File kdelibs-3.5.10-ossl-1.1.x.patch of Package kdelibs3
diff -Naru kdelibs-3.5.10_orig/kcert/kcertpart.cc kdelibs-3.5.10/kcert/kcertpart.cc
--- kdelibs-3.5.10_orig/kcert/kcertpart.cc 2005-10-11 00:05:53.000000000 +0900
+++ kdelibs-3.5.10/kcert/kcertpart.cc 2022-12-06 16:49:30.226293440 +0900
@@ -429,7 +429,12 @@
if (certFile.endsWith("der") || certFile.endsWith("crt")) {
enc = _ca->toDer();
} else if (certFile.endsWith("netscape")) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ KMessageBox::sorry(_frame, i18n("Netscape format is not supported anymore!"), i18n("Certificate Import"));
+ return false;
+#else
enc = _ca->toNetscape();
+#endif
} else {
enc = _ca->toPem();
}
diff -Naru kdelibs-3.5.10_orig/kio/Makefile.am kdelibs-3.5.10/kio/Makefile.am
--- kdelibs-3.5.10_orig/kio/Makefile.am 2005-10-11 00:05:44.000000000 +0900
+++ kdelibs-3.5.10/kio/Makefile.am 2022-12-06 16:49:30.230293404 +0900
@@ -32,7 +32,7 @@
kio/libksycoca.la bookmarks/libkbookmarks.la kfile/libkfile.la \
../kdeui/libkdeui.la ../kdesu/libkdesu.la \
../kwallet/client/libkwalletclient.la \
- $(LIBZ) $(LIBFAM) $(LIBVOLMGT) $(ACL_LIBS)
+ $(LIBZ) $(LIBFAM) $(LIBVOLMGT) $(LIBSSL) $(ACL_LIBS)
kde_mime_DATA = magic
kde_servicetypes_DATA = application.desktop kurifilterplugin.desktop \
diff -Naru kdelibs-3.5.10_orig/kio/kssl/kopenssl.cc kdelibs-3.5.10/kio/kssl/kopenssl.cc
--- kdelibs-3.5.10_orig/kio/kssl/kopenssl.cc 2022-12-06 16:48:29.534885678 +0900
+++ kdelibs-3.5.10/kio/kssl/kopenssl.cc 2022-12-06 16:53:54.368188015 +0900
@@ -53,7 +53,7 @@
int (*)(int, X509_STORE_CTX *)) = 0L;
static int (*K_SSL_use_certificate)(SSL *, X509 *) = 0L;
static SSL_CIPHER *(*K_SSL_get_current_cipher)(SSL *) = 0L;
-static long (*K_SSL_ctrl) (SSL *,int, long, char *) = 0L;
+static long (*K_SSL_ctrl) (SSL *,int, long, void *) = 0L;
static int (*K_RAND_egd) (const char *) = 0L;
static const char* (*K_RAND_file_name) (char *, size_t) = 0L;
static int (*K_RAND_load_file) (const char *, long) = 0L;
@@ -431,7 +431,11 @@
K_EVP_PKEY_new = (EVP_PKEY* (*)()) _cryptoLib->symbol("EVP_PKEY_new");
K_X509_REQ_free = (void (*)(X509_REQ*)) _cryptoLib->symbol("X509_REQ_free");
K_X509_REQ_new = (X509_REQ* (*)()) _cryptoLib->symbol("X509_REQ_new");
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ K_X509_STORE_CTX_set_chain = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) _cryptoLib->symbol("X509_STORE_CTX_set0_untrusted");
+#else
K_X509_STORE_CTX_set_chain = (void (*)(X509_STORE_CTX *, STACK_OF(X509)*)) _cryptoLib->symbol("X509_STORE_CTX_set_chain");
+#endif
K_X509_STORE_CTX_set_purpose = (void (*)(X509_STORE_CTX *, int)) _cryptoLib->symbol("X509_STORE_CTX_set_purpose");
K_sk_free = (void (*) (STACK *)) _cryptoLib->symbol("sk_free");
K_sk_num = (int (*) (STACK *)) _cryptoLib->symbol("sk_num");
@@ -558,7 +562,7 @@
_sslLib->symbol("SSL_CTX_use_certificate");
K_SSL_get_current_cipher = (SSL_CIPHER *(*)(SSL *))
_sslLib->symbol("SSL_get_current_cipher");
- K_SSL_ctrl = (long (*)(SSL * ,int, long, char *))
+ K_SSL_ctrl = (long (*)(SSL * ,int, long, void *))
_sslLib->symbol("SSL_ctrl");
K_TLSv1_client_method = (SSL_METHOD *(*)()) _sslLib->symbol("TLSv1_client_method");
