File libvncserver-0.9.10-ossl.patch of Package LibVNCServer
--- libvncclient/tls_openssl.c.orig
+++ libvncclient/tls_openssl.c
@@ -18,9 +18,11 @@
* USA.
*/
+#include "rfbconfig.h"
#include <rfb/rfbclient.h>
#include <errno.h>
-
+#define OPENSSL_LOAD_CONF
+#define OPENSSL_NO_SSL_INTERN
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/x509.h>
@@ -162,7 +164,7 @@ InitializeTLS(void)
CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function);
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
- RAND_load_file("/dev/urandom", 1024);
+ if(RAND_status() == 0) RAND_load_file("/dev/urandom", 1024);
rfbClientLog("OpenSSL initialized.\n");
rfbTLSInitialized = TRUE;
@@ -185,7 +187,7 @@ ssl_verify (int ok, X509_STORE_CTX *ctx)
ssl = X509_STORE_CTX_get_ex_data (ctx, SSL_get_ex_data_X509_STORE_CTX_idx ());
- client = SSL_CTX_get_app_data (ssl->ctx);
+ client = SSL_CTX_get_app_data (SSL_get_SSL_CTX(ssl));
cert = X509_STORE_CTX_get_current_cert (ctx);
err = X509_STORE_CTX_get_error (ctx);
@@ -265,6 +267,10 @@ open_ssl_connection (rfbClient *client,
int n, finished = 0;
ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
+#ifdef SSL_MODE_RELEASE_BUFFERS
+ SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
+#endif
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
SSL_CTX_set_default_verify_paths (ssl_ctx);
SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_NONE, &ssl_verify);
ssl = SSL_new (ssl_ctx);
@@ -284,8 +290,8 @@ open_ssl_connection (rfbClient *client,
if (wait_for_data(ssl, n, 1) != 1)
{
finished = 1;
- if (ssl->ctx)
- SSL_CTX_free (ssl->ctx);
+ if (SSL_get_SSL_CTX(ssl))
+ SSL_CTX_free (SSL_get_SSL_CTX(ssl));
SSL_free(ssl);
SSL_shutdown (ssl);
--- libvncserver/rfbssl_openssl.c.orig
+++ libvncserver/rfbssl_openssl.c
@@ -21,7 +21,10 @@
* USA.
*/
+#include "rfbconfig.h"
#include "rfbssl.h"
+#define OPENSSL_LOAD_CONF
+#define OPENSSL_NO_SSL_INTERN
#include <openssl/ssl.h>
#include <openssl/err.h>
