Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Port OpenWSMAN to OpenSSL 1.1.0 #98
Comments
|
Attached patch (against latest release (2.6.2)) should resolve this issue. Please review. I would also consider change of mechanism for disabling particular SSL protocols through config file - SSL_CTX_set_options still works, but it's deprecated, see: Hope this helps. I'll probably write patch for master branch and create pull request to tomorrow. |
vcrhonek commentedOct 18, 2016
There are several changes in the library API which makes openwsman unable to compile. I did some work already - patch against latest release (2.6.2) is attached. It makes openwsman able to compile, but the daemon still does not work - it fails in set_ssl(), dlsym cannot find 'SSLv23_server_method()' symbol in the .so (openssl 1.1.0 makes a lot of internals opaque). I don't know how to resolve the problem.
Just few comments to the patch - first chunk changes access to the X509 cert through getter function, that should be clear.
The second chunk resolves problem with unknown 'SSL_CTRL_OPTIONS' - this is not final version and it also changes meaning of 'ssl_disabled_protocols' from openwsman.conf - it would be probably better to let user put only one protocol there, which will be the minimum version of protocol that openssl will use. It is still possible to disable particular protocols with "Protocol" command, but it's not recommended. For more information see:
https://www.openssl.org/docs/manmaster/ssl/SSL_CONF_cmd.html
My intention was just to resolve failing build somehow, the decision is up to you:)
openwsman-2.6.2-openssl-1.1-fix.txt