K_SSLv2_client_method = (SSL_METHOD *(*)()) _sslLib->symbol("SSLv2_client_method");
@@ -747,7 +751,7 @@
}
-long KOpenSSLProxy::SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg) {
+long KOpenSSLProxy::SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg) {
if (K_SSL_ctrl) return (K_SSL_ctrl)(ssl, cmd, larg, parg);
return -1;
}
@@ -1082,6 +1086,7 @@
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
void KOpenSSLProxy::sk_free(STACK *s) {
if (K_sk_free) (K_sk_free)(s);
}
@@ -1103,6 +1108,7 @@
if (K_sk_value) return (K_sk_value)(s, n);
else return 0L;
}
+#endif
void KOpenSSLProxy::X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) {
@@ -1114,6 +1120,7 @@
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
STACK* KOpenSSLProxy::sk_dup(STACK *s) {
if (K_sk_dup) return (K_sk_dup)(s);
else return 0L;
@@ -1130,6 +1137,7 @@
if (K_sk_push) return (K_sk_push)(s,d);
else return -1;
}
+#endif
char *KOpenSSLProxy::i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint) {
diff -Naru kdelibs-3.5.10_orig/kio/kssl/kopenssl.h kdelibs-3.5.10/kio/kssl/kopenssl.h
--- kdelibs-3.5.10_orig/kio/kssl/kopenssl.h 2022-12-06 16:48:29.534885678 +0900
+++ kdelibs-3.5.10/kio/kssl/kopenssl.h 2022-12-06 16:49:30.242293295 +0900
@@ -188,7 +188,7 @@
/* long SSL_set_options(SSL *ssl, long options); */
/* Returns 0 if not reused, 1 if session id is reused */
/* int SSL_session_reused(SSL *ssl); */
- long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
+ long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
/*
* RAND_egd - set the path to the EGD
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksmimecrypto.cc kdelibs-3.5.10/kio/kssl/ksmimecrypto.cc
--- kdelibs-3.5.10_orig/kio/kssl/ksmimecrypto.cc 2022-12-06 16:48:29.530885717 +0900
+++ kdelibs-3.5.10/kio/kssl/ksmimecrypto.cc 2022-12-06 16:49:30.242293295 +0900
@@ -38,6 +38,7 @@
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
// forward included macros to KOpenSSLProxy
#define sk_new kossl->sk_new
#define sk_free kossl->sk_free
@@ -45,6 +46,7 @@
#define sk_value kossl->sk_value
#define sk_num kossl->sk_num
#define BIO_ctrl kossl->BIO_ctrl
+#endif
#ifdef KSSL_HAVE_SSL
@@ -87,7 +89,11 @@
STACK_OF(X509) *KSMIMECryptoPrivate::certsToX509(QPtrList<KSSLCertificate> &certs) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ STACK_OF(X509) *x509 = reinterpret_cast<STACK_OF(X509)*>(OPENSSL_sk_new(NULL));
+#else
STACK_OF(X509) *x509 = reinterpret_cast<STACK_OF(X509)*>(sk_new(NULL));
+#endif
KSSLCertificate *cert = certs.first();
while(cert) {
sk_X509_push(x509, cert->getCert());
@@ -242,7 +248,11 @@
We assume that openssl uses malloc() (it does in
default config) and rip out the buffer.
*/
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ reinterpret_cast<BUF_MEM *>(BIO_get_data(src))->data = NULL;
+#else
reinterpret_cast<BUF_MEM *>(src->ptr)->data = NULL;
+#endif
}
diff -Naru kdelibs-3.5.10_orig/kio/kssl/kssl.cc kdelibs-3.5.10/kio/kssl/kssl.cc
--- kdelibs-3.5.10_orig/kio/kssl/kssl.cc 2006-10-02 02:33:33.000000000 +0900
+++ kdelibs-3.5.10/kio/kssl/kssl.cc 2022-12-06 16:49:30.242293295 +0900
@@ -215,8 +215,13 @@
return true;
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ // reference count must be incremented via function.
