Merge 01d5579 into 4910ec0

.travis.yml

@@ -56,6 +56,9 @@ before_install:
       sudo apt-add-repository "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main"
       sudo apt-get -q update;
       sudo apt-get install -y clang-3.9 clang-format-3.9 libpopt-dev;
+      LC_ALL=C.UTF-8 sudo add-apt-repository -y -s ppa:ondrej/php
+      sudo apt-get -q update;
+      sudo apt-get install -y libssl-dev libssl1.1
     fi
   # ugly hack; if running a coverity scan abort all except the 1st build
   # see note re gcc compiler above needing to be 1st

appveyor.yml

@@ -13,6 +13,19 @@ environment:
 
 cache:
   - c:\deps -> appveyor.yml
+
+# borrowed from https://github.com/FreeTDS/freetds
+install:
+  # xidel (xpath command line tool)
+  - appveyor DownloadFile "http://nbtelecom.dl.sourceforge.net/project/videlibri/Xidel/Xidel 0.9/xidel-0.9.win32.zip"
+  - 7z x xidel-0.9.win32.zip xidel.exe
+  # detect version of Windows OpenSSL binaries published by the Shining Light Productions crew
+  - xidel https://slproweb.com/products/Win32OpenSSL.html --extract "(//td/a[starts-with(@href, '/download') and starts-with(text(), 'Win32 OpenSSL') and ends-with(text(), 'Light')])[1]/translate(substring-before(substring-after(text(), 'Win32 OpenSSL v'), ' Light'), '.', '_')" > openssl_ver.txt
+  - set /P OPENSSL_VER=< openssl_ver.txt
+  # OpenSSL
+  - appveyor DownloadFile https://slproweb.com/download/Win%BITS%OpenSSL-%OPENSSL_VER%.exe  
+  - "Win%BITS%OpenSSL-%OPENSSL_VER%.exe /SP- /SILENT /SUPPRESSMSGBOXES /NORESTART"
+
 
 before_build:
   - cmake -DBUILD_SHARED_LIBS=ON -DBUILD_STATIC_LIBS=ON -DBUILD_TESTS=ON -DENABLE_SSL_SUPPORT=True -G"%GENERATOR%" .

librabbitmq/amqp_openssl.c

@@ -575,8 +575,9 @@ static int setup_openssl(void) {
   }
   CRYPTO_set_id_callback(ssl_threadid_callback);
   CRYPTO_set_locking_callback(ssl_locking_callback);
-
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   OPENSSL_config(NULL);
+#endif
   SSL_library_init();
   SSL_load_error_strings();
 
@@ -652,8 +653,9 @@ int amqp_uninitialize_ssl_library(void) {
 
   amqp_openssl_bio_destroy();
   openssl_bio_initialized = 0;
-
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   ERR_remove_state(0);
+#endif
   FIPS_mode_set(0);
 
   CRYPTO_set_locking_callback(NULL);

librabbitmq/amqp_openssl_bio.c

@@ -147,7 +147,7 @@ int amqp_openssl_bio_init(void) {
     return AMQP_STATUS_NO_MEMORY;
   }
 
-  BIO_METHOD *meth = BIO_s_socket();
+  BIO_METHOD *meth = (BIO_METHOD *)BIO_s_socket();
   BIO_meth_set_create(amqp_bio_method, BIO_meth_get_create(meth));
   BIO_meth_set_destroy(amqp_bio_method, BIO_meth_get_destroy(meth));
   BIO_meth_set_ctrl(amqp_bio_method, BIO_meth_get_ctrl(meth));

librabbitmq/amqp_openssl_hostname_validation.c

@@ -29,6 +29,7 @@
 
 #include <openssl/ssl.h>
 #include <openssl/x509v3.h>
+#include <string.h>
 
 #include "amqp_hostcheck.h"
 #include "amqp_openssl_hostname_validation.h"
@@ -70,8 +71,11 @@ static amqp_hostname_validation_result amqp_matches_common_name(
   if (common_name_asn1 == NULL) {
     return AMQP_HVR_ERROR;
   }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   common_name_str = (char *)ASN1_STRING_data(common_name_asn1);
-
+#else
+  common_name_str = (char *)ASN1_STRING_get0_data(common_name_asn1);
+#endif
   // Make sure there isn't an embedded NUL character in the CN
   if ((size_t)ASN1_STRING_length(common_name_asn1) != strlen(common_name_str)) {
     return AMQP_HVR_MALFORMED_CERTIFICATE;
@@ -116,8 +120,13 @@ static amqp_hostname_validation_result amqp_matches_subject_alternative_name(
     const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i);
 
     if (current_name->type == GEN_DNS) {
-      // Current name is a DNS name, let's check it
+
+// Current name is a DNS name, let's check it
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
       char *dns_name = (char *)ASN1_STRING_data(current_name->d.dNSName);
+#else
+      char *dns_name = (char *)ASN1_STRING_get0_data(current_name->d.dNSName);
+#endif
 
       // Make sure there isn't an embedded NUL character in the DNS name
       if ((size_t)ASN1_STRING_length(current_name->d.dNSName) !=