[packages/virtuoso] - up to 7.2.5; add openssl 1.1.1 fixes
arekm
arekm at pld-linux.org
Tue Sep 18 09:07:43 CEST 2018
commit cbc7284ee1cf3dfc205893a3f3fbf9b99f30572b
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Tue Sep 18 09:07:34 2018 +0200
- up to 7.2.5; add openssl 1.1.1 fixes
imagemagick7.patch | 231 ---------
openssl.patch | 1459 ++++++++++++++++++++++++++++++++++++++++++++++++++++
virtuoso.spec | 22 +-
3 files changed, 1472 insertions(+), 240 deletions(-)
---
diff --git a/virtuoso.spec b/virtuoso.spec
index a56c667..806c96c 100644
--- a/virtuoso.spec
+++ b/virtuoso.spec
@@ -10,14 +10,15 @@
Summary: OpenLink Virtuoso Database System
Summary(pl.UTF-8): System baz danych OpenLink Virtuoso
Name: virtuoso
-Version: 7.2.4.2
-Release: 4
+Version: 7.2.5
+Release: 1
License: GPL v2
Group: Applications
Source0: http://downloads.sourceforge.net/virtuoso/%{name}-opensource-%{version}.tar.gz
-# Source0-md5: 11b081934ab4698f0f341e1b410fc4fe
+# Source0-md5: fb23ada91ae39dd3cb2fc4b45d99ceac
Patch0: libwbxml.patch
-Patch1: imagemagick7.patch
+
+Patch2: openssl.patch
URL: http://virtuoso.openlinksw.com/
BuildRequires: ImageMagick-devel
BuildRequires: autoconf
@@ -112,7 +113,8 @@ Virtuoso documentation.
%prep
%setup -q -n %{name}-opensource-%{version}
%patch0 -p1
-%patch1 -p1
+
+%patch2 -p1
%build
%{__libtoolize}
@@ -133,7 +135,8 @@ Virtuoso documentation.
--with-readline \
--without-internal-zlib \
--with-pthreads \
- --disable-static
+ --disable-static \
+ --disable-silent-rules
%{__make} -j1
@@ -181,9 +184,10 @@ rm -rf $RPM_BUILD_ROOT
%files plugins-hosting
%defattr(644,root,root,755)
-%dir %{_libdir}/%{name}
-%dir %{_libdir}/%{name}/%{name}/hosting
-%attr(755,root,root) %{_libdir}/%{name}/%{name}/hosting/im.so
+%dir %{_libdir}/virtuoso/virtuoso/hosting
+%attr(755,root,root) %{_libdir}/virtuoso/virtuoso/hosting/creolewiki.so
+%attr(755,root,root) %{_libdir}/virtuoso/virtuoso/hosting/mediawiki.so
+%attr(755,root,root) %{_libdir}/virtuoso/virtuoso/hosting/wikiv.so
%{?with_wbxml:%attr(755,root,root) %{_libdir}/%{name}/%{name}/hosting/wbxml2.so}
%if %{with vad}
diff --git a/imagemagick7.patch b/imagemagick7.patch
deleted file mode 100644
index b9d85cc..0000000
--- a/imagemagick7.patch
+++ /dev/null
@@ -1,231 +0,0 @@
---- virtuoso-opensource-7.2.1/configure.ac.orig 2016-12-21 09:10:29.000000000 +0100
-+++ virtuoso-opensource-7.2.1/configure.ac 2016-12-21 09:18:19.783118520 +0100
-@@ -1335,7 +1335,7 @@
-
- if test "x$with_im" != "xno"
- then
-- AC_PATH_PROG(IM_CONFIG, Wand-config, notfound, ["$with_im/bin:$PATH"])
-+ AC_PATH_PROG(IM_CONFIG, MagickWand-config, notfound, ["$with_im/bin:$PATH"])
-
- if test "x$IM_CONFIG" = "xnotfound"
- then
-@@ -1367,7 +1367,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <time.h>
--#include <wand/magick-wand.h>
-+#include <MagickWand/MagickWand.h>
- MagickWand *magick_wand;
- int
- main ()
---- virtuoso-opensource-7.2.1/binsrc/samples/image_magick/im.c~ 2015-03-12 03:09:01.000000000 +0100
-+++ virtuoso-opensource-7.2.1/binsrc/samples/image_magick/im.c 2016-12-21 09:20:43.071615860 +0100
-@@ -37,7 +37,7 @@
- #include <string.h>
- #include <time.h>
-
--#include <wand/magick-wand.h>
-+#include <MagickWand/MagickWand.h>
-
- #define IM_VERSION "0.6"
-
-@@ -310,7 +310,6 @@
- {
- switch (op)
- {
-- case 'A': strg_value = MagickGetImageAttribute (env.ime_magick_wand, key); break;
- case 'F': strg_value = MagickGetImageFormat (env.ime_magick_wand); break;
- case 'I': strg_value = MagickIdentifyImage (env.ime_magick_wand); break;
- case 'W': ul_value = MagickGetImageWidth (env.ime_magick_wand); break;
-@@ -347,9 +346,6 @@
- return res;
- }
-
--caddr_t
--bif_im_GetImageFileAttribute(caddr_t * qst, caddr_t * err, state_slot_t ** args)
--{ return bif_im_get_impl (qst, err, args, 1, 'A', "IM GetImageFileAttribute"); }
- caddr_t bif_im_GetImageFileFormat(caddr_t * qst, caddr_t * err, state_slot_t ** args)
- { return bif_im_get_impl (qst, err, args, 1, 'F', "IM GetImageFileFormat"); }
- caddr_t bif_im_GetImageFileIdentify(caddr_t * qst, caddr_t * err, state_slot_t ** args)
-@@ -362,8 +358,6 @@
- { return bif_im_get_impl (qst, err, args, 1, 'H', "IM GetImageFileHeight"); }
- caddr_t bif_im_GetImageFileWH(caddr_t * qst, caddr_t * err, state_slot_t ** args)
- { return bif_im_get_impl (qst, err, args, 1, '2', "IM GetImageFileWH"); }
--caddr_t bif_im_GetImageBlobAttribute(caddr_t * qst, caddr_t * err, state_slot_t ** args)
--{ return bif_im_get_impl (qst, err, args, 0, 'A', "IM GetImageBlobAttribute"); }
- caddr_t bif_im_GetImageBlobFormat(caddr_t * qst, caddr_t * err, state_slot_t ** args)
- { return bif_im_get_impl (qst, err, args, 0, 'F', "IM GetImageBlobFormat"); }
- caddr_t bif_im_GetImageBlobIdentify(caddr_t * qst, caddr_t * err, state_slot_t ** args)
-@@ -409,7 +403,6 @@
- long y = bif_long_arg (qst, args, 5, "IM CropAndResizeImageBlob");
- long h_size = bif_long_arg (qst, args, 6, "IM ResizeImageBlob");
- long v_size = bif_long_arg (qst, args, 7, "IM ResizeImageBlob");
-- double blur = bif_double_arg (qst, args, 8, "IM ResizeImageBlob");
- long filter = bif_long_arg (qst, args, 9, "IM ResizeImageBlob");
- if (filter < 0 || filter > 15)
- filter = PointFilter;
-@@ -421,7 +414,7 @@
- while (MagickNextImage (env.ime_magick_wand) != MagickFalse)
- {
- MagickCropImage (env.ime_magick_wand, width, height, x, y);
-- MagickResizeImage (env.ime_magick_wand, h_size, v_size, filter, blur);
-+ MagickResizeImage (env.ime_magick_wand, h_size, v_size, filter);
- }
- res = im_write (&env);
- im_leave (&env);
-@@ -490,7 +483,6 @@
- im_env_t env;
- double v_size = bif_double_arg (qst, args, 1, "IM ResampleImageFile");
- double h_size = bif_double_arg (qst, args, 2, "IM ResampleImageFile");
-- double blur = bif_double_arg (qst, args, 3, "IM ResampleImageFile");
- long filter = bif_long_arg (qst, args, 4, "IM ResampleImageFile");
- if (filter < 0 || filter > 15)
- filter = PointFilter;
-@@ -500,7 +492,7 @@
- MagickResetIterator (env.ime_magick_wand);
- while (MagickNextImage (env.ime_magick_wand) != MagickFalse)
- {
-- MagickResampleImage (env.ime_magick_wand,v_size, h_size,filter,blur);
-+ MagickResampleImage (env.ime_magick_wand,v_size, h_size,filter);
- }
- im_write (&env);
- im_leave (&env);
-@@ -513,7 +505,6 @@
- caddr_t res;
- double v_size = bif_double_arg (qst, args, 1, "IM ResampleImageFileToBlob");
- double h_size = bif_double_arg (qst, args, 2, "IM ResampleImageFileToBlob");
-- double blur = bif_double_arg (qst, args, 3, "IM ResampleImageFileToBlob");
- long filter = bif_long_arg (qst, args, 4, "IM ResampleImageFileToBlob");
- if (filter < 0 || filter > 15)
- filter = PointFilter;
-@@ -523,7 +514,7 @@
- MagickResetIterator (env.ime_magick_wand);
- while (MagickNextImage (env.ime_magick_wand) != MagickFalse)
- {