+ SSL_SESSION_up_ref(static_cast<SSL_SESSION*>(session->_session));
+#else
// Obtain a reference by incrementing the reference count. Yuck.
static_cast<SSL_SESSION*>(session->_session)->references++;
+#endif
d->session = new KSSLSession;
d->session->_session = session->_session;
@@ -284,6 +289,11 @@
return -1;
if (d->session) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ kdDebug(7029) << "Can't reuse session because openssl is 1.1 or later." << endl;
+ delete d->session;
+ d->session = 0;
+#else
if (static_cast<SSL_SESSION*>(d->session->_session)->sess_cert == 0)
{
kdDebug(7029) << "Can't reuse session, no certificate." << endl;
@@ -297,6 +307,7 @@
delete d->session;
d->session = 0;
}
+#endif
}
/*
@@ -316,7 +327,8 @@
if (!m_cfg->sslv2())
off |= SSL_OP_NO_SSLv2;
- d->kossl->SSL_set_options(d->m_ssl, off);
+ // d->kossl->SSL_set_options(d->m_ssl, off);
+ SSL_set_options(d->m_ssl, off);
rc = d->kossl->SSL_set_fd(d->m_ssl, sock);
if (rc == 0) {
@@ -341,7 +353,8 @@
return -1;
}
- if (!d->kossl->SSL_session_reused(d->m_ssl)) {
+ // if (!d->kossl->SSL_session_reused(d->m_ssl)) {
+ if (!SSL_session_reused(d->m_ssl)) {
if (d->session) {
kdDebug(7029) << "Session reuse failed. New session used instead." << endl;
delete d->session;
@@ -375,6 +388,12 @@
return -1;
if (d->session) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ kdDebug(7029) << "Can't reuse session because openssl is 1.1 or later." << endl;
+ delete d->session;
+ d->session = 0;
+#else
+
if (static_cast<SSL_SESSION*>(d->session->_session)->sess_cert == 0)
{
kdDebug(7029) << "Can't reuse session, no certificate." << endl;
@@ -388,6 +407,7 @@
delete d->session;
d->session = 0;
}
+#endif
}
/*
@@ -407,7 +427,8 @@
if (!m_cfg->sslv2())
off |= SSL_OP_NO_SSLv2;
- d->kossl->SSL_set_options(d->m_ssl, off);
+ // d->kossl->SSL_set_options(d->m_ssl, off);
+ SSL_set_options(d->m_ssl, off);
rc = d->kossl->SSL_set_fd(d->m_ssl, sock);
if (rc == 0) {
@@ -441,7 +462,8 @@
}
}
- if (!d->kossl->SSL_session_reused(d->m_ssl)) {
+ // if (!d->kossl->SSL_session_reused(d->m_ssl)) {
+ if (!SSL_session_reused(d->m_ssl)) {
if (d->session) {
kdDebug(7029) << "Session reuse failed. New session used instead." << endl;
delete d->session;
@@ -679,7 +701,8 @@
bool KSSL::reusingSession() const {
#ifdef KSSL_HAVE_SSL
- return (d->m_ssl && d->kossl->SSL_session_reused(d->m_ssl));
+ // return (d->m_ssl && d->kossl->SSL_session_reused(d->m_ssl));
+ return (d->m_ssl && SSL_session_reused(d->m_ssl));
#else
return false;
#endif
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksslcallback.c kdelibs-3.5.10/kio/kssl/ksslcallback.c
--- kdelibs-3.5.10_orig/kio/kssl/ksslcallback.c 2005-10-11 00:05:44.000000000 +0900
+++ kdelibs-3.5.10/kio/kssl/ksslcallback.c 2022-12-06 16:49:30.246293260 +0900
@@ -28,7 +28,7 @@
extern "C" {
static int X509Callback(int ok, X509_STORE_CTX *ctx) {
- kdDebug(7029) << "X509Callback: ok = " << ok << " error = " << ctx->error << " depth = " << ctx->error_depth << endl;
+ // kdDebug(7029) << "X509Callback: ok = " << ok << " error = " << ctx->error << " depth = " << ctx->error_depth << endl;
// Here is how this works. We put "ok = 1;" in any case that we
// don't consider to be an error. In that case, it will return OK
// for the certificate check as long as there are no other critical
@@ -39,14 +39,22 @@
if (KSSL_X509CallBack_ca)
{
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if (KOSSL::self()->X509_cmp(X509_STORE_CTX_get_current_cert(ctx), KSSL_X509CallBack_ca) != 0)
+#else
