Added support for OpenSSL 1.1

Some KOpenSSLProxy methods have been renamed to be consistent
with OpenSSL 1.1 API names and to prevent hidden API changes.
To ensure API / ABI compatibility, the original methods are
still included but have been marked as deprecated.

+ SSLv23_client_method => TLS_client_method
+ X509_STORE_CTX_set_chain => X509_STORE_CTX_set0_untrusted
+ sk_dup => OPENSSL_sk_dup
+ sk_free => OPENSSL_sk_free
+ sk_new => OPENSSL_sk_new
+ sk_num => OPENSSL_sk_num
+ sk_pop => OPENSSL_sk_pop
+ sk_push => OPENSSL_sk_push
+ sk_value => OPENSSL_sk_value

Additional methods have been added to KOpenSSLProxy to support
the new OpenSSL 1.1 API functions that provide access to the
(now) opaque SSL structures. Compatibility with OpenSSL < 1.1
is handled internally in KOpenSSLProxy.

+ BIO_get_data
+ DSA_get0_key
+ DSA_get0_pqg
+ EVP_PKEY_base_id
+ EVP_PKEY_get0_DSA
+ EVP_PKEY_get0_RSA
+ RSA_get0_key
+ X509_CRL_get0_lastUpdate
+ X509_CRL_get0_nextUpdate
+ X509_OBJECT_get0_X509
+ X509_OBJECT_get_type
+ X509_STORE_CTX_get_current_cert
+ X509_STORE_CTX_get_error
+ X509_STORE_CTX_get_error_depth
+ X509_STORE_CTX_set_error
+ X509_STORE_get0_objects
+ X509_STORE_set_verify_cb
+ X509_get0_signature
+ X509_getm_notAfter
+ X509_getm_notBefore
+ X509_subject_name_cmp
+ _SSL_session_reused
+ _SSL_set_options

Method "KSSL::setSession" has been renamed to "KSSL::takeSession"
and its functionality has changed: the session is now transferred
from the argument object to the invoked object. Since it is only
used internally in TDE and the functionality is different, the
method with the previous name has not been preserved.

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
(cherry picked from commit e1861cb6811f7bac405ece204407ca46c000a453)

1 files changed, 20 insertions, 17 deletions

diff --git a/tdeio/kssl/kssl.cc b/tdeio/kssl/kssl.cc
index 874da6aa6..c579471b0 100644
--- a/tdeio/kssl/kssl.cc
+++ b/tdeio/kssl/kssl.cc
@@ -51,7 +51,6 @@
 #include <tdelocale.h>
 #include <ksocks.h>
 
-#define sk_dup d->kossl->sk_dup
 
 class KSSLPrivate {
 public:
@@ -180,7 +179,7 @@ bool KSSL::initialize() {
 		d->m_meth = d->kossl->TLSv1_client_method();
 	else if (!m_cfg->tlsv1() && m_cfg->sslv3() && !m_cfg->sslv2())
 		d->m_meth = d->kossl->SSLv3_client_method();
-	else d->m_meth = d->kossl->SSLv23_client_method();
+	else d->m_meth = d->kossl->TLS_client_method();
 
 /*
 if (m_cfg->sslv2() && m_cfg->sslv3()) kdDebug(7029) << "Double method" << endl;
@@ -207,7 +206,7 @@ return false;
 }
 
 
-bool KSSL::setSession(const KSSLSession *session) {
+bool KSSL::takeSession(KSSLSession *session) {
 #ifdef KSSL_HAVE_SSL
 	if (!session) {
 		delete d->session;
@@ -215,11 +214,10 @@ bool KSSL::setSession(const KSSLSession *session) {
 		return true;
 	}
 
