In src/lib-ssl-iostream/iostream-openssl-params.c a call is made to
DH_generate_parameters. This function has been deprecated since OpenSSL 0.9.8.
With OpenSSL 1.1 compilation will throw an error.
Not sure how to send patches, I don't even know if the patch I wrote
actually works (I don't program in C, but gave it a shot anyway) but below
is the patch.
--- a/src/lib-ssl-iostream/iostream-openssl-params.c
+++ b/src/lib-ssl-iostream/iostream-openssl-params.c
@@ -13,13 +13,21 @@ generate_dh_parameters(int bitsize, buffer_t *output, const
char **error_r)
{
DH *dh;
unsigned char *p;
- int len, len2;
+ int len, len2, success;
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ success = DH_generate_parameters_ex(dh, bitsize, DH_GENERATOR, NULL);
+#else
dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL);
if (dh == NULL) {
+ success = 0;
+ }
+#endif
+
+ if (success == 0) {
*error_r = t_strdup_printf(
- "DH_generate_parameters(bits=%d, gen=%d) failed: %s",
- bitsize, DH_GENERATOR, openssl_iostream_error());
+ "DH_generate_parameters(bits=%d, gen=%d) failed: %s",
+ bitsize, DH_GENERATOR, openssl_iostream_error());
return -1;
}
--
If anybody knows the instruction on how to send patches, please let me know and
I follow those instructions.
Regards,
Peter van der Does
Patch v2
--- a/src/lib-ssl-iostream/iostream-openssl-params.c
+++ b/src/lib-ssl-iostream/iostream-openssl-params.c
@@ -13,10 +13,19 @@ generate_dh_parameters(int bitsize, buffer_t *output, const
char **error_r)
{
DH *dh;
unsigned char *p;
- int len, len2;
+ int len, len2, success;
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ success = DH_generate_parameters_ex(dh, bitsize, DH_GENERATOR, NULL);
+#else
+ success = 1;
dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL);
if (dh == NULL) {
+ success = 0;
+ }
+#endif
+
+ if (success == 0) {
*error_r = t_strdup_printf(
"DH_generate_parameters(bits=%d, gen=%d) failed: %s",
bitsize, DH_GENERATOR, openssl_iostream_error());
--
> On April 26, 2017 at 3:15 PM Peter van der Does <peter at avirtualhome.com> wrote: > > > Patch v2 > > --- a/src/lib-ssl-iostream/iostream-openssl-params.c > +++ b/src/lib-ssl-iostream/iostream-openssl-params.c > @@ -13,10 +13,19 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) > { > DH *dh; > unsigned char *p; > - int len, len2; > + int len, len2, success; > > +#if OPENSSL_VERSION_NUMBER >= 0x00908000L > + success = DH_generate_parameters_ex(dh, bitsize, DH_GENERATOR, NULL); > +#else > + success = 1; > dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL); > if (dh == NULL) { > + success = 0; > + } > +#endif > + > + if (success == 0) { > *error_r = t_strdup_printf( > "DH_generate_parameters(bits=%d, gen=%d) failed: %s", > bitsize, DH_GENERATOR, openssl_iostream_error()); > --I encourage you to open pull request at https://github.com/dovecot/core/pulls Aki