if (KOSSL::self()->X509_cmp(ctx->current_cert, KSSL_X509CallBack_ca) != 0)
+#endif
return 1; // Ignore errors for this certificate
KSSL_X509CallBack_ca_found = true;
}
if (!ok) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ switch (X509_STORE_CTX_get_error(ctx)) {
+#else
switch (ctx->error) {
+#endif
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
case X509_V_ERR_UNABLE_TO_GET_CRL:
case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksslcertchain.cc kdelibs-3.5.10/kio/kssl/ksslcertchain.cc
--- kdelibs-3.5.10_orig/kio/kssl/ksslcertchain.cc 2005-10-11 00:05:44.000000000 +0900
+++ kdelibs-3.5.10/kio/kssl/ksslcertchain.cc 2022-12-06 16:49:30.246293260 +0900
@@ -45,6 +45,7 @@
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
#ifdef KSSL_HAVE_SSL
#define sk_new d->kossl->sk_new
#define sk_push d->kossl->sk_push
@@ -54,6 +55,7 @@
#define sk_dup d->kossl->sk_dup
#define sk_pop d->kossl->sk_pop
#endif
+#endif
class KSSLCertChainPrivate {
public:
@@ -147,7 +149,11 @@
}
if (chain.count() == 0) return;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ _chain = (void *)OPENSSL_sk_new(NULL);
+#else
_chain = (void *)sk_new(NULL);
+#endif
for (KSSLCertificate *x = chain.first(); x != 0; x = chain.next()) {
sk_X509_push((STACK_OF(X509)*)_chain, d->kossl->X509_dup(x->getCert()));
}
@@ -172,7 +178,11 @@
if (!stack_of_x509) return;
-_chain = (void *)sk_new(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ _chain = (void *)OPENSSL_sk_new(NULL);
+#else
+ _chain = (void *)sk_new(NULL);
+#endif
STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509;
for (int i = 0; i < sk_X509_num(x); i++) {
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksslcertificate.cc kdelibs-3.5.10/kio/kssl/ksslcertificate.cc
--- kdelibs-3.5.10_orig/kio/kssl/ksslcertificate.cc 2022-12-06 16:48:29.534885678 +0900
+++ kdelibs-3.5.10/kio/kssl/ksslcertificate.cc 2022-12-06 16:49:30.246293260 +0900
@@ -171,7 +171,7 @@
if (!t)
return rc;
rc = t;
- d->kossl->OPENSSL_free(t);
+ OPENSSL_free(t);
#endif
return rc;
}
@@ -198,14 +198,28 @@
char *s;
int n, i;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ i = X509_get_signature_nid(d->m_cert);
+#else
i = d->kossl->OBJ_obj2nid(d->m_cert->sig_alg->algorithm);
+#endif
rc = i18n("Signature Algorithm: ");
rc += (i == NID_undef)?i18n("Unknown"):QString(d->kossl->OBJ_nid2ln(i));
rc += "\n";
rc += i18n("Signature Contents:");
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ const ASN1_BIT_STRING *psig;
+ const X509_ALGOR *palg;
+
+ X509_get0_signature(&psig, &palg, d->m_cert);
+
+ n = ASN1_STRING_length(psig);
+ s = (char *)ASN1_STRING_get0_data(psig);
+#else
n = d->m_cert->signature->length;
s = (char *)d->m_cert->signature->data;
+#endif
for (i = 0; i < n; i++) {
if (i%20 != 0) rc += ":";
else rc += "\n";
@@ -227,8 +241,13 @@
STACK *s = d->kossl->X509_get1_email(d->m_cert);
if (s) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ for(int n=0; n < OPENSSL_sk_num(s); n++) {
+ to.append((const char*)(OPENSSL_sk_value(s,n)));
+#else
for(int n=0; n < s->num; n++) {
to.append(d->kossl->sk_value(s,n));
+#endif
}
d->kossl->X509_email_free(s);
}
@@ -309,12 +328,20 @@
EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert);
if (pkey) {
#ifndef NO_RSA
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
+#else
if (pkey->type == EVP_PKEY_RSA)
+#endif
rc = "RSA";
else
#endif
#ifndef NO_DSA
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA)
+#else
if (pkey->type == EVP_PKEY_DSA)
+#endif
rc = "DSA";
else
#endif
@@ -337,10 +364,21 @@
if (pkey) {