-- MagickResampleImage (env.ime_magick_wand,v_size, h_size,filter,blur);
-+ MagickResampleImage (env.ime_magick_wand,v_size, h_size,filter);
- }
- res = im_write (&env);
- im_leave (&env);
-@@ -536,7 +527,6 @@
- caddr_t res;
- double v_size = bif_double_arg (qst, args, 2, "IM ResampleImageBlob");
- double h_size = bif_double_arg (qst, args, 3, "IM ResampleImageBlob");
-- double blur = bif_double_arg (qst, args, 4, "IM ResampleImageBlob");
- long filter = bif_long_arg (qst, args, 5, "IM ResampleImageBlob");
- if (filter < 0 || filter > 15)
- filter = PointFilter;
-@@ -547,7 +537,7 @@
- MagickResetIterator (env.ime_magick_wand);
- while (MagickNextImage (env.ime_magick_wand) != MagickFalse)
- {
-- MagickResampleImage (env.ime_magick_wand,v_size, h_size,filter,blur);
-+ MagickResampleImage (env.ime_magick_wand,v_size, h_size,filter);
- }
- res = im_write (&env);
- im_leave (&env);
-@@ -560,7 +550,6 @@
- im_env_t env;
- long v_size = bif_long_arg (qst, args, 1, "IM ResizeImageFile");
- long h_size = bif_long_arg (qst, args, 2, "IM ResizeImageFile");
-- double blur = bif_double_arg (qst, args, 3, "IM ResizeImageFile");
- long filter = bif_long_arg (qst, args, 4, "IM ResizeImageFile");
- if (filter < 0 || filter > 15)
- filter = PointFilter;
-@@ -570,7 +559,7 @@
- MagickResetIterator (env.ime_magick_wand);
- while (MagickNextImage (env.ime_magick_wand) != MagickFalse)
- {
-- MagickResizeImage (env.ime_magick_wand,v_size, h_size,filter,blur);
-+ MagickResizeImage (env.ime_magick_wand,v_size, h_size,filter);
- }
- im_write (&env);
- im_leave (&env);
-@@ -583,7 +572,6 @@
- caddr_t res;
- long v_size = bif_long_arg (qst, args, 1, "IM ResizeImageFileToBlob");
- long h_size = bif_long_arg (qst, args, 2, "IM ResizeImageFileToBlob");
-- double blur = bif_double_arg (qst, args, 3, "IM ResizeImageFileToBlob");
- long filter = bif_long_arg (qst, args, 4, "IM ResizeImageFileToBlob");
- if (filter < 0 || filter > 15)
- filter = PointFilter;
-@@ -593,7 +581,7 @@
- MagickResetIterator (env.ime_magick_wand);
- while (MagickNextImage (env.ime_magick_wand) != MagickFalse)
- {
-- MagickResizeImage (env.ime_magick_wand,v_size, h_size,filter,blur);
-+ MagickResizeImage (env.ime_magick_wand,v_size, h_size,filter);
- }
- res = im_write (&env);
- im_leave (&env);
-@@ -606,7 +594,6 @@
- caddr_t res;
- long v_size = bif_long_arg (qst, args, 2, "IM ResizeImageBlob");
- long h_size = bif_long_arg (qst, args, 3, "IM ResizeImageBlob");
-- double blur = bif_double_arg (qst, args, 4, "IM ResizeImageBlob");
- long filter = bif_long_arg (qst, args, 5, "IM ResizeImageBlob");
- if (filter < 0 || filter > 15)
- filter = PointFilter;
-@@ -617,7 +604,7 @@
- MagickResetIterator (env.ime_magick_wand);
- while (MagickNextImage (env.ime_magick_wand) != MagickFalse)
- {
-- MagickResizeImage (env.ime_magick_wand,v_size, h_size,filter,blur);
-+ MagickResizeImage (env.ime_magick_wand,v_size, h_size,filter);
- }
- res = im_write (&env);
- im_leave (&env);
-@@ -636,7 +623,7 @@
- MagickResetIterator (env.ime_magick_wand);
- while (MagickNextImage (env.ime_magick_wand) != MagickFalse)
- {
-- MagickResizeImage (env.ime_magick_wand,v_size, h_size,filter,1.0);
-+ MagickResizeImage (env.ime_magick_wand,v_size, h_size,filter);
- MagickProfileImage (env.ime_magick_wand, "*", NULL, 0);
- }
- im_write (&env);
-@@ -659,7 +646,7 @@
- MagickResetIterator (env.ime_magick_wand);
- while (MagickNextImage (env.ime_magick_wand) != MagickFalse)
- {
-- MagickResizeImage (env.ime_magick_wand,v_size, h_size,filter,1.0);
-+ MagickResizeImage (env.ime_magick_wand,v_size, h_size,filter);
- MagickProfileImage (env.ime_magick_wand, "*", NULL, 0);
- }
- res = im_write (&env);
-@@ -683,7 +670,7 @@
- MagickResetIterator (env.ime_magick_wand);
- while (MagickNextImage (env.ime_magick_wand) != MagickFalse)
- {
-- MagickResizeImage (env.ime_magick_wand,v_size, h_size,filter,1.0);
-+ MagickResizeImage (env.ime_magick_wand,v_size, h_size,filter);
- MagickProfileImage (env.ime_magick_wand, "*", NULL, 0);
- }
- res = im_write (&env);
-@@ -734,8 +721,8 @@
- v_size = MagickGetImageHeight (env.ime_magick_wand);
- if ((256 < h_size) || (256 < v_size))
- continue;
-- MagickResizeImage (env.ime_magick_wand, h_size/2, v_size/2, BoxFilter, 1.0);
-- if (MagickFalse == MagickCompositeImage (env.ime_target_magick_wand, env.ime_magick_wand, OverCompositeOp, (image_ctr & 1) * 128, (image_ctr & 2) * 64))
-+ MagickResizeImage (env.ime_magick_wand, h_size/2, v_size/2, BoxFilter);
-+ if (MagickFalse == MagickCompositeImage (env.ime_target_magick_wand, env.ime_magick_wand, OverCompositeOp, MagickTrue, (image_ctr & 1) * 128, (image_ctr & 2) * 64))
- im_leave_with_error (&env, "22023", "IM001", "Can not composite image");
- }
- im_reset_read (&env);
-@@ -893,7 +880,6 @@
- bif_define ("IM ResampleImageFile", bif_im_ResampleImageFile);
- bif_define ("IM RotateImageFile", bif_im_RotateImageFile);
- bif_define ("IM CropImageFile", bif_im_CropImageFile);
-- bif_define ("IM GetImageFileAttribute", bif_im_GetImageFileAttribute);
- bif_define ("IM GetImageFileFormat", bif_im_GetImageFileFormat);
- bif_define ("IM GetImageFileIdentify", bif_im_GetImageFileIdentify);
- bif_define ("IM GetImageBlobIdentify", bif_im_GetImageBlobIdentify);
-@@ -908,7 +894,6 @@
- bif_define ("IM ResampleImageFileToBlob", bif_im_ResampleImageFileToBlob);
- bif_define ("IM RotateImageFileToBlob", bif_im_RotateImageFileToBlob);
- bif_define ("IM CropImageFileToBlob", bif_im_CropImageFileToBlob);
-- bif_define ("IM GetImageBlobAttribute", bif_im_GetImageBlobAttribute);
- bif_define ("IM GetImageBlobFormat", bif_im_GetImageBlobFormat);
- bif_define ("IM GetImageBlobWidth", bif_im_GetImageBlobWidth);
- bif_define ("IM GetImageBlobHeight", bif_im_GetImageBlobHeight);
diff --git a/openssl.patch b/openssl.patch
new file mode 100644
index 0000000..88e87a5
--- /dev/null
+++ b/openssl.patch
@@ -0,0 +1,1459 @@
+Description: Fix FTBFS with openssl 1.1
+Author: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
+Bug-Debian: https://bugs.debian.org/828594
+Forwarded: https://github.com/openlink/virtuoso-opensource/pull/583
+Last-Update: Fri, 17 Aug 2018 14:21:44 +0200 (by Andreas Tille <tille at debian.org>)
+
+---
+
+From 823092cccbd8e2ab9bfad6c3d3df791a7ffa76fc Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
+Date: Mon, 5 Sep 2016 10:49:54 +0000
+Subject: [PATCH] virtuoso-opensource: build against openssl 1.1.0
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
+---
+ libsrc/Dk/Dkernel.c | 6 +-
+ libsrc/Wi/bif_crypto.c | 120 ++++++++++--------
+ libsrc/Wi/http.c | 2 +-
+ libsrc/Wi/xmlenc.c | 319 +++++++++++++++++++++++++++--------------------
+ libsrc/Wi/xmlenc.h | 193 ++++++++++++++++++++++++++--
+ libsrc/Wi/xmlenc_algos.c | 132 +++++++++++---------
+ libsrc/util/sslengine.c | 6 +-
