6 jaren geleden · f4da108184
--- a/libs/neon/src/ne_openssl.c
+++ b/libs/neon/src/ne_openssl.c
@@ -228,10 +228,10 @@ void ne_ssl_cert_validity_time(const ne_ssl_certificate *cert,
 
				                                time_t *from, time_t *until)
			
 
				 {
			
 
				     if (from) {
			
 
				-        *from = asn1time_to_timet(X509_get_notBefore(cert->subject));
			
 
				+        *from = asn1time_to_timet(X509_getm_notBefore(cert->subject));
			
 
				     }
			
 
				     if (until) {
			
 
				-        *until = asn1time_to_timet(X509_get_notAfter(cert->subject));
			
 
				+        *until = asn1time_to_timet(X509_getm_notAfter(cert->subject));
			
 
				     }
			
 
				 }
			
 
				 
			
@@ -1194,6 +1194,7 @@ static unsigned long thread_id_neon(void)
 
				 }
			
 
				 #endif
			
 
				 
			
 
				+#if OPENSSL_VERSION_NUMBER < 0x10100000L
			
 
				 /* Another great API design win for OpenSSL: no return value!  So if
			
 
				  * the lock/unlock fails, all that can be done is to abort. */
			
 
				 static void thread_lock_neon(int mode, int n, const char *file, int line)
			
@@ -1217,9 +1218,11 @@ static void thread_lock_neon(int mode, int n, const char *file, int line)
 
				         }
			
 
				     }
			
 
				 }
			
 
				+#endif
			
 
				 
			
 
				 #endif
			
 
				 
			
 
				+#if OPENSSL_VERSION_NUMBER < 0x10100000L
			
 
				 /* ID_CALLBACK_IS_{NEON,OTHER} evaluate as true if the currently
			
 
				  * registered OpenSSL ID callback is the neon function (_NEON), or has
			
 
				  * been overwritten by some other app (_OTHER). */
			
@@ -1230,6 +1233,7 @@ static void thread_lock_neon(int mode, int n, const char *file, int line)
 
				 #define ID_CALLBACK_IS_OTHER (CRYPTO_get_id_callback() != NULL)
			
 
				 #define ID_CALLBACK_IS_NEON (CRYPTO_get_id_callback() == thread_id_neon)
			
 
				 #endif
			
 
				+#endif
			
 
				 
			
 
				 int ne__ssl_init(void)
			
 
				 {
			
@@ -1286,6 +1290,7 @@ void ne__ssl_exit(void)
 
				     /* Cannot call ERR_free_strings() etc here in case any other code
			
 
				      * in the process using OpenSSL. */
			
 
				 
			
 
				+#if OPENSSL_VERSION_NUMBER < 0x10100000L
			
 
				 #ifdef NE_HAVE_TS_SSL
			
 
				     /* Only unregister the callbacks if some *other* library has not
			
 
				      * come along in the mean-time and trampled over the callbacks
			
@@ -1310,6 +1315,7 @@ void ne__ssl_exit(void)
 
				         free(locks);
			
 
				     }
			
 
				 #endif
			
 
				+#endif
			
 
				 }
			
 
				 
			
 
				 #ifdef WINSCP
			
--- a/libs/openssl/include/openssl/opensslconf.h
+++ b/libs/openssl/include/openssl/opensslconf.h
@@ -273,7 +273,7 @@ extern "C" {
 
				 #endif

			
 
				 

			
 
				 #ifndef OPENSSL_MIN_API

			
 
				-# define OPENSSL_MIN_API 0

			
 
				+# define OPENSSL_MIN_API 0x10200000L

			
 
				 #endif

			
 
				 

			
 
				 #if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API

			
--- a/source/core/Common.cpp
+++ b/source/core/Common.cpp
@@ -3977,7 +3977,7 @@ TStrings * TlsCipherList()
 
				 {

			
 
				   // OpenSSL initialization happens in NeonInitialize

			
 
				   std::unique_ptr<TStrings> Result(new TStringList());

			
 
				-  const SSL_METHOD * Method = TLSv1_client_method();

			
 
				+  const SSL_METHOD * Method = DTLS_client_method();

			
 
				   SSL_CTX * Ctx = SSL_CTX_new(Method);

			
 
				   SSL * Ssl = SSL_new(Ctx);

			
 
				 

			
--- a/source/core/Cryptography.cpp
+++ b/source/core/Cryptography.cpp
@@ -363,14 +363,14 @@ static int fcrypt_end(unsigned char mac[], fcrypt_ctx cx[1])
 
				 static void AES256Salt(RawByteString & Salt)

			
 
				 {

			
 
				   Salt.SetLength(SALT_LENGTH(PASSWORD_MANAGER_AES_MODE));

			
 
				-  RAND_pseudo_bytes(reinterpret_cast<unsigned char *>(Salt.c_str()), Salt.Length());

			
 
				+  RAND_bytes(reinterpret_cast<unsigned char *>(Salt.c_str()), Salt.Length());

			
 
				 }

			
 
				 //---------------------------------------------------------------------------

			
 
				 RawByteString GenerateEncryptKey()

			
 
				 {

			
 
				   RawByteString Result;

			
 
				   Result.SetLength(KEY_LENGTH(PASSWORD_MANAGER_AES_MODE));

			
 
				-  RAND_pseudo_bytes(reinterpret_cast<unsigned char *>(Result.c_str()), Result.Length());

			
 
				+  RAND_bytes(reinterpret_cast<unsigned char *>(Result.c_str()), Result.Length());

			
 
				   return Result;

			
 
				 }

			
 
				 //---------------------------------------------------------------------------

			
--- a/source/filezilla/AsyncSslSocketLayer.cpp
+++ b/source/filezilla/AsyncSslSocketLayer.cpp
@@ -74,8 +74,7 @@ int CAsyncSslSocketLayer::InitSSL()
 
				 

			
 
				   if (!m_nSslRefCount)

			
 
				   {

			
 
				-    SSL_load_error_strings();

			
 
				-    if (!SSL_library_init())

			
 
				+    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL))

			
 
				     {

			
 
				       return SSL_FAILURE_INITSSL;

			
 
				     }

			
@@ -1486,7 +1485,7 @@ BOOL CAsyncSslSocketLayer::GetPeerCertificateData(t_SslCertData &SslCertData, LP
 
				   //Set date fields

			
 
				 

			
 
				   //Valid from

			
 
				-  ASN1_TIME *pTime=X509_get_notBefore(pX509);

			
 
				+  ASN1_TIME *pTime=X509_getm_notBefore(pX509);

			
 
				   if (!pTime)

			
 
				   {

			
 
				     X509_free(pX509);

			
@@ -1502,7 +1501,7 @@ BOOL CAsyncSslSocketLayer::GetPeerCertificateData(t_SslCertData &SslCertData, LP
 
				   }

			
 
				 

			
 
				   //Valid until

			
 
				-  pTime = X509_get_notAfter(pX509);

			
 
				+  pTime = X509_getm_notAfter(pX509);

			
 
				   if (!pTime)

			
 
				   {

			
 
				     X509_free(pX509);