-	// Obtain a reference by incrementing the reference count.  Yuck.
-	static_cast<SSL_SESSION*>(session->_session)->references++;
-
+	// Take session reference
 	d->session = new KSSLSession;
 	d->session->_session = session->_session;
+	session->_session = 0L;
 
 	return true;
 #else
@@ -284,12 +282,16 @@ int rc;
 		return -1;
 
 	if (d->session) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		if (static_cast<SSL_SESSION*>(d->session->_session)->sess_cert == 0)
 		{
 			kdDebug(7029) << "Can't reuse session, no certificate." << endl;
 			delete d->session;
 			d->session = 0;
-		} else if (1 == d->kossl->SSL_set_session(d->m_ssl,
+		}
+		else
+#endif
+		if (1 == d->kossl->SSL_set_session(d->m_ssl,
 			static_cast<SSL_SESSION*>(d->session->_session))) {
 			kdDebug(7029) << "Session ID is being reused." << endl;
 		} else {
@@ -316,7 +318,7 @@ int rc;
 	if (!m_cfg->sslv2())
 		off |= SSL_OP_NO_SSLv2;
 
-	d->kossl->SSL_set_options(d->m_ssl, off);
+	d->kossl->_SSL_set_options(d->m_ssl, off);
 
 	rc = d->kossl->SSL_set_fd(d->m_ssl, sock);
 	if (rc == 0) {
@@ -341,7 +343,7 @@ int rc;
 		return -1;
 	}
 
-	if (!d->kossl->SSL_session_reused(d->m_ssl)) {
+	if (!d->kossl->_SSL_session_reused(d->m_ssl)) {
 		if (d->session) {
 			kdDebug(7029) << "Session reuse failed.  New session used instead." << endl;
 			delete d->session;
@@ -375,12 +377,16 @@ int rc;
 		return -1;
 
 	if (d->session) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		if (static_cast<SSL_SESSION*>(d->session->_session)->sess_cert == 0)
 		{
 			kdDebug(7029) << "Can't reuse session, no certificate." << endl;
 			delete d->session;
 			d->session = 0;
-		} else if (1 == d->kossl->SSL_set_session(d->m_ssl,
+		}
+		else
+#endif
+		if (1 == d->kossl->SSL_set_session(d->m_ssl,
 			static_cast<SSL_SESSION*>(d->session->_session))) {
 			kdDebug(7029) << "Session ID is being reused." << endl;
 		} else {
@@ -407,7 +413,7 @@ int rc;
 	if (!m_cfg->sslv2())
 		off |= SSL_OP_NO_SSLv2;
 
-	d->kossl->SSL_set_options(d->m_ssl, off);
+	d->kossl->_SSL_set_options(d->m_ssl, off);
 
 	rc = d->kossl->SSL_set_fd(d->m_ssl, sock);
 	if (rc == 0) {
@@ -441,7 +447,7 @@ connect_again:
 		}
 	}
 
-	if (!d->kossl->SSL_session_reused(d->m_ssl)) {
+	if (!d->kossl->_SSL_session_reused(d->m_ssl)) {
 		if (d->session) {
 			kdDebug(7029) << "Session reuse failed.  New session used instead." << endl;
 			delete d->session;
@@ -613,7 +619,7 @@ void KSSL::setPeerInfo() {
 	m_pi.m_cert.setCert(d->kossl->SSL_get_peer_certificate(d->m_ssl));
 	STACK_OF(X509) *xs = d->kossl->SSL_get_peer_cert_chain(d->m_ssl);
 	if (xs)
-		xs = sk_X509_dup(xs);   // Leak? 
+		xs = reinterpret_cast<STACK_OF(X509)*>(d->kossl->OPENSSL_sk_dup(xs));   // Leak?
 	m_pi.m_cert.setChain((void *)xs);
 #endif
 }
@@ -671,18 +677,15 @@ EVP_PKEY *k = pkcs->getPrivateKey();
 #endif
 }
 
-#undef sk_dup
-
 const KSSLSession* KSSL::session() const {
 	return d->session;
 }
 
 bool KSSL::reusingSession() const {
 #ifdef KSSL_HAVE_SSL
-	return (d->m_ssl && d->kossl->SSL_session_reused(d->m_ssl));
+	return (d->m_ssl && d->kossl->_SSL_session_reused(d->m_ssl));
 #else
 	return false;
 #endif
 }
 
-