+ 7 files changed, 524 insertions(+), 254 deletions(-)
+
+--- a/libsrc/Wi/bif_crypto.c
++++ b/libsrc/Wi/bif_crypto.c
+@@ -181,21 +181,26 @@ box_hmac (caddr_t box, caddr_t key, int
+ unsigned char temp[EVP_MAX_MD_SIZE];
+ unsigned int size = 0;
+ caddr_t res = NULL;
+- HMAC_CTX ctx;
++ HMAC_CTX *ctx;
+ const EVP_MD *md = EVP_sha1 ();
+
+ if (alg == 1)
+ md = EVP_ripemd160 ();
+
+- HMAC_Init (&ctx, key, box_length (key) - DV_STRINGP (key) ? 1 : 0, md);
+- box_hmac_1 (box, &ctx);
+- HMAC_Final (&ctx, temp, &size);
++ ctx = HMAC_CTX_new();
++ if (!ctx)
++ return res;
++
++ HMAC_Init_ex (ctx, key, box_length (key) - DV_STRINGP (key) ? 1 : 0, md, NULL);
++ box_hmac_1 (box, ctx);
++ HMAC_Final (ctx, temp, &size);
+ if (size)
+ {
+ res = dk_alloc_box (size + 1, DV_SHORT_STRING);
+ memcpy (res, temp, size);
+ res[size] = 0;
+ }
++ HMAC_CTX_free(ctx);
+ return res;
+ }
+
+@@ -347,14 +352,12 @@ asn1_parse_to_xml (BIO * bp, unsigned ch
+ {
+ int ii;
+
+- opp = op;
+- ii = d2i_ASN1_BOOLEAN (NULL, (const unsigned char **)&opp, len + hl);
+- if (ii < 0)
++ if (len + hl < 1)
+ {
+ if (BIO_write (bp, "Bad boolean\n", 12))
+ goto end;
+ }
+- BIO_printf (bp, "%d", ii);
++ BIO_printf (bp, "%d", p[0]);
+ }
+ else if (tag == V_ASN1_BMPSTRING)
+ {
+@@ -415,7 +418,7 @@ asn1_parse_to_xml (BIO * bp, unsigned ch
+ }
+ if (os != NULL)
+ {
+- M_ASN1_OCTET_STRING_free (os);
++ ASN1_STRING_free (os);
+ os = NULL;
+ }
+ }
+@@ -448,7 +451,7 @@ asn1_parse_to_xml (BIO * bp, unsigned ch
+ if (BIO_write (bp, "BAD INTEGER", 11) <= 0)
+ goto end;
+ }
+- M_ASN1_INTEGER_free (bs);
++ ASN1_STRING_free (bs);
+ }
+ else if (tag == V_ASN1_ENUMERATED)
+ {
+@@ -479,7 +482,7 @@ asn1_parse_to_xml (BIO * bp, unsigned ch
+ if (BIO_write (bp, "BAD ENUMERATED", 11) <= 0)
+ goto end;
+ }
+- M_ASN1_ENUMERATED_free (bs);
++ ASN1_STRING_free (bs);
+ }
+ else if (len > 0 && dump)
+ {
+@@ -515,7 +518,7 @@ end:
+ if (o != NULL)
+ ASN1_OBJECT_free (o);
+ if (os != NULL)
+- M_ASN1_OCTET_STRING_free (os);
++ ASN1_STRING_free (os);
+ *pp = p;
+ return (ret);
+ }
+@@ -723,7 +726,7 @@ bio_to_strses (BIO * out_bio)
+ int len = BIO_get_mem_data (out_bio, &ptr);
+ int to_read = len, readed = 0;
+
+- to_free = ((BUF_MEM *) out_bio->ptr)->data;
++ to_free = ((BUF_MEM *) BIO_get_data(out_bio))->data;
+ BIO_set_flags (out_bio, BIO_FLAGS_MEM_RDONLY);
+ CATCH_WRITE_FAIL (ses)
+ {
+@@ -735,7 +738,7 @@ bio_to_strses (BIO * out_bio)
+ } while (to_read > 0);
+ }
+ END_WRITE_FAIL (ses);
+- ((BUF_MEM *) out_bio->ptr)->data = to_free;
++ ((BUF_MEM *) BIO_get_data(out_bio))->data = to_free;
+ BIO_clear_flags (out_bio, BIO_FLAGS_MEM_RDONLY);
+ return ses;
+ }
+@@ -770,7 +773,7 @@ bif_smime_verify (caddr_t * qst, caddr_t
+ if (DV_TYPE_OF (msg) == DV_STRING_SESSION)
+ {
+ in_bio = strses_to_bio ((dk_session_t *) msg);
+- to_free = ((BUF_MEM *) in_bio->ptr)->data;
++ to_free = ((BUF_MEM *) BIO_get_data(in_bio))->data;
+ BIO_set_flags (in_bio, BIO_FLAGS_MEM_RDONLY);
+ }
+ else
+@@ -780,7 +783,7 @@ bif_smime_verify (caddr_t * qst, caddr_t
+ p7 = SMIME_read_PKCS7 (in_bio, &data_bio);
+ if (to_free)
+ {
+- ((BUF_MEM *) in_bio->ptr)->data = to_free;
++ ((BUF_MEM *) BIO_get_data(in_bio))->data = to_free;
+ BIO_clear_flags (in_bio, BIO_FLAGS_MEM_RDONLY);
+ }
+ BIO_free (in_bio);
+@@ -924,16 +927,20 @@ bif_smime_sign (caddr_t * qst, caddr_t *
+ }
+
+ certs = sk_X509_new_null ();
+- if (store && store->objs)
++
++ if (store && X509_STORE_get0_objects(store))
+ {
+- for (inx = 0; inx < sk_X509_OBJECT_num (store->objs); inx++)
++ STACK_OF(X509_OBJECT) *store_objs = X509_STORE_get0_objects(store);
++
++ for (inx = 0; inx < sk_X509_OBJECT_num (store_objs); inx++)
+ {
+- X509_OBJECT *obj = sk_X509_OBJECT_value (store->objs, inx);
+- if (obj->type == X509_LU_X509)
+- sk_X509_push (certs, X509_dup (obj->data.x509));
++ X509_OBJECT *obj = sk_X509_OBJECT_value (store_objs, inx);
++ if (X509_OBJECT_get_type(obj) == X509_LU_X509)
++ sk_X509_push (certs, X509_dup (X509_OBJECT_get0_X509(obj)));
+ }
+
+ }
++
+ if (store)
+ X509_STORE_free (store);
+ in_bio = BIO_new_mem_buf (msg, box_length (msg) - 1);
+@@ -1005,15 +1012,19 @@ bif_smime_encrypt (caddr_t * qst, caddr_
+ sqlr_new_error ("42000", "CR006", "No recipient certificates");
+
+ certs = sk_X509_new_null ();
+- if (store && store->objs)
++
++ if (store && X509_STORE_get0_objects(store))
+ {
+- for (inx = 0; inx < sk_X509_OBJECT_num (store->objs); inx++)
++ STACK_OF(X509_OBJECT) *store_objs = X509_STORE_get0_objects(store);
++
++ for (inx = 0; inx < sk_X509_OBJECT_num (store_objs); inx++)
+ {
+- X509_OBJECT *obj = sk_X509_OBJECT_value (store->objs, inx);
+- if (obj->type == X509_LU_X509)
+- sk_X509_push (certs, X509_dup (obj->data.x509));
++ X509_OBJECT *obj = sk_X509_OBJECT_value (store_objs, inx);
++ if (X509_OBJECT_get_type(obj) == X509_LU_X509)
++ sk_X509_push (certs, X509_dup (X509_OBJECT_get0_X509(obj)));
+ }
+ }
++
+ if (store)
+ X509_STORE_free (store);
+ in_bio = BIO_new_mem_buf (msg, box_length (msg) - 1);
+@@ -1181,7 +1192,7 @@ x509_certificate_verify_cb (int ok, X509
+ char *opts = (char *) X509_STORE_CTX_get_app_data (ctx);
+ if (!ok && opts)
+ {
+- switch (ctx->error)
++ switch (X509_STORE_CTX_get_error(ctx))
+ {
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ if (strstr (opts, "expired"))
+@@ -1287,7 +1298,7 @@ bif_x509_certificate_verify (caddr_t * q
+ if (!i)
+ {
+ const char *err_str;
+- err_str = X509_verify_cert_error_string (csc->error);
++ err_str = X509_verify_cert_error_string (X509_STORE_CTX_get_error(csc));
+ *err_ret = srv_make_new_error ("22023", "CR015", "X509 error: %s", err_str);
+ }
+
+@@ -1308,20 +1319,16 @@ err_ret:
+ #define VIRT_CERT_EXT "2.16.840.1.1113.1"
+
+ static caddr_t
+-BN_box (BIGNUM * x)
++BN_box (const BIGNUM *x)
+ {
+ size_t buf_len, n;
+ caddr_t buf;
+ buf_len = (size_t) BN_num_bytes (x);
+- if (buf_len <= BN_BYTES)
+- buf = box_num ((unsigned long) x->d[0]);
+- else
+- {
+- buf = dk_alloc_box (buf_len, DV_BIN);
+- n = BN_bn2bin (x, (unsigned char *) buf);
+- if (n != buf_len)
+- GPF_T;
+- }
++ /* did not figure out where buf is free()ed */
++ buf = dk_alloc_box (buf_len, DV_BIN);
++ n = BN_bn2bin (x, (unsigned char *) buf);
++ if (n != buf_len)
++ GPF_T;
+ return buf;
+ }
+
+@@ -1498,7 +1505,7 @@ bif_get_certificate_info (caddr_t * qst,
+ int i;
+ char tmp[1024];
+ char *ext_oid = (char *) (BOX_ELEMENTS (args) > 4 ? bif_string_arg (qst, args, 4, "get_certificate_info") : VIRT_CERT_EXT);
+- STACK_OF (X509_EXTENSION) * exts = cert->cert_info->extensions;
++ const STACK_OF (X509_EXTENSION) * exts = X509_get0_extensions(cert);
+ for (i = 0; i < sk_X509_EXTENSION_num (exts); i++)
+ {
+ X509_EXTENSION *ex = sk_X509_EXTENSION_value (exts, i);
+@@ -1510,7 +1517,7 @@ bif_get_certificate_info (caddr_t * qst,
+ char *data_ptr;
+ BIO *mem = BIO_new (BIO_s_mem ());
