OpenSSL 1.1.0 support #4056

merged 6 commits into from Jul 29, 2016


None yet

5 participants

zeha commented Jun 28, 2016 edited

To fix #4051

@zeha zeha changed the title from [WIP] OpenSSL 1.1.0 support to OpenSSL 1.1.0 support Jul 1, 2016
zeha commented Jul 1, 2016

All tests pass. Needs a tight review.

rgacogne commented Jul 1, 2016

Looks good, very nice job!

@Habbie Habbie added this to the auth-4.0.0 milestone Jul 7, 2016
@Habbie Habbie and 1 other commented on an outdated diff Jul 8, 2016
# Copyright (c) 2009,2010 Zmanda Inc. <>
# Copyright (c) 2009,2010 Dustin J. Mitchell <>
+# Modifications:
+# Copyright (c) 2016 Pieter Lexis <>
Habbie Jul 8, 2016 Member

Please remove this.

Habbie Jul 8, 2016 Member

(And now that I notice it, please also remove it from systemd.m4 :) )

zeha Jul 11, 2016 Collaborator

Added a fixup to @pieterlexis' commit, would squash before you merge this.

@mind04 mind04 and 2 others commented on an outdated diff Jul 11, 2016
if test $? = 0; then
- OPENSSL_LIBS=`$PKG_CONFIG libcrypto --libs-only-l 2>/dev/null`
- OPENSSL_INCLUDES=`$PKG_CONFIG libcrypto --cflags-only-I 2>/dev/null`
+ LIBCRYPTO_LIBS='-lcrypto' # This *will* break if the linker name is not crypto
+ LIBCRYPTO_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null`
mind04 Jul 11, 2016 Contributor

Why are you reverting to openssl.pc here (and above)? Is there no useful libcrypto.pc in openssl 1.1.0?

zeha Jul 29, 2016 Collaborator

@pieterlexis could you comment on this?

pieterlexis Jul 29, 2016 Member

I don't know what I was thinking, patch incoming

@mind04 mind04 commented on an outdated diff Jul 29, 2016
@@ -92,35 +89,26 @@ AC_DEFUN([AX_CHECK_OPENSSL], [
# it will just work!
+ # Don't pull in -lssl
+ LIBCRYPTO_LIBS='-lcrypto'
mind04 Jul 29, 2016 Contributor

This can go, there is no -lssl if you use libcrypto.pc

zeha and others added some commits Jun 27, 2016
@zeha @zeha zeha dns_random: Use CRYPTO_ctr128_encrypt when available
As AES_ctr128_encrypt is removed in OpenSSL 1.1.0.
@zeha @zeha zeha opensslsigners: remove thread/locking setup, not needed in openssl 1.…
…1 anymore
@zeha @zeha zeha opensslsigners: use libcrypto access functions 888bc29
@pieterlexis @zeha pieterlexis Add PDNS_CHECK_LIBCRYPTO based on AX_CHECK_OPENSSL
This detects libcrypto for OpenSSL 0.9.8, 1.0 and 1.1.

Furthermore, curve detection appeared broken on Arch Linux, this is fixed
with the addition of PDNS_CHECK_LIBCRYPTO_ECDSA, without breaking on Debian
Jessie, Ubuntu Trusty, Wily and Xenial and CentOS 5 through 7.
@pieterlexis pieterlexis merged commit c3a3337 into PowerDNS:master Jul 29, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
@zeha zeha deleted the zeha:openssl11 branch Aug 29, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment