Fossil SCM
When compiling with older versions of OpenSSL that do not support SHA256, hash certs using SHA1 instead.
Commit
64d79ad4575985e975c581f3360537b8ba4795f81c7cc0e0723a862b3a89a512
Parent
b2824009b2dbb8f…
1 file changed
+10
-2
+10
-2
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -328,10 +328,11 @@ | ||
| 328 | 328 | ssl_close(); |
| 329 | 329 | return 1; |
| 330 | 330 | } |
| 331 | 331 | |
| 332 | 332 | if( !sslNoCertVerify && SSL_get_verify_result(ssl)!=X509_V_OK ){ |
| 333 | + int x; | |
| 333 | 334 | char *desc, *prompt; |
| 334 | 335 | Blob ans; |
| 335 | 336 | char cReply; |
| 336 | 337 | BIO *mem; |
| 337 | 338 | unsigned char md[32]; |
| @@ -338,11 +339,17 @@ | ||
| 338 | 339 | char zHash[32*2+1]; |
| 339 | 340 | unsigned int mdLength = (int)sizeof(md); |
| 340 | 341 | |
| 341 | 342 | memset(md, 0, sizeof(md)); |
| 342 | 343 | zHash[0] = 0; |
| 343 | - if( X509_digest(cert, EVP_sha256(), md, &mdLength) ){ | |
| 344 | + /* MMNNFFPPS */ | |
| 345 | +#if OPENSSL_VERSION_NUMBER >= 0x010000000 | |
| 346 | + x = X509_digest(cert, EVP_sha256(), md, &mdLength); | |
| 347 | +#else | |
| 348 | + x = X509_digest(cert, EVP_sha1(), md, &mdLength); | |
| 349 | +#endif | |
| 350 | + if( x ){ | |
| 344 | 351 | int j; |
| 345 | 352 | for(j=0; j<mdLength && j*2+1<sizeof(zHash); ++j){ |
| 346 | 353 | zHash[j*2] = "0123456789abcdef"[md[j]>>4]; |
| 347 | 354 | zHash[j*2+1] = "0123456789abcdef"[md[j]&0xf]; |
| 348 | 355 | } |
| @@ -532,11 +539,12 @@ | ||
| 532 | 539 | nCmd = strlen(zCmd); |
| 533 | 540 | if( strncmp("show",zCmd,nCmd)==0 ){ |
| 534 | 541 | const char *zName, *zValue; |
| 535 | 542 | size_t nName; |
| 536 | 543 | Stmt q; |
| 537 | - fossil_print("OpenSSL-version: %s\n", SSLeay_version(SSLEAY_VERSION)); | |
| 544 | + fossil_print("OpenSSL-version: %s (0x%09x)\n", | |
| 545 | + SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_NUMBER); | |
| 538 | 546 | fossil_print("OpenSSL-cert-file: %s\n", X509_get_default_cert_file()); |
| 539 | 547 | fossil_print("OpenSSL-cert-dir: %s\n", X509_get_default_cert_dir()); |
| 540 | 548 | zName = X509_get_default_cert_file_env(); |
| 541 | 549 | zValue = fossil_getenv(zName); |
| 542 | 550 | if( zValue==0 ) zValue = ""; |
| 543 | 551 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -328,10 +328,11 @@ | |
| 328 | ssl_close(); |
| 329 | return 1; |
| 330 | } |
| 331 | |
| 332 | if( !sslNoCertVerify && SSL_get_verify_result(ssl)!=X509_V_OK ){ |
| 333 | char *desc, *prompt; |
| 334 | Blob ans; |
| 335 | char cReply; |
| 336 | BIO *mem; |
| 337 | unsigned char md[32]; |
| @@ -338,11 +339,17 @@ | |
| 338 | char zHash[32*2+1]; |
| 339 | unsigned int mdLength = (int)sizeof(md); |
| 340 | |
| 341 | memset(md, 0, sizeof(md)); |
| 342 | zHash[0] = 0; |
| 343 | if( X509_digest(cert, EVP_sha256(), md, &mdLength) ){ |
| 344 | int j; |
| 345 | for(j=0; j<mdLength && j*2+1<sizeof(zHash); ++j){ |
| 346 | zHash[j*2] = "0123456789abcdef"[md[j]>>4]; |
| 347 | zHash[j*2+1] = "0123456789abcdef"[md[j]&0xf]; |
| 348 | } |
| @@ -532,11 +539,12 @@ | |
| 532 | nCmd = strlen(zCmd); |
| 533 | if( strncmp("show",zCmd,nCmd)==0 ){ |
| 534 | const char *zName, *zValue; |
| 535 | size_t nName; |
| 536 | Stmt q; |
| 537 | fossil_print("OpenSSL-version: %s\n", SSLeay_version(SSLEAY_VERSION)); |
| 538 | fossil_print("OpenSSL-cert-file: %s\n", X509_get_default_cert_file()); |
| 539 | fossil_print("OpenSSL-cert-dir: %s\n", X509_get_default_cert_dir()); |
| 540 | zName = X509_get_default_cert_file_env(); |
| 541 | zValue = fossil_getenv(zName); |
| 542 | if( zValue==0 ) zValue = ""; |
| 543 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -328,10 +328,11 @@ | |
| 328 | ssl_close(); |
| 329 | return 1; |
| 330 | } |
| 331 | |
| 332 | if( !sslNoCertVerify && SSL_get_verify_result(ssl)!=X509_V_OK ){ |
| 333 | int x; |
| 334 | char *desc, *prompt; |
| 335 | Blob ans; |
| 336 | char cReply; |
| 337 | BIO *mem; |
| 338 | unsigned char md[32]; |
| @@ -338,11 +339,17 @@ | |
| 339 | char zHash[32*2+1]; |
| 340 | unsigned int mdLength = (int)sizeof(md); |
| 341 | |
| 342 | memset(md, 0, sizeof(md)); |
| 343 | zHash[0] = 0; |
| 344 | /* MMNNFFPPS */ |
| 345 | #if OPENSSL_VERSION_NUMBER >= 0x010000000 |
| 346 | x = X509_digest(cert, EVP_sha256(), md, &mdLength); |
| 347 | #else |
| 348 | x = X509_digest(cert, EVP_sha1(), md, &mdLength); |
| 349 | #endif |
| 350 | if( x ){ |
| 351 | int j; |
| 352 | for(j=0; j<mdLength && j*2+1<sizeof(zHash); ++j){ |
| 353 | zHash[j*2] = "0123456789abcdef"[md[j]>>4]; |
| 354 | zHash[j*2+1] = "0123456789abcdef"[md[j]&0xf]; |
| 355 | } |
| @@ -532,11 +539,12 @@ | |
| 539 | nCmd = strlen(zCmd); |
| 540 | if( strncmp("show",zCmd,nCmd)==0 ){ |
| 541 | const char *zName, *zValue; |
| 542 | size_t nName; |
| 543 | Stmt q; |
| 544 | fossil_print("OpenSSL-version: %s (0x%09x)\n", |
| 545 | SSLeay_version(SSLEAY_VERSION), OPENSSL_VERSION_NUMBER); |
| 546 | fossil_print("OpenSSL-cert-file: %s\n", X509_get_default_cert_file()); |
| 547 | fossil_print("OpenSSL-cert-dir: %s\n", X509_get_default_cert_dir()); |
| 548 | zName = X509_get_default_cert_file_env(); |
| 549 | zValue = fossil_getenv(zName); |
| 550 | if( zValue==0 ) zValue = ""; |
| 551 |