+ if (!X509V3_EXT_print (mem, ex, 0, 0))
+- M_ASN1_OCTET_STRING_print (mem, ex->value);
++ ASN1_STRING_print (mem, X509_EXTENSION_get_data(ex));
+ len = BIO_get_mem_data (mem, &data_ptr);
+ if (len > 0 && data_ptr)
+ {
+@@ -1537,18 +1544,23 @@ bif_get_certificate_info (caddr_t * qst,
+ if (k)
+ {
+ #ifdef EVP_PKEY_RSA
+- if (k->type == EVP_PKEY_RSA)
++ if (EVP_PKEY_id(k) == EVP_PKEY_RSA)
+ {
+- RSA *x = k->pkey.rsa;
+- ret = list (3, box_dv_short_string ("RSAPublicKey"), BN_box (x->e), BN_box (x->n));
++ const BIGNUM *n, *e;
++
++ RSA_get0_key(EVP_PKEY_get0_RSA(k), &n, &e, NULL);
++
++ ret = list (3, box_dv_short_string ("RSAPublicKey"), BN_box (e), BN_box (n));
+ }
+ else
+ #endif
+ #ifdef EVP_PKEY_DSA
+- if (k->type == EVP_PKEY_DSA)
++ if (EVP_PKEY_id(k) == EVP_PKEY_DSA)
+ {
+- DSA *x = k->pkey.dsa;
+- ret = list (2, box_dv_short_string ("DSAPublicKey"), BN_box (x->pub_key));
++ const BIGNUM *pub_key;
++
++ DSA_get0_key(EVP_PKEY_get0_DSA(k), &pub_key, NULL);
++ ret = list (2, box_dv_short_string ("DSAPublicKey"), BN_box (pub_key));
+ }
+ else
+ #endif
+@@ -1567,13 +1579,13 @@ bif_get_certificate_info (caddr_t * qst,
+ int n, i, len;
+ char *s, *data_ptr;
+ BIO *mem = BIO_new (BIO_s_mem ());
+- for (i = 0; NULL != subj && i < sk_X509_NAME_ENTRY_num(subj->entries); i++)
++ for (i = 0; NULL != subj && i < X509_NAME_entry_count(subj); i++)
+ {
+- ne = sk_X509_NAME_ENTRY_value(subj->entries,i);
+- n = OBJ_obj2nid (ne->object);
++ ne = X509_NAME_get_entry(subj, i);
++ n = OBJ_obj2nid (X509_NAME_ENTRY_get_object(ne));
+ if ((n == NID_undef) || ((s = (char *) OBJ_nid2sn (n)) == NULL))
+ {
+- i2t_ASN1_OBJECT (buffer, sizeof (buffer), ne->object);
++ i2t_ASN1_OBJECT (buffer, sizeof (buffer), X509_NAME_ENTRY_get_object(ne));
+ s = buffer;
+ }
+ if (!strcmp (s, attr))
+@@ -1582,9 +1594,10 @@ bif_get_certificate_info (caddr_t * qst,
+ break;
+ }
+ }
++
+ if (ne_ret)
+ {
+- ASN1_STRING_print (mem, ne_ret->value);
++ ASN1_STRING_print (mem, X509_NAME_ENTRY_get_data(ne_ret));
+ len = BIO_get_mem_data (mem, &data_ptr);
+ if (len > 0 && data_ptr)
+ {
+@@ -1605,17 +1618,17 @@ bif_get_certificate_info (caddr_t * qst,
+ dk_set_t set = NULL;
+ caddr_t val;
+ BIO *mem = BIO_new (BIO_s_mem ());
+- for (i = 0; NULL != subj && i < sk_X509_NAME_ENTRY_num(subj->entries); i++)
++ for (i = 0; NULL != subj && i < X509_NAME_entry_count(subj); i++)
+ {
+ val = NULL;
+- ne = sk_X509_NAME_ENTRY_value(subj->entries,i);
+- n = OBJ_obj2nid (ne->object);
++ ne = X509_NAME_get_entry(subj, i);
++ n = OBJ_obj2nid (X509_NAME_ENTRY_get_object(ne));
+ if ((n == NID_undef) || ((s = (char *) OBJ_nid2sn (n)) == NULL))
+ {
+- i2t_ASN1_OBJECT (buffer, sizeof (buffer), ne->object);
++ i2t_ASN1_OBJECT (buffer, sizeof (buffer), X509_NAME_ENTRY_get_object(ne));
+ s = buffer;
+ }
+- ASN1_STRING_print (mem, ne->value);
++ ASN1_STRING_print (mem, X509_NAME_ENTRY_get_data(ne));
+ len = BIO_get_mem_data (mem, &data_ptr);
+ if (len > 0 && data_ptr)
+ {
+@@ -1629,18 +1642,22 @@ bif_get_certificate_info (caddr_t * qst,
+ }
+ BIO_free (mem);
+ ret = list_to_array (dk_set_nreverse (set));
++
+ break;
+ }
+ case 12:
+ {
+ const unsigned char *s;
+ int i, n;
+- const ASN1_STRING *sig = cert->signature;
+- X509_ALGOR *sigalg = cert->sig_alg;
++ const ASN1_STRING *sig;
++ const X509_ALGOR *sigalg;
++ const ASN1_OBJECT *sig_alg_algorithm;
+ char buf[80];
+ caddr_t val;
+
+- i2t_ASN1_OBJECT(buf,sizeof (buf), sigalg->algorithm);
++ X509_get0_signature(&sig, &sigalg, cert);
++ X509_ALGOR_get0(&sig_alg_algorithm, NULL, NULL, sigalg);
++ i2t_ASN1_OBJECT(buf,sizeof (buf), sig_alg_algorithm);
+
+ n = sig->length;
+ s = sig->data;
+@@ -1660,11 +1677,11 @@ bif_get_certificate_info (caddr_t * qst,
+ if (k)
+ {
+ #ifdef EVP_PKEY_RSA
+- if (k->type == EVP_PKEY_RSA)
++ if (EVP_PKEY_id(k) == EVP_PKEY_RSA)
+ {
+ char *data_ptr;
+ int len;
+- RSA *x = k->pkey.rsa;
++ RSA *x = EVP_PKEY_get0_RSA(k);
+ b = BIO_new (BIO_s_mem());
+ i2d_RSA_PUBKEY_bio (b, x);
+ len = BIO_get_mem_data (b, &data_ptr);
+--- a/libsrc/Wi/xmlenc.c
++++ b/libsrc/Wi/xmlenc.c
+@@ -1215,36 +1215,45 @@ void xenc_key_remove (xenc_key_t * key,
+ }
+
+
+-static void
+-genrsa_cb(int p, int n, void *arg)
+-{
+-#ifdef LINT
+- p=n;
+-#endif
+-}
+-
+ int
+ __xenc_key_rsa_init (char *name)
+ {
+ RSA *rsa = NULL;
+- int num=1024;
+- unsigned long f4=RSA_F4;
++ BIGNUM *bn = NULL;
+ int r;
++
+ xenc_key_t * pkey = xenc_get_key_by_name (name, 1);
+ if (NULL == pkey)
+ SQLR_NEW_KEY_ERROR (name);
+
+- rsa=RSA_generate_key(num,f4,genrsa_cb,NULL);
++ rsa = RSA_new();
++ if (!rsa)
++ goto out;
++ bn = BN_new();
++ if (!bn)
++ goto out;
++ if (!BN_set_word(bn, RSA_F4))
++ goto out;
++
++ if (!RSA_generate_key_ex(rsa, 1024, bn, NULL))
++ goto out;
++
+ r = RSA_check_key(rsa);
++ if (r != 1)
++ goto out;
+ pkey->ki.rsa.pad = RSA_PKCS1_PADDING;
+- if (rsa == NULL)
+- {
+- sqlr_new_error ("42000", "XENC06",
+- "RSA parameters generation error");
+- }
+ pkey->xek_rsa = rsa;
+ pkey->xek_private_rsa = rsa;
++ BN_free(bn);
+ return 0;
++out:
++ if (bn)
++ BN_free(bn);
++ if (rsa)
++ RSA_free(rsa);
++ sqlr_new_error ("42000", "XENC06",
++ "RSA parameters generation error");
++ return -1;
+ }
+
+
+@@ -1455,19 +1464,19 @@ xenc_key_t * xenc_key_create_from_x509_c
+
+ if (pkey)
+ {
+- switch (EVP_PKEY_type (pkey->type))
++ switch (EVP_PKEY_type (EVP_PKEY_id(pkey)))
+ {
+ case EVP_PKEY_DSA:
+ sign_algoname = DSIG_DSA_SHA1_ALGO;
+ enc_algoname = XENC_DSA_ALGO;
+- dsa = pkey->pkey.dsa;
+- private_dsa = private_key ? private_key->pkey.dsa : 0;
++ dsa = EVP_PKEY_get0_DSA(pkey);
++ private_dsa = private_key ? EVP_PKEY_get0_DSA(private_key) : 0;
+ break;
+ case EVP_PKEY_RSA:
+ sign_algoname = DSIG_RSA_SHA1_ALGO;
+ enc_algoname = XENC_RSA_ALGO;
+- rsa = pkey->pkey.rsa;
+- private_rsa = private_key ? private_key->pkey.rsa : 0;
++ rsa = EVP_PKEY_get0_RSA(pkey);
++ private_rsa = private_key ? EVP_PKEY_get0_RSA(private_key) : 0;
+ break;
+ default:
+ goto finish;
+@@ -1516,13 +1525,6 @@ xenc_key_t * xenc_key_create_from_x509_c
+ return k;
+ }
+
+-static void dh_cb(int p, int n, void *arg)
+-{
+-#ifdef LINT
+- p=n;
+-#endif
+-}
+-
+ static /*xenc_key_DSA_create */
+ caddr_t bif_xenc_key_dsa_create (caddr_t * qst, caddr_t * err_r, state_slot_t ** args)
+ {
+@@ -1588,15 +1590,21 @@ caddr_t bif_xenc_key_DH_create (caddr_t
+ dh = DH_new ();
+ bn_p = BN_bin2bn ((unsigned char *)mod, p_len, NULL);
+ bn_g = BN_bin2bn (g_bin, 1, NULL);
+- dh->p = bn_p;
+- dh->g = bn_g;
++ if (dh)
++ DH_set0_pqg(dh, bn_p, NULL, bn_g);
+
+ dk_free_box (mod_b64);
+ dk_free_box (mod);
+ }
+ else
+ {
+- dh = DH_generate_parameters (num, g, dh_cb, NULL);
++ dh = DH_new();
++ if (dh) {
++ if (!DH_generate_parameters_ex(dh, num, g, NULL)) {
++ DH_free(dh);
++ dh = NULL;
++ }
++ }
+ }
+ if (!dh)
+ {
+@@ -1626,7 +1634,7 @@ caddr_t bif_xenc_DH_get_params (caddr_t
