File openssl_init_fix.patch of Package openwsman.16236
Index: openwsman-2.6.7/src/server/shttpd/shttpd.c
===================================================================
--- openwsman-2.6.7.orig/src/server/shttpd/shttpd.c
+++ openwsman-2.6.7/src/server/shttpd/shttpd.c
@@ -1493,7 +1493,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch
EC_KEY* key;
/* Load SSL library dynamically */
- if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
+ if ((lib = dlopen(SSL_LIB, RTLD_LAZY | RTLD_NOLOAD)) == NULL) {
_shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB);
return (FALSE);
}
@@ -1510,7 +1510,7 @@ set_ssl(struct shttpd_ctx *ctx, const ch
SSL_library_init();
if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
#else
- OPENSSL_init_ssl();
+ OPENSSL_init_ssl(0, NULL);
if ((CTX = SSL_CTX_new(TLS_server_method())) == NULL)
#endif
_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
@@ -1521,6 +1521,10 @@ set_ssl(struct shttpd_ctx *ctx, const ch
else
retval = TRUE;
+ if (!retval) {
+ return retval;
+ }
+
/* This enables ECDH Perfect Forward secrecy. Currently with just the most generic p256 prime curve */
key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (key != NULL) {
Index: openwsman-2.6.7/src/server/shttpd/ssl.h
===================================================================
--- openwsman-2.6.7.orig/src/server/shttpd/ssl.h
+++ openwsman-2.6.7/src/server/shttpd/ssl.h
@@ -58,7 +58,7 @@ extern struct ssl_func ssl_sw[];
#define SSL_library_init() (* (int (*)(void)) FUNC(10))()
#else
#define TLS_server_method() (* (SSL_METHOD * (*)(void)) FUNC(9))()
-#define OPENSSL_init_ssl() (* (int (*)(void)) FUNC(10))()
+#define OPENSSL_init_ssl(x,y) (* (int (*)(uint64_t opts, const void *settings)) FUNC(10))(x,y)
#endif
#define SSL_CTX_use_PrivateKey_file(x,y,z) (* (int (*)(SSL_CTX *, \
const char *, int)) FUNC(11))((x), (y), (z))