from ../.././include/ruby.h:33,
from ossl.h:17,
from ossl.c:10:
ossl.c:1051:67: warning: implicit declaration of function ‘SSLeay_version’; did you mean ‘SSL_version’? [-Wimplicit-function-declaration]
rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
^
../.././include/ruby/defines.h:94:53: note: in definition of macro ‘RB_GNUC_EXTENSION_BLOCK’
#define RB_GNUC_EXTENSION_BLOCK(x) extension ({ x; })
^
../.././include/ruby/intern.h:857:21: note: in expansion of macro ‘rb_str_new_cstr’
#define rb_str_new2 rb_str_new_cstr
^~~~~~~~~~~~~~~
ossl.c:1051:55: note: in expansion of macro ‘rb_str_new2’
rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
^~~~~~~~~~~
ossl.c:1051:82: error: ‘SSLEAY_VERSION’ undeclared (first use in this function); did you mean ‘SSL2_VERSION’?
rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
^
../.././include/ruby/defines.h:94:53: note: in definition of macro ‘RB_GNUC_EXTENSION_BLOCK’
#define RB_GNUC_EXTENSION_BLOCK(x) extension ({ x; })
^
../.././include/ruby/intern.h:857:21: note: in expansion of macro ‘rb_str_new_cstr’
#define rb_str_new2 rb_str_new_cstr
^~~~~~~~~~~~~~~
ossl.c:1051:55: note: in expansion of macro ‘rb_str_new2’
rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
^~~~~~~~~~~
ossl.c:1051:82: note: each undeclared identifier is reported only once for each function it appears in
rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
^
../.././include/ruby/defines.h:94:53: note: in definition of macro ‘RB_GNUC_EXTENSION_BLOCK’
#define RB_GNUC_EXTENSION_BLOCK(x) extension ({ x; })
^
../.././include/ruby/intern.h:857:21: note: in expansion of macro ‘rb_str_new_cstr’
#define rb_str_new2 rb_str_new_cstr
^~~~~~~~~~~~~~~
ossl.c:1051:55: note: in expansion of macro ‘rb_str_new2’
rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
^~~~~~~~~~~
The Gentoo bug is:
https://bugs.gentoo.org/614760