+ int n, len;
+ caddr_t buf = NULL, ret, b64;
+ DH *dh;
+- BIGNUM *num;
++ const BIGNUM *num;
+
+ mutex_enter (xenc_keys_mtx);
+ key = xenc_get_key_by_name (name, 0);
+@@ -1641,19 +1649,19 @@ caddr_t bif_xenc_DH_get_params (caddr_t
+ switch (param)
+ {
+ case 1:
+- num = dh->p;
++ DH_get0_pqg(dh, &num, NULL, NULL);
+ break;
+ case 2:
+- num = dh->g;
++ DH_get0_pqg(dh, NULL, NULL, &num);
+ break;
+ case 3:
+- num = dh->pub_key;
++ DH_get0_key(dh, &num, NULL);
+ break;
+ case 4:
+- num = dh->priv_key;
++ DH_get0_key(dh, NULL, &num);
+ break;
+ default:
+- num = dh->pub_key;
++ DH_get0_key(dh, &num, NULL);
+ }
+
+ buf_len = (size_t)BN_num_bytes(num);
+@@ -1811,7 +1819,15 @@ caddr_t bif_xenc_key_rsa_create (caddr_t
+ xenc_key_t * k;
+ caddr_t name = bif_string_arg (qst, args, 0, "xenc_key_RSA_create");
+ int num = (int) bif_long_arg (qst, args, 1, "xenc_key_RSA_create");
+- RSA *rsa = NULL;
++ RSA *rsa;
++ BIGNUM *bn;
++
++ rsa = RSA_new();
++ bn = BN_new();
++ if (!rsa || !bn)
++ goto out;
++ if (!BN_set_word(bn, RSA_F4))
++ goto out;
+
+ mutex_enter (xenc_keys_mtx);
+ if (NULL == (k = xenc_key_create (name, XENC_RSA_ALGO , DSIG_RSA_SHA1_ALGO, 0)))
+@@ -1820,12 +1836,11 @@ caddr_t bif_xenc_key_rsa_create (caddr_t
+ SQLR_NEW_KEY_EXIST_ERROR (name);
+ }
+
+- rsa = RSA_generate_key (num, RSA_F4, NULL, NULL);
+-
+- if (rsa == NULL)
+- {
+- sqlr_new_error ("42000", "XENC06", "RSA generation error");
+- }
++ if (!RSA_generate_key_ex (rsa, num, bn, NULL)) {
++ mutex_leave (xenc_keys_mtx);
++ goto out;
++ }
++ BN_free(bn);
+
+ k->xek_rsa = RSAPublicKey_dup (rsa);
+ k->xek_private_rsa = rsa;
+@@ -1839,6 +1854,13 @@ caddr_t bif_xenc_key_rsa_create (caddr_t
+
+ mutex_leave (xenc_keys_mtx);
+ return NULL;
++out:
++ if (bn)
++ BN_free(bn);
++ if (rsa)
++ RSA_free(rsa);
++ sqlr_new_error ("42000", "XENC06", "RSA generation error");
++ return NULL;
+ }
+
+ xenc_key_t *
+@@ -2034,7 +2056,13 @@ int __xenc_key_dsa_init (char *name, int
+ SQLR_NEW_KEY_ERROR (name);
+
+ RAND_poll ();
+- dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, NULL);
++ dsa = DSA_new();
++ if (dsa) {
++ if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, NULL)) {
++ DSA_free(dsa);
++ dsa = NULL;
++ }
++ }
+ if (dsa == NULL)
+ {
+ sqlr_new_error ("42000", "XENC11",
+@@ -2058,7 +2086,13 @@ int __xenc_key_dh_init (char *name, int
+ if (NULL == pkey)
+ SQLR_NEW_KEY_ERROR (name);
+
+- dh = DH_generate_parameters (num, g, dh_cb, NULL);
++ dh = DH_new();
++ if (dh) {
++ if (!DH_generate_parameters_ex(dh, num, g, NULL)) {
++ DH_free(dh);
++ dh = NULL;
++ }
++ }
+ if (!dh)
+ {
+ sqlr_new_error ("42000", "XENC11",
+@@ -2280,12 +2314,12 @@ bif_xenc_key_rsa_read (caddr_t * qst, ca
+ {
+ in = BIO_new_mem_buf (key_base64, len);
+ pkey = d2i_PUBKEY_bio (in, NULL);
+- if (pkey && pkey->type == EVP_PKEY_RSA)
+- p = pkey->pkey.rsa;
++ if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
++ p = EVP_PKEY_get0_RSA(pkey);
+ BIO_reset (in);
+ pkkey = d2i_PrivateKey_bio (in, NULL);
+- if (pkkey && pkkey->type == EVP_PKEY_RSA)
+- r = pkkey->pkey.rsa;
++ if (pkkey && EVP_PKEY_id(pkkey) == EVP_PKEY_RSA)
++ r = EVP_PKEY_get0_RSA(pkkey);
+ BIO_free (in);
+ }
+ else
+@@ -2304,9 +2338,11 @@ bif_xenc_key_rsa_read (caddr_t * qst, ca
+
+ if (!p)
+ {
++ const BIGNUM *n, *e;
++
++ RSA_get0_key(r, &n, &e, NULL);
+ p = RSA_new ();
+- p->n = BN_dup (r->n);
+- p->e = BN_dup (r->e);
++ RSA_set0_key(p, BN_dup(n), BN_dup(e), NULL);
+ }
+
+ mutex_enter (xenc_keys_mtx);
+@@ -2355,14 +2391,13 @@ bif_xenc_key_rsa_construct (caddr_t * qs
+ p = RSA_new ();
+ n = BN_bin2bn ((unsigned char *) mod, box_length (mod) - 1, NULL);
+ e = BN_bin2bn ((unsigned char *) exp, box_length (exp) - 1, NULL);
+- p->n = n;
+- p->e = e;
++ RSA_set0_key(p, n, e, NULL);
+ if (pexp)
+ {
+ pk = RSA_new ();
+- pk->d = BN_bin2bn ((unsigned char *) pexp, box_length (pexp) - 1, NULL);
+- pk->n = BN_dup (n);
+- pk->e = BN_dup (e);
++ RSA_set0_key(p, BN_dup(n),
++ BN_dup(e),
++ BN_bin2bn ((unsigned char *) pexp, box_length (pexp) - 1, NULL));
+ }
+ mutex_enter (xenc_keys_mtx);
+ k = xenc_key_create (name, XENC_RSA_ALGO, DSIG_RSA_SHA1_ALGO, 0);
+@@ -4086,7 +4121,7 @@ void xenc_tag_free (xenc_tag_t * t)
+ #endif
+ }
+
+-xenc_tag_t * xenc_tag_add_child_BN (xenc_tag_t * tag, BIGNUM * bn)
++static xenc_tag_t * xenc_tag_add_child_BN (xenc_tag_t * tag, const BIGNUM * bn)
+ {
+ char * buffer = dk_alloc_box (BN_num_bytes (bn), DV_BIN);
+ char * buffer_base64 = dk_alloc_box (box_length (buffer) * 2, DV_STRING);
+@@ -4111,12 +4146,15 @@ caddr_t ** xenc_generate_ext_info (xenc_
+ caddr_t ** array;
+ if (key->xek_type == DSIG_KEY_RSA)
+ {
++ const BIGNUM *rsa_n, *rsa_e;
++
++ RSA_get0_key(key->ki.rsa.rsa_st, &rsa_n, &rsa_e, NULL);
+ xenc_tag_t * rsakeyval = xenc_tag_create (DSIG_URI, ":RSAKeyValue");
+ xenc_tag_t * rsamodulus = xenc_tag_create (DSIG_URI, ":Modulus");
+ xenc_tag_t * rsaexponent = xenc_tag_create (DSIG_URI, ":Exponent");
+
+- xenc_tag_add_child_BN (rsamodulus, key->ki.rsa.rsa_st->n);
+- xenc_tag_add_child_BN (rsaexponent, key->ki.rsa.rsa_st->e);
++ xenc_tag_add_child_BN (rsamodulus, rsa_n);
++ xenc_tag_add_child_BN (rsaexponent, rsa_e);
+
+ xenc_tag_add_child (rsakeyval, xenc_tag_finalize (rsamodulus));
+ xenc_tag_add_child (rsakeyval, xenc_tag_finalize (rsaexponent));
+@@ -4135,12 +4173,15 @@ caddr_t ** xenc_generate_ext_info (xenc_
+ xenc_tag_t * g = xenc_tag_create (DSIG_URI, ":G");
+ xenc_tag_t * y = xenc_tag_create (DSIG_URI, ":Y");
+ DSA * dsa = key->ki.dsa.dsa_st;
++ const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
+
++ DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g);
++ DSA_get0_key(dsa, &dsa_pub_key, NULL);
+
+- xenc_tag_add_child_BN (p, dsa->p);
+- xenc_tag_add_child_BN (p, dsa->q);
+- xenc_tag_add_child_BN (p, dsa->g);
+- xenc_tag_add_child_BN (p, dsa->pub_key);
++ xenc_tag_add_child_BN (p, dsa_p);
++ xenc_tag_add_child_BN (p, dsa_q);
++ xenc_tag_add_child_BN (p, dsa_g);
++ xenc_tag_add_child_BN (p, dsa_pub_key);
+
+ xenc_tag_add_child (dsakeyval, xenc_tag_finalize (p));
+ xenc_tag_add_child (dsakeyval, xenc_tag_finalize (q));
+@@ -6187,7 +6228,7 @@ caddr_t xenc_x509_get_key_identifier (X5
+
+ ret = dk_alloc_box (ikeyid->length, DV_BIN);
+ memcpy (ret, ikeyid->data, ikeyid->length);
+- M_ASN1_OCTET_STRING_free(ikeyid);
++ ASN1_STRING_free(ikeyid);
+ return ret;
+ }
+
+@@ -6247,7 +6288,7 @@ bif_x509_get_subject (caddr_t * qst, cad
+
+ ret = dk_alloc_box (ikeyid->length, DV_BIN);
+ memcpy (ret, ikeyid->data, ikeyid->length);
+- M_ASN1_OCTET_STRING_free(ikeyid);
++ ASN1_STRING_free(ikeyid);
+ return ret;
+ }
+
+@@ -6806,7 +6847,7 @@ bif_xenc_x509_csr_generate (caddr_t * qs
+ sk_X509_EXTENSION_push(st_exts, ex);
+ }
+ X509_REQ_add_extensions(x, st_exts);
+- if (!X509_REQ_sign (x, pk, (pk->type == EVP_PKEY_RSA ? EVP_md5() : EVP_dss1())))