rc = i18n("Unknown", "Unknown key algorithm");
#ifndef NO_RSA
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
+#else
if (pkey->type == EVP_PKEY_RSA) {
+#endif
rc = i18n("Key type: RSA (%1 bit)") + "\n";
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ const BIGNUM *n, *e;
+
+ RSA_get0_key(EVP_PKEY_get0_RSA(pkey), &n, &e, NULL);
+ x = d->kossl->BN_bn2hex(n);
+#else
x = d->kossl->BN_bn2hex(pkey->pkey.rsa->n);
+#endif
rc += i18n("Modulus: ");
rc = rc.arg(strlen(x)*4);
for (unsigned int i = 0; i < strlen(x); i++) {
@@ -351,18 +389,33 @@
rc += x[i];
}
rc += "\n";
- d->kossl->OPENSSL_free(x);
+ OPENSSL_free(x);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ x = d->kossl->BN_bn2hex(e);
+#else
x = d->kossl->BN_bn2hex(pkey->pkey.rsa->e);
+#endif
rc += i18n("Exponent: 0x") + x + "\n";
- d->kossl->OPENSSL_free(x);
+ OPENSSL_free(x);
}
#endif
#ifndef NO_DSA
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
+#else
if (pkey->type == EVP_PKEY_DSA) {
+#endif
rc = i18n("Key type: DSA (%1 bit)") + "\n";
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ const BIGNUM *p, *q, *g;
+
+ DSA_get0_pqg(EVP_PKEY_get0_DSA(pkey), &p, &q, &g);
+ x = d->kossl->BN_bn2hex(p);
+#else
x = d->kossl->BN_bn2hex(pkey->pkey.dsa->p);
+#endif
rc += i18n("Prime: ");
// hack - this may not be always accurate
rc = rc.arg(strlen(x)*4) ;
@@ -374,9 +427,13 @@
rc += x[i];
}
rc += "\n";
- d->kossl->OPENSSL_free(x);
+ OPENSSL_free(x);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ x = d->kossl->BN_bn2hex(q);
+#else
x = d->kossl->BN_bn2hex(pkey->pkey.dsa->q);
+#endif
rc += i18n("160 bit prime factor: ");
for (unsigned int i = 0; i < strlen(x); i++) {
if (i%40 != 0 && i%2 == 0)
@@ -386,9 +443,13 @@
rc += x[i];
}
rc += "\n";
- d->kossl->OPENSSL_free(x);
-
+ OPENSSL_free(x);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ x = d->kossl->BN_bn2hex(g);
+#else
x = d->kossl->BN_bn2hex(pkey->pkey.dsa->g);
+#endif
rc += QString("g: ");
for (unsigned int i = 0; i < strlen(x); i++) {
if (i%40 != 0 && i%2 == 0)
@@ -398,9 +459,16 @@
rc += x[i];
}
rc += "\n";
- d->kossl->OPENSSL_free(x);
-
+ OPENSSL_free(x);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ const BIGNUM *pub_key;
+
+ DSA_get0_key(EVP_PKEY_get0_DSA(pkey), &pub_key, NULL);
+ x = d->kossl->BN_bn2hex(pub_key);
+#else
x = d->kossl->BN_bn2hex(pkey->pkey.dsa->pub_key);
+#endif
rc += i18n("Public key: ");
for (unsigned int i = 0; i < strlen(x); i++) {
if (i%40 != 0 && i%2 == 0)
@@ -410,7 +478,7 @@
rc += x[i];
}
rc += "\n";
- d->kossl->OPENSSL_free(x);
+ OPENSSL_free(x);
}
#endif
d->kossl->EVP_PKEY_free(pkey);
@@ -432,7 +500,7 @@
return rc;
rc = t;
- d->kossl->OPENSSL_free(t);
+ OPENSSL_free(t);
#endif
return rc;
@@ -701,9 +769,17 @@
KSSL_X509CallBack_ca = ca ? ca->d->m_cert : 0;
KSSL_X509CallBack_ca_found = false;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK);
+#else
certStoreCTX->error = X509_V_OK;
+#endif
rc = d->kossl->X509_verify_cert(certStoreCTX);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ int errcode = X509_STORE_CTX_get_error(certStoreCTX);
+#else
int errcode = certStoreCTX->error;
+#endif
if (ca && !KSSL_X509CallBack_ca_found) {
ksslv = KSSLCertificate::Irrelevant;
} else {
@@ -716,9 +792,17 @@
d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX,
X509_PURPOSE_NS_SSL_SERVER);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK);
+#else
certStoreCTX->error = X509_V_OK;
+#endif
rc = d->kossl->X509_verify_cert(certStoreCTX);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ errcode = X509_STORE_CTX_get_error(certStoreCTX);
