Added support for OpenSSL 1.1

Some KOpenSSLProxy methods have been renamed to be consistent
with OpenSSL 1.1 API names and to prevent hidden API changes.
To ensure API / ABI compatibility, the original methods are
still included but have been marked as deprecated.

+ SSLv23_client_method => TLS_client_method
+ X509_STORE_CTX_set_chain => X509_STORE_CTX_set0_untrusted
+ sk_dup => OPENSSL_sk_dup
+ sk_free => OPENSSL_sk_free
+ sk_new => OPENSSL_sk_new
+ sk_num => OPENSSL_sk_num
+ sk_pop => OPENSSL_sk_pop
+ sk_push => OPENSSL_sk_push
+ sk_value => OPENSSL_sk_value

Additional methods have been added to KOpenSSLProxy to support
the new OpenSSL 1.1 API functions that provide access to the
(now) opaque SSL structures. Compatibility with OpenSSL < 1.1
is handled internally in KOpenSSLProxy.

+ BIO_get_data
+ DSA_get0_key
+ DSA_get0_pqg
+ EVP_PKEY_base_id
+ EVP_PKEY_get0_DSA
+ EVP_PKEY_get0_RSA
+ RSA_get0_key
+ X509_CRL_get0_lastUpdate
+ X509_CRL_get0_nextUpdate
+ X509_OBJECT_get0_X509
+ X509_OBJECT_get_type
+ X509_STORE_CTX_get_current_cert
+ X509_STORE_CTX_get_error
+ X509_STORE_CTX_get_error_depth
+ X509_STORE_CTX_set_error
+ X509_STORE_get0_objects
+ X509_STORE_set_verify_cb
+ X509_get0_signature
+ X509_getm_notAfter
+ X509_getm_notBefore
+ X509_subject_name_cmp
+ _SSL_session_reused
+ _SSL_set_options

Method "KSSL::setSession" has been renamed to "KSSL::takeSession"
and its functionality has changed: the session is now transferred
from the argument object to the invoked object. Since it is only
used internally in TDE and the functionality is different, the
method with the previous name has not been preserved.

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>

1 files changed, 29 insertions, 40 deletions

diff --git a/tdeio/kssl/ksslsettings.cc b/tdeio/kssl/ksslsettings.cc
index fbf10b476..090eaef4f 100644
--- a/tdeio/kssl/ksslsettings.cc
+++ b/tdeio/kssl/ksslsettings.cc
@@ -46,29 +46,20 @@
 #endif
 #include <kopenssl.h>
 
-#ifdef KSSL_HAVE_SSL
-#define sk_new d->kossl->sk_new
-#define sk_push d->kossl->sk_push
-#define sk_free d->kossl->sk_free
-#define sk_value d->kossl->sk_value
-#define sk_num d->kossl->sk_num
-#define sk_dup d->kossl->sk_dup
-#define sk_pop d->kossl->sk_pop
-#endif
 
-      class CipherNode {
-      public:
-        CipherNode(const char *_name, int _keylen) : 
-                      name(_name), keylen(_keylen) {}
-        TQString name;
-        int keylen;
-        inline int operator==(CipherNode &x) 
-                     { return ((x.keylen == keylen) && (x.name == name)); }
-        inline int operator< (CipherNode &x) { return keylen < x.keylen;  }
-        inline int operator<=(CipherNode &x) { return keylen <= x.keylen; }
-        inline int operator> (CipherNode &x) { return keylen > x.keylen;  }
-        inline int operator>=(CipherNode &x) { return keylen >= x.keylen; }
-      };
+class CipherNode {
+public:
+	CipherNode(const char *_name, int _keylen) :
+								name(_name), keylen(_keylen) {}
+	TQString name;
+	int keylen;
+	inline int operator==(CipherNode &x)
+								{ return ((x.keylen == keylen) && (x.name == name)); }
+	inline int operator< (CipherNode &x) { return keylen < x.keylen;  }
+	inline int operator<=(CipherNode &x) { return keylen <= x.keylen; }
+	inline int operator> (CipherNode &x) { return keylen > x.keylen;  }
+	inline int operator>=(CipherNode &x) { return keylen >= x.keylen; }
+};
 
 
 class KSSLSettingsPrivate {
@@ -145,7 +136,7 @@ TQString KSSLSettings::getCipherList() {
 		d->kossl = KOSSL::self();
 
 	if (m_bUseSSLv3 && m_bUseSSLv2)
-		meth = d->kossl->SSLv23_client_method();
+		meth = d->kossl->TLS_client_method();
 	else if(m_bUseSSLv3)
 		meth = d->kossl->SSLv3_client_method();
 	else if (m_bUseSSLv2)
@@ -154,9 +145,9 @@ TQString KSSLSettings::getCipherList() {
 	SSL_CTX *ctx = d->kossl->SSL_CTX_new(meth);
 	SSL* ssl = d->kossl->SSL_new(ctx);
 	STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl);
-	int cnt = sk_SSL_CIPHER_num(sk);
+	int cnt = d->kossl->OPENSSL_sk_num(sk);
 	for (int i=0; i< cnt; i++) {
-		SSL_CIPHER *sc = sk_SSL_CIPHER_value(sk,i);
+		SSL_CIPHER *sc = reinterpret_cast<SSL_CIPHER*>(d->kossl->OPENSSL_sk_value(sk,i));
 		if (!sc)
 			break;
 
@@ -165,10 +156,10 @@ TQString KSSLSettings::getCipherList() {
 		else
 			m_cfg->setGroup("SSLv3");
 
-		tcipher.sprintf("cipher_%s", sc->name);
+		tcipher.sprintf("cipher_%s", d->kossl->SSL_CIPHER_get_name(sc));
 		int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
 		if (m_cfg->readBoolEntry(tcipher, bits >= 56)) {
-			CipherNode *xx = new CipherNode(sc->name,bits);
+			CipherNode *xx = new CipherNode(d->kossl->SSL_CIPHER_get_name(sc),bits);
 			if (!cipherList.contains(xx))
 				cipherList.prepend(xx);
 			else
@@ -212,13 +203,21 @@ void KSSLSettings::load() {
 
   m_cfg->setGroup("TLS");
   m_bUseTLSv1 = m_cfg->readBoolEntry("Enabled", true);
- 
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L || defined(OPENSSL_NO_SSL2)
+  m_bUseSSLv2 = false;
+#else
   m_cfg->setGroup("SSLv2");
   m_bUseSSLv2 = m_cfg->readBoolEntry("Enabled", false);
- 
+#endif
+
+#if defined(OPENSSL_NO_SSL3)
+  m_bUseSSLv3 = false;
+#else
   m_cfg->setGroup("SSLv3");
   m_bUseSSLv3 = m_cfg->readBoolEntry("Enabled", true);
- 
+#endif
+
   m_cfg->setGroup("Warnings");
   m_bWarnOnEnter = m_cfg->readBoolEntry("OnEnter", false);
   m_bWarnOnLeave = m_cfg->readBoolEntry("OnLeave", true);
@@ -344,13 +343,3 @@ void KSSLSettings::setSSLv3(bool enabled) { m_bUseSSLv3 = enabled; }
 
 TQString& KSSLSettings::getEGDPath()       { return d->m_EGDPath; }
 
-#ifdef KSSL_HAVE_SSL
-#undef sk_new
-#undef sk_push
-#undef sk_free
-#undef sk_value
-#undef sk_num
-#undef sk_pop
-#undef sk_dup
-#endif
-