++ if (!X509_REQ_sign (x, pk, (EVP_PKEY_id(pk) == EVP_PKEY_RSA ? EVP_md5() : EVP_sha1())))
+ {
+ pk = NULL; /* keep one in the xenc_key */
+ *err_ret = srv_make_new_error ("42000", "XECXX", "Can not sign certificate : %s", get_ssl_error_text (buf, sizeof (buf)));
+@@ -6945,17 +6986,17 @@ bif_xenc_x509_from_csr (caddr_t * qst, c
+ *err_ret = srv_make_new_error ("42000", "XECXX", "Can not sign certificate");
+ goto err;
+ }
+- switch (EVP_PKEY_type (cli_pk->type))
++ switch (EVP_PKEY_type (EVP_PKEY_id(cli_pk)))
+ {
+ case EVP_PKEY_DSA:
+ sign_algoname = DSIG_DSA_SHA1_ALGO;
+ enc_algoname = XENC_DSA_ALGO;
+- dsa = cli_pk->pkey.dsa;
++ dsa = EVP_PKEY_get0_DSA(cli_pk);
+ break;
+ case EVP_PKEY_RSA:
+ sign_algoname = DSIG_RSA_SHA1_ALGO;
+ enc_algoname = XENC_RSA_ALGO;
+- rsa = cli_pk->pkey.rsa;
++ rsa = EVP_PKEY_get0_RSA(cli_pk);
+ break;
+ default:
+ *err_ret = srv_make_new_error ("42000", "XECXX", "The type of public key is not supported mus tbe RSA or DSA");
+@@ -7152,16 +7193,16 @@ bif_xenc_pubkey_pem_export (caddr_t * qs
+ {
+ k = X509_get_pubkey (key->xek_x509);
+ #ifdef EVP_PKEY_RSA
+- if (k->type == EVP_PKEY_RSA)
++ if (EVP_PKEY_id(k) == EVP_PKEY_RSA)
+ {
+- RSA * x = k->pkey.rsa;
++ RSA *x = EVP_PKEY_get0_RSA(k);
+ PEM_write_bio_RSA_PUBKEY (b, x);
+ }
+ #endif
+ #ifdef EVP_PKEY_DSA
+- if (k->type == EVP_PKEY_DSA)
++ if (EVP_PKEY_id(k) == EVP_PKEY_DSA)
+ {
+- DSA * x = k->pkey.dsa;
++ DSA * x = EVP_PKEY_get0_DSA(k);
+ PEM_write_bio_DSA_PUBKEY (b, x);
+ }
+ #endif
+@@ -7208,16 +7249,16 @@ bif_xenc_pubkey_der_export (caddr_t * qs
+ {
+ k = X509_get_pubkey (key->xek_x509);
+ #ifdef EVP_PKEY_RSA
+- if (k->type == EVP_PKEY_RSA)
++ if (EVP_PKEY_id(k) == EVP_PKEY_RSA)
+ {
+- RSA * x = k->pkey.rsa;
++ RSA * x = EVP_PKEY_get0_RSA(k);
+ i2d_RSA_PUBKEY_bio (b, x);
+ }
+ #endif
+ #ifdef EVP_PKEY_DSA
+- if (k->type == EVP_PKEY_DSA)
++ if (EVP_PKEY_id(k) == EVP_PKEY_DSA)
+ {
+- DSA * x = k->pkey.dsa;
++ DSA * x = EVP_PKEY_get0_DSA(k);
+ i2d_DSA_PUBKEY_bio (b, x);
+ }
+ #endif
+@@ -7245,7 +7286,7 @@ err:
+ }
+
+ static caddr_t
+-BN2binbox (BIGNUM * x)
++BN2binbox (const BIGNUM * x)
+ {
+ size_t buf_len, n;
+ caddr_t buf;
+@@ -7280,8 +7321,14 @@ static caddr_t
+ xenc_rsa_pub_magic (RSA * x)
+ {
+ caddr_t ret;
+- caddr_t n = BN2binbox (x->n); /* modulus */
+- caddr_t e = BN2binbox (x->e); /* public exponent */
++ caddr_t n;
++ caddr_t e;
++ const BIGNUM *rsa_n, *rsa_e;
++
++ RSA_get0_key(x, &rsa_n, &rsa_e, NULL);
++ n = BN2binbox (rsa_n); /* modulus */
++ e = BN2binbox (rsa_e); /* public exponent */
++
+ n = xenc_encode_base64_binbox (n, 1);
+ e = xenc_encode_base64_binbox (e, 1);
+ ret = dk_alloc_box (box_length (n) + box_length (e) + 4 /* two dots - one trailing zero + RSA prefix */, DV_STRING);
+@@ -7306,9 +7353,9 @@ bif_xenc_pubkey_magic_export (caddr_t *
+ {
+ k = X509_get_pubkey (key->xek_x509);
+ #ifdef EVP_PKEY_RSA
+- if (k->type == EVP_PKEY_RSA)
++ if (EVP_PKEY_id(k) == EVP_PKEY_RSA)
+ {
+- RSA * x = k->pkey.rsa;
++ RSA * x = EVP_PKEY_get0_RSA(k);
+ ret = xenc_rsa_pub_magic (x);
+ }
+ #endif
+@@ -7349,10 +7396,16 @@ static caddr_t
+ xenc_rsa_pub_ssh_export (RSA * x)
+ {
+ static char * ssh_header = "\x00\x00\x00\x07ssh-rsa";
++ const BIGNUM *rsa_n, *rsa_e;
+ caddr_t ret;
+ int len, pos;
+- caddr_t n = BN2binbox (x->n); /* modulus */
+- caddr_t e = BN2binbox (x->e); /* public exponent */
++ caddr_t n;
++ caddr_t e;
++
++ RSA_get0_key(x, &rsa_n, &rsa_e, NULL);
++ n = BN2binbox (rsa_n); /* modulus */
++ e = BN2binbox (rsa_e); /* public exponent */
++
+ len = 11 + 8 + box_length (n) + box_length (e);
+ if (n[0] & 0x80)
+ len ++;
+@@ -7383,9 +7436,9 @@ bif_xenc_pubkey_ssh_export (caddr_t * qs
+ {
+ k = X509_get_pubkey (key->xek_x509);
+ #ifdef EVP_PKEY_RSA
+- if (k->type == EVP_PKEY_RSA)
++ if (EVP_PKEY_id(k) == EVP_PKEY_RSA)
+ {
+- RSA * x = k->pkey.rsa;
++ RSA * x = EVP_PKEY_get0_RSA(k);
+ ret = xenc_rsa_pub_ssh_export (x);
+ }
+ #endif
+@@ -7418,7 +7471,7 @@ bif_xenc_SPKI_read (caddr_t * qst, caddr
+ return NULL;
+ }
+ pk = NETSCAPE_SPKI_get_pubkey (spki);
+- if (!pk || pk->type != EVP_PKEY_RSA)
++ if (!pk || EVP_PKEY_id(pk) != EVP_PKEY_RSA)
+ {
+ NETSCAPE_SPKI_free (spki);
+ *err_ret = srv_make_new_error ("42000", "XECXX", "Can not retrieve RSA key");
+@@ -7595,14 +7648,14 @@ bif_xenc_x509_ca_certs_list (caddr_t * q
+ sec_check_dba ((QI*)qst, me);
+ in = BIO_new (BIO_s_mem ());
+ mutex_enter (xenc_keys_mtx);
+- certs = CA_certs->objs;
++ certs = X509_STORE_get0_objects(CA_certs);
+ len = sk_X509_OBJECT_num (certs);
+ for (i = 0; i < len; i++)
+ {
+ X509_OBJECT * obj = sk_X509_OBJECT_value (certs, i);
+- if (obj->type == X509_LU_X509)
++ if (X509_OBJECT_get_type(obj) == X509_LU_X509)
+ {
+- X509 *x = obj->data.x509;
++ X509 *x = X509_OBJECT_get0_X509(obj);
+ caddr_t itm;
+ int blen;
+ BIO_reset (in);
+--- a/libsrc/Wi/xmlenc.h
++++ b/libsrc/Wi/xmlenc.h
+@@ -38,6 +38,7 @@
+ #include <openssl/dsa.h>
+ #include <openssl/rsa.h>
+ #include <openssl/des.h>
++#include <openssl/hmac.h>
+
+ #ifdef AES_ENC_ENABLE
+ #include <openssl/aes.h>
+@@ -631,5 +632,183 @@ caddr_t * xml_find_any_child (caddr_t *
+
+ extern dk_mutex_t * xenc_keys_mtx;
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000
++
++static inline HMAC_CTX *HMAC_CTX_new(void)
++{
++ HMAC_CTX *p;
++
++ p = calloc(1, sizeof(HMAC_CTX));
++ if (!p)
++ return p;
++ HMAC_CTX_init(p);
++ return p;
++}
++
++static inline void HMAC_CTX_free(HMAC_CTX *ctx)
++{
++ HMAC_CTX_cleanup(ctx);
++ free(ctx);
++}
++
++static inline void RSA_get0_key(const RSA *r, const BIGNUM **n,
++ const BIGNUM **e, const BIGNUM **d)
++{
++ if (n != NULL)
++ *n = r->n;
++ if (e != NULL)
++ *e = r->e;
++ if (d != NULL)
++ *d = r->d;
++}
++
++static inline void RSA_get0_factors(const RSA *r, const BIGNUM **p,
++ const BIGNUM **q)
++{
++ if (p != NULL)
++ *p = r->p;
++ if (q != NULL)
++ *q = r->q;
++}
++
++static inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
++{
++ if (pkey->type != EVP_PKEY_RSA)
++ return NULL;
++ return pkey->pkey.rsa;
++}
++
++static inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key,
++ const BIGNUM **priv_key)
++{
++ if (pub_key != NULL)
++ *pub_key = dh->pub_key;
++ if (priv_key != NULL)
++ *priv_key = dh->priv_key;
++}
++
++
++static inline void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
++ const BIGNUM **g)
++{
++ if (p != NULL)
++ *p = dh->p;
++ if (q != NULL)
++ *q = dh->q;
++ if (g != NULL)
++ *g = dh->g;
++}
++
++static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
++{
++ if (pkey->type != EVP_PKEY_DSA)
++ return NULL;
++ return pkey->pkey.dsa;
++}
++
++static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++ /* If the fields p and g in d are NULL, the corresponding input
++ * parameters MUST be non-NULL. q may remain NULL.
