From cbeb06b19b6f62b60211f8e32ea90ca780b8b9eb Mon Sep 17 00:00:00 2001 From: Gerhard Rieger Date: Sat, 31 Aug 2019 18:26:41 +0200 Subject: [PATCH] Fixed regression: SSL_CTX_clear_mode() not available in older OpenSSL versions --- CHANGES | 4 ++++ VERSION | 2 +- config.h.in | 3 +++ configure.ac | 1 + xio-openssl.c | 2 ++ 5 files changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index a029d3d..7b60fd1 100644 --- a/CHANGES +++ b/CHANGES @@ -15,6 +15,10 @@ Corrections: configure. Thanks to Jason White for sending a patch. + Due to use of SSL_CTX_clear_mode() Socat failed to compile on old + systems with, e.g., OpenSSL-0.9.8. Thanks to Simon Matter and Moritz B. + for reporting this problem and sending initial patches. + ####################### V 1.7.3.3: Corrections: diff --git a/VERSION b/VERSION index cf7f806..a6a708f 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -"1.7.3.3" +"1.7.3.3+" diff --git a/config.h.in b/config.h.in index 64f8f83..17a6549 100644 --- a/config.h.in +++ b/config.h.in @@ -476,6 +476,9 @@ /* Define if you have the OpenSSL ASN1_STRING_get0_data function */ #undef HAVE_ASN1_STRING_get0_data +/* Define if you have the OpenSSL SSL_CTX_clear_mode macro or function */ +#undef HAVE_SSL_CTX_clear_mode + /* Define if you have the flock function */ #undef HAVE_FLOCK diff --git a/configure.ac b/configure.ac index 3ae4b63..d788dc1 100644 --- a/configure.ac +++ b/configure.ac @@ -1463,6 +1463,7 @@ AC_CHECK_FUNC(RAND_egd, AC_DEFINE(HAVE_RAND_egd), AC_CHECK_LIB(crypt, RAND_egd, AC_CHECK_FUNC(DH_set0_pqg, AC_DEFINE(HAVE_DH_set0_pqg), AC_CHECK_LIB(crypt, DH_set0_pqg, [LIBS=-lcrypt $LIBS])) AC_CHECK_FUNC(ASN1_STRING_get0_data, AC_DEFINE(HAVE_ASN1_STRING_get0_data), AC_CHECK_LIB(crypt, ASN1_STRING_get0_data, [LIBS=-lcrypt $LIBS])) AC_CHECK_FUNC(RAND_status, AC_DEFINE(HAVE_RAND_status)) +AC_CHECK_FUNC(SSL_CTX_clear_mode, AC_DEFINE(HAVE_SSL_CTX_clear_mode)) AC_MSG_CHECKING(for type EC_KEY) AC_CACHE_VAL(sc_cv_type_EC_TYPE, diff --git a/xio-openssl.c b/xio-openssl.c index 68b752f..132e8ea 100644 --- a/xio-openssl.c +++ b/xio-openssl.c @@ -1023,6 +1023,7 @@ cont_out: } #endif +#if defined(HAVE_SSL_CTX_clear_mode) || defined(SSL_CTX_clear_mode) /* It seems that OpenSSL-1.1.1 presets the mode differently. Without correction socat might hang in SSL_read() */ { @@ -1034,6 +1035,7 @@ cont_out: SSL_CTX_clear_mode(*ctx, SSL_MODE_AUTO_RETRY); } } +#endif /* defined(HAVE_SSL_CTX_clear_mode) || defined(SSL_CTX_clear_mode) */ if (opt_cafile != NULL || opt_capath != NULL) { if (sycSSL_CTX_load_verify_locations(*ctx, opt_cafile, opt_capath) != 1) {