+#else
errcode = certStoreCTX->error;
+#endif
ksslv = processError(errcode);
}
d->kossl->X509_STORE_CTX_free(certStoreCTX);
@@ -999,6 +1083,7 @@
#define NETSCAPE_CERT_HDR "certificate"
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
// what a piece of crap this is
QByteArray KSSLCertificate::toNetscape() {
QByteArray qba;
@@ -1044,6 +1129,7 @@
#endif
return qba;
}
+#endif
@@ -1104,10 +1190,18 @@
return rc;
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ int cnt = sk_GENERAL_NAME_num(names);
+#else
int cnt = d->kossl->sk_GENERAL_NAME_num(names);
+#endif
for (int i = 0; i < cnt; i++) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ const GENERAL_NAME *val = (const GENERAL_NAME *)OPENSSL_sk_value((const OPENSSL_STACK *)names, i);
+#else
const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->sk_value(names, i);
+#endif
if (val->type != GEN_DNS) {
continue;
}
@@ -1119,8 +1213,12 @@
rc += s;
}
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ OPENSSL_sk_free((OPENSSL_STACK *)names);
+#else
d->kossl->sk_free(names);
#endif
+#endif
return rc;
}
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksslcertificate.h kdelibs-3.5.10/kio/kssl/ksslcertificate.h
--- kdelibs-3.5.10_orig/kio/kssl/ksslcertificate.h 2005-10-11 00:05:44.000000000 +0900
+++ kdelibs-3.5.10/kio/kssl/ksslcertificate.h 2022-12-06 16:49:30.246293260 +0900
@@ -181,7 +181,9 @@
* Convert the certificate to Netscape format.
* @return the binary data of the Netscape encoding
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
QByteArray toNetscape();
+#endif
/**
* Convert the certificate to OpenSSL plain text format.
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksslsettings.cc kdelibs-3.5.10/kio/kssl/ksslsettings.cc
--- kdelibs-3.5.10_orig/kio/kssl/ksslsettings.cc 2006-07-22 17:16:39.000000000 +0900
+++ kdelibs-3.5.10/kio/kssl/ksslsettings.cc 2022-12-06 16:49:30.250293223 +0900
@@ -156,19 +156,28 @@
STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl);
int cnt = sk_SSL_CIPHER_num(sk);
for (int i=0; i< cnt; i++) {
- SSL_CIPHER *sc = sk_SSL_CIPHER_value(sk,i);
+ const SSL_CIPHER *sc = sk_SSL_CIPHER_value(sk,i);
if (!sc)
break;
- if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(sc)))
+ if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(const_cast<SSL_CIPHER*>(sc))))
m_cfg->setGroup("SSLv2");
else
m_cfg->setGroup("SSLv3");
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ tcipher.sprintf("cipher_%s", SSL_CIPHER_get_name(sc));
+#else
tcipher.sprintf("cipher_%s", sc->name);
- int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
+#endif
+ // int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
+ int bits = SSL_CIPHER_get_bits(sc, NULL);
if (m_cfg->readBoolEntry(tcipher, bits >= 56)) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ CipherNode *xx = new CipherNode(SSL_CIPHER_get_name(sc),bits);
+#else
CipherNode *xx = new CipherNode(sc->name,bits);
+#endif
if (!cipherList.contains(xx))
cipherList.prepend(xx);
else
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksslutils.cc kdelibs-3.5.10/kio/kssl/ksslutils.cc
--- kdelibs-3.5.10_orig/kio/kssl/ksslutils.cc 2005-10-11 00:05:44.000000000 +0900
+++ kdelibs-3.5.10/kio/kssl/ksslutils.cc 2022-12-06 16:49:30.250293223 +0900
@@ -85,7 +85,11 @@
QString ASN1_INTEGER_QString(ASN1_INTEGER *aint) {
char *rep = KOSSL::self()->i2s_ASN1_INTEGER(NULL, aint);
QString yy = rep;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+OPENSSL_free(rep);
+#else
KOSSL::self()->OPENSSL_free(rep);
+#endif
return yy;
}