++ */
++ if ((dh->p == NULL && p == NULL)
++ || (dh->g == NULL && g == NULL))
++ return 0;
++
++ if (p != NULL) {
++ BN_free(dh->p);
++ dh->p = p;
++ }
++ if (q != NULL) {
++ BN_free(dh->q);
++ dh->q = q;
++ }
++ if (g != NULL) {
++ BN_free(dh->g);
++ dh->g = g;
++ }
++
++ if (q != NULL) {
++ dh->length = BN_num_bits(q);
++ }
++
++ return 1;
++}
++
++static inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
++{
++ /* If the fields n and e in r are NULL, the corresponding input
++ * parameters MUST be non-NULL for n and e. d may be
++ * left NULL (in case only the public key is used).
++ */
++ if ((r->n == NULL && n == NULL)
++ || (r->e == NULL && e == NULL))
++ return 0;
++
++ if (n != NULL) {
++ BN_free(r->n);
++ r->n = n;
++ }
++ if (e != NULL) {
++ BN_free(r->e);
++ r->e = e;
++ }
++ if (d != NULL) {
++ BN_free(r->d);
++ r->d = d;
++ }
++
++ return 1;
++}
++
++static inline void DSA_get0_pqg(const DSA *d, const BIGNUM **p,
++ const BIGNUM **q, const BIGNUM **g)
++{
++ if (p != NULL)
++ *p = d->p;
++ if (q != NULL)
++ *q = d->q;
++ if (g != NULL)
++ *g = d->g;
++}
++
++static inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,
++ const BIGNUM **priv_key)
++{
++ if (pub_key != NULL)
++ *pub_key = d->pub_key;
++ if (priv_key != NULL)
++ *priv_key = d->priv_key;
++}
++
++static inline const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x)
++{
++ return x->cert_info->extensions;
++}
++
++static inline int X509_up_ref(X509 *x)
++{
++ return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++}
++
++static inline STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v)
++{
++ return v->objs;
++}
++
++static inline int X509_OBJECT_get_type(const X509_OBJECT *a)
++{
++ return a->type;
++}
++
++static inline X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
++{
++ if (a == NULL || a->type != X509_LU_X509)
++ return NULL;
++ return a->data.x509;
++}
++
++#endif
++
+ #endif
+
+--- a/libsrc/Wi/xmlenc_algos.c
++++ b/libsrc/Wi/xmlenc_algos.c
+@@ -1149,7 +1149,7 @@ int
+ dsig_hmac_sha256_digest (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t * sign_out)
+ {
+ unsigned char * data;
+- HMAC_CTX ctx;
++ HMAC_CTX *ctx;
+ unsigned char key_data[32 * 8];
+ unsigned char md [SHA256_DIGEST_LENGTH + 1];
+ unsigned char md64 [SHA256_DIGEST_LENGTH * 2 + 1];
+@@ -1182,7 +1182,9 @@ dsig_hmac_sha256_digest (dk_session_t *
+ default:
+ return 0;
+ }
+-
++ ctx = HMAC_CTX_new();
++ if (!ctx)
++ return 0;
+
+ data = (unsigned char *) dk_alloc_box (len, DV_C_STRING);
+ CATCH_READ_FAIL (ses_in)
+@@ -1192,14 +1194,15 @@ dsig_hmac_sha256_digest (dk_session_t *
+ FAILED
+ {
+ dk_free_box ((box_t) data);
++ HMAC_CTX_free(ctx);
+ return 0;
+ }
+ END_READ_FAIL (ses_in);
+
+- HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha256 ());
+- HMAC_Update(&ctx, data, len);
+- HMAC_Final(&ctx, md, &hmac_len);
+- HMAC_cleanup(&ctx);
++ HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha256 (), NULL);
++ HMAC_Update(ctx, data, len);
++ HMAC_Final(ctx, md, &hmac_len);
++ HMAC_CTX_free(ctx);
+
+ if (hmac_len != SHA256_DIGEST_LENGTH)
+ GPF_T;
+@@ -1220,7 +1223,7 @@ dsig_hmac_sha256_digest (dk_session_t *
+ int
+ dsig_hmac_sha256_verify (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t digest)
+ {
+- HMAC_CTX ctx;
++ HMAC_CTX *ctx;
+ unsigned char * data;
+ unsigned char key_data[3 * 8];
+ unsigned char md [SHA256_DIGEST_LENGTH + 1];
+@@ -1249,6 +1252,9 @@ dsig_hmac_sha256_verify (dk_session_t *
+ return 0;
+ }
+
++ ctx = HMAC_CTX_new();
++ if (!ctx)
++ return 0;
+
+ data = (unsigned char *) dk_alloc_box (len, DV_C_STRING);
+ CATCH_READ_FAIL (ses_in)
+@@ -1258,14 +1264,15 @@ dsig_hmac_sha256_verify (dk_session_t *
+ FAILED
+ {
+ dk_free_box ((box_t) data);
++ HMAC_CTX_free(ctx);
+ return 0;
+ }
+ END_READ_FAIL (ses_in);
+
+- HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha256 ());
+- HMAC_Update(&ctx, data, len);
+- HMAC_Final(&ctx, md, &hmac_len);
+- HMAC_cleanup(&ctx);
++ HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha256 (), NULL);
++ HMAC_Update(ctx, data, len);
++ HMAC_Final(ctx, md, &hmac_len);
++ HMAC_CTX_free(ctx);
+ dk_free_box ((box_t) data);
+
+ len1 = xenc_encode_base64 ((char *)md, md64, hmac_len);
+@@ -1586,7 +1593,7 @@ int
+ dsig_hmac_sha1_digest (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t * sign_out)
+ {
+ unsigned char * data;
+- HMAC_CTX ctx;
++ HMAC_CTX *ctx;
+ unsigned char key_data[32 * 8];
+ unsigned char md [SHA_DIGEST_LENGTH + 1];
+ unsigned char md64 [SHA_DIGEST_LENGTH * 2 + 1];
+@@ -1620,6 +1627,9 @@ dsig_hmac_sha1_digest (dk_session_t * se
+ return 0;
+ }
+
++ ctx = HMAC_CTX_new();
++ if (!ctx)
++ return 0;
+
+ data = (unsigned char *) dk_alloc_box (len, DV_C_STRING);
+ CATCH_READ_FAIL (ses_in)
+@@ -1629,14 +1639,15 @@ dsig_hmac_sha1_digest (dk_session_t * se
+ FAILED
+ {
+ dk_free_box ((box_t) data);
++ HMAC_CTX_free(ctx);
+ return 0;
+ }
+ END_READ_FAIL (ses_in);
+
+- HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha1 ());
+- HMAC_Update(&ctx, data, len);
+- HMAC_Final(&ctx, md, &hmac_len);
+- HMAC_cleanup(&ctx);
++ HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha1 (), NULL);
++ HMAC_Update(ctx, data, len);
++ HMAC_Final(ctx, md, &hmac_len);
++ HMAC_CTX_free(ctx);
+
+ if (hmac_len != SHA_DIGEST_LENGTH)
+ GPF_T;
+@@ -1657,7 +1668,7 @@ dsig_hmac_sha1_digest (dk_session_t * se
+ int
+ dsig_hmac_sha1_verify (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t digest)
+ {
+- HMAC_CTX ctx;
++ HMAC_CTX *ctx;
+ unsigned char * data;
+ unsigned char key_data[3 * 8];
+ unsigned char md [SHA_DIGEST_LENGTH + 1];
+@@ -1686,6 +1697,9 @@ dsig_hmac_sha1_verify (dk_session_t * se
+ return 0;
+ }
+
++ ctx = HMAC_CTX_new();
++ if (!ctx)
++ return 0;
+
+ data = (unsigned char *) dk_alloc_box (len, DV_C_STRING);
+ CATCH_READ_FAIL (ses_in)
+@@ -1695,14 +1709,15 @@ dsig_hmac_sha1_verify (dk_session_t * se
+ FAILED
+ {
+ dk_free_box ((box_t) data);
++ HMAC_CTX_free(ctx);
+ return 0;
+ }
+ END_READ_FAIL (ses_in);
+
+- HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha1 ());
+- HMAC_Update(&ctx, data, len);
+- HMAC_Final(&ctx, md, &hmac_len);
+- HMAC_cleanup(&ctx);
++ HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha1 (), NULL);
++ HMAC_Update(ctx, data, len);
++ HMAC_Final(ctx, md, &hmac_len);
++ HMAC_CTX_free(ctx);
+ dk_free_box ((box_t) data);
+
+ len1 = xenc_encode_base64 ((char *)md, md64, hmac_len);
+@@ -1763,7 +1778,7 @@ int xenc_aes_encryptor (dk_session_t * s
