[Spice-commits] 2 commits - configure.ac server/reds.c server/red-worker.c
Christophe Fergau
teuf at kemper.freedesktop.org
Fri Dec 8 14:23:05 UTC 2017
configure.ac | 2 +-
server/red-worker.c | 1 -
server/reds.c | 22 +++-------------------
3 files changed, 4 insertions(+), 21 deletions(-)
New commits:
commit 7ff434b104ab3418d85c081c9515be5230c74c50
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Thu Dec 7 17:47:27 2017 +0100
ssl: Drop support for older OpenSSL versions
SSL_OP_NO_COMPRESSION was introduced in OpenSSL_0_9_8k, which is no
longer supported. This commit raises the minimum OpenSSL version to
1.0.0, which is also out of support.
Signed-off-by: Christophe Fergeau <cfergeau at redhat.com>
Acked-by: Frediano Ziglio <fziglio at redhat.com>
diff --git a/configure.ac b/configure.ac
index 3401dba8..62d1a020 100644
--- a/configure.ac
+++ b/configure.ac
@@ -186,7 +186,7 @@ if test "x$enable_celt051" = "xyes"; then
AS_VAR_APPEND([SPICE_REQUIRES], [" celt051 >= $CELT051_REQUIRED"]))
fi
-PKG_CHECK_MODULES(SSL, openssl)
+PKG_CHECK_MODULES(SSL, openssl >= 1.0.0)
AC_SUBST(SSL_CFLAGS)
AC_SUBST(SSL_LIBS)
AS_VAR_APPEND([SPICE_REQUIRES], [" openssl"])
diff --git a/server/reds.c b/server/reds.c
index f5b9ffd2..325af5e8 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -2819,15 +2819,12 @@ static gpointer openssl_global_init(gpointer arg)
static int reds_init_ssl(RedsState *reds)
{
static GOnce openssl_once = G_ONCE_INIT;
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
const SSL_METHOD *ssl_method;
-#else
- SSL_METHOD *ssl_method;
-#endif
int return_code;
- /* When some other SSL/TLS version becomes obsolete, add it to this
+ /* Limit connection to TLSv1 only.
+ * When some other SSL/TLS version becomes obsolete, add it to this
* variable. */
- long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+ long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
/* Global system initialization*/
g_once(&openssl_once, openssl_global_init, NULL);
@@ -2841,10 +2838,6 @@ static int reds_init_ssl(RedsState *reds)
return -1;
}
- /* Limit connection to TLSv1 only */
-#ifdef SSL_OP_NO_COMPRESSION
- ssl_options |= SSL_OP_NO_COMPRESSION;
-#endif
SSL_CTX_set_options(reds->ctx, ssl_options);
/* Load our keys and certificates*/
@@ -2877,10 +2870,6 @@ static int reds_init_ssl(RedsState *reds)
return -1;
}
-#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
- SSL_CTX_set_verify_depth(reds->ctx, 1);
-#endif
-
if (strlen(reds->config->ssl_parameters.dh_key_file) > 0) {
if (load_dh_params(reds->ctx, reds->config->ssl_parameters.dh_key_file) < 0) {
return -1;
@@ -2894,11 +2883,6 @@ static int reds_init_ssl(RedsState *reds)
}
}
-#ifndef SSL_OP_NO_COMPRESSION
- STACK *cmp_stack = SSL_COMP_get_compression_methods();
- sk_zero(cmp_stack);
-#endif
-
return 0;
}
commit dd8e205aaf6673b027f60d60188cc575d98e52b1
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Thu Dec 7 17:18:34 2017 +0100
worker: Remove unneeded include
Nothing seems to be using openssl in red-worker.c
Signed-off-by: Christophe Fergeau <cfergeau at redhat.com>
Acked-by: Frediano Ziglio <fziglio at redhat.com>
diff --git a/server/red-worker.c b/server/red-worker.c
index 08bfdae2..21622b1e 100644
--- a/server/red-worker.c
+++ b/server/red-worker.c
@@ -28,7 +28,6 @@
#include <unistd.h>
#include <poll.h>
#include <pthread.h>
-#include <openssl/ssl.h>
#include <inttypes.h>
#include <glib.h>
More information about the Spice-commits
mailing list