+ caddr_t outbuf_beg;
+ int len;
+ caddr_t encoded_out;
+- EVP_CIPHER_CTX ctx;
++ EVP_CIPHER_CTX *ctx;
+ unsigned char * ivec = &key->ki.aes.iv[0];
+
+ CATCH_READ_FAIL (ses_in)
+@@ -1778,7 +1793,7 @@ int xenc_aes_encryptor (dk_session_t * s
+ END_READ_FAIL (ses_in);
+
+ #if 1
+- EVP_CIPHER_CTX_init(&ctx);
++ ctx = EVP_CIPHER_CTX_new();
+ outbuf_beg = dk_alloc_box (box_length (text) + 16, DV_BIN);
+ memcpy (outbuf_beg, ivec, 16);
+ outbuf = outbuf_beg + 16;
+@@ -1786,20 +1801,19 @@ int xenc_aes_encryptor (dk_session_t * s
+ switch (key->ki.aes.bits)
+ {
+ case 128:
+- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->ki.aes.k, ivec);
++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key->ki.aes.k, ivec);
+ break;
+ case 192:
+- EVP_EncryptInit_ex(&ctx, EVP_aes_192_cbc(), NULL, key->ki.aes.k, ivec);
++ EVP_EncryptInit_ex(ctx, EVP_aes_192_cbc(), NULL, key->ki.aes.k, ivec);
+ break;
+ case 256:
+- EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->ki.aes.k, ivec);
++ EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ki.aes.k, ivec);
+ break;
+ default:
+ GPF_T1 ("Unsupported key size");
+ }
+- if(!EVP_EncryptUpdate(&ctx, (unsigned char *)outbuf, &outlen, (unsigned char *)text, box_length (text)))
++ if(!EVP_EncryptUpdate(ctx, (unsigned char *)outbuf, &outlen, (unsigned char *)text, box_length (text)))
+ {
+- EVP_CIPHER_CTX_cleanup(&ctx);
+ dk_free_box (text);
+ dk_free_box (outbuf_beg);
+ xenc_report_error (t, 500, XENC_ENC_ERR, "AES encryption internal error #2");
+@@ -1812,7 +1826,7 @@ int xenc_aes_encryptor (dk_session_t * s
+ xenc_report_error (t, 500, XENC_ENC_ERR, "AES encryption internal error #3");
+ } */
+ /* outlen += tmplen; */
+- EVP_CIPHER_CTX_cleanup(&ctx);
++ EVP_CIPHER_CTX_free(ctx);
+
+ #else
+ outbuf_beg = dk_alloc_box (box_length (text) + 16 /* iv */, DV_BIN);
+@@ -2050,6 +2064,7 @@ xenc_rsa_decryptor (dk_session_t * ses_i
+ int len = 0;
+ int keysize;
+ RSA * rsa = key->xek_private_rsa;
++ const BIGNUM *p, *q;
+
+ if (!seslen)
+ {
+@@ -2062,9 +2077,9 @@ xenc_rsa_decryptor (dk_session_t * ses_i
+ xenc_report_error (t, 500 + strlen (key->xek_name), XENC_ENC_ERR, "could not make RSA decryption [key %s is not RSA]", key->xek_name);
+ return 0;
+ }
++ RSA_get0_factors(rsa, &p, &q);
+ if (!rsa ||
+- !rsa->p ||
+- !rsa->q)
++ !p || !q)
+ {
+ if (key->xek_x509_KI)
+ key = xenc_get_key_by_keyidentifier (key->xek_x509_KI, 1);
+--- a/libsrc/util/sslengine.c
++++ b/libsrc/util/sslengine.c
+@@ -29,7 +29,11 @@
+ int
+ ssl_engine_startup (void)
+ {
+- CRYPTO_malloc_init ();
++#if OPENSSL_VERSION_NUMBER < 0x10100000
++ CRYPTO_malloc_init ();
++#else
++ OPENSSL_malloc_init();
++#endif
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+
+--- a/libsrc/Wi/http.c
++++ b/libsrc/Wi/http.c
+@@ -8886,7 +8886,7 @@ ssl_server_set_certificate (SSL_CTX* ssl
+ log_error ("SSL: The stored certificate '%s' can not be used as extra chain certificate", tok);
+ break;
+ }
+- CRYPTO_add(&k->xek_x509->references, 1, CRYPTO_LOCK_X509);
++ X509_up_ref(k->xek_x509);
+ tok = strtok_r (NULL, ",", &tok_s);
+ }
+ dk_free_box (str);
+@@ -9949,7 +9949,7 @@ bif_https_renegotiate (caddr_t *qst, cad
+ cli_ssl_get_error_string (err_buf, sizeof (err_buf));
+ sqlr_new_error ("42000", "..002", "SSL_do_handshake failed %s", err_buf);
+ }
+- ssl->state = SSL_ST_ACCEPT;
++ SSL_set_accept_state(ssl);
+ while (SSL_renegotiate_pending (ssl) && ctr < 1000)
+ {
+ timeout_t to = { 0, 1000 };
+--- a/libsrc/Dk/Dkernel.c
++++ b/libsrc/Dk/Dkernel.c
+@@ -5280,7 +5280,11 @@ ssl_server_init ()
+ }
+ #endif
+
+- SSLeay_add_all_algorithms ();
++#if OPENSSL_VERSION_NUMBER < 0x10100000
++ SSLeay_add_all_algorithms();
++#else
++ OpenSSL_add_all_algorithms();
++#endif
+ PKCS12_PBE_add (); /* stub */
+
+ #ifdef NO_THREAD
+--- a/configure.ac
++++ b/configure.ac
+@@ -881,17 +881,6 @@ AC_TRY_COMPILE([
+ ])
+
+ AC_MSG_CHECKING([OpenSSL version])
+-AC_TRY_COMPILE([
+-#include <openssl/opensslv.h>
+-],[
+-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
+-#error OpenSSL version too new
+-#endif
+- ],[
+- AC_MSG_RESULT([< 1.1.0])
+- ],[
+- AC_MSG_ERROR([OpenSSL version 1.1.0 or greater is currently not supported.])
+- ])
+
+ AC_MSG_CHECKING([usability of the OpenSSL header files and library in ${openssl_dir}])
+ AC_TRY_RUN([
+--- virtuoso-opensource-7.2.5/libsrc/Dk/Dkernel.c~ 2018-09-15 23:47:58.000000000 +0200
++++ virtuoso-opensource-7.2.5/libsrc/Dk/Dkernel.c 2018-09-15 23:52:13.471232310 +0200
+@@ -5149,9 +5149,12 @@ ssl_ctx_set_protocol_options(SSL_CTX *ct
+ disable = 1;
+ }
+
++#if defined (SSL_OP_NO_SSLv3)
+ if (!strcasecmp (name, "SSLv3"))
+ opt = SSL_PROTOCOL_SSLV3;
+- else if (!strcasecmp (name, "TLSv1") || !strcasecmp (name, "TLSv1.0"))
++ else
++#endif
++ if (!strcasecmp (name, "TLSv1") || !strcasecmp (name, "TLSv1.0"))
+ opt = SSL_PROTOCOL_TLSV1;
+ #if defined (SSL_OP_NO_TLSv1_1)
+ else if (!strcasecmp (name, "TLSv1_1") || !strcasecmp (name, "TLSv1.1"))
+--- virtuoso-opensource-7.2.5/libsrc/Dk/Dkernel.c~ 2018-09-15 23:52:48.000000000 +0200
++++ virtuoso-opensource-7.2.5/libsrc/Dk/Dkernel.c 2018-09-15 23:58:57.068780828 +0200
+@@ -5087,6 +5087,7 @@ ssl_thread_setup ()
+ #define SSL_PROTOCOL_TLSV1 (1<<2)
+ #define SSL_PROTOCOL_TLSV1_1 (1<<3)
+ #define SSL_PROTOCOL_TLSV1_2 (1<<4)
++#define SSL_PROTOCOL_TLSV1_3 (1<<5)
+
+ #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
+ #define SSL_PROTOCOL_ALL (SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
+--- virtuoso-opensource-7.2.5/libsrc/Wi/xmlenc.c~ 2018-09-16 00:08:33.000000000 +0200
++++ virtuoso-opensource-7.2.5/libsrc/Wi/xmlenc.c 2018-09-16 00:20:07.956376505 +0200
+@@ -7073,19 +7073,21 @@ bif_xenc_pkcs12_export (caddr_t * qst, c
+ if (export_chain)
+ {
+ int i;
+- X509_STORE_CTX store_ctx;
+- X509_STORE_CTX_init (&store_ctx, CA_certs, x, NULL);
+- if (X509_verify_cert (&store_ctx) > 0)
+- chain = X509_STORE_CTX_get1_chain (&store_ctx);
++ X509_STORE_CTX *store_ctx;
++ store_ctx = EVP_MD_CTX_create();
++ if (!X509_STORE_CTX_init (store_ctx, CA_certs, x, NULL))
++ goto err;
++ if (X509_verify_cert (store_ctx) > 0)
++ chain = X509_STORE_CTX_get1_chain (store_ctx);
+ else
+ {
+ const char *err_str;
+- err_str = X509_verify_cert_error_string (store_ctx.error);
++ err_str = X509_verify_cert_error_string (X509_STORE_CTX_get_error(store_ctx));
+ *err_ret = srv_make_new_error ("22023", "XENCX", "X509 error: %s", err_str);
+- X509_STORE_CTX_cleanup (&store_ctx);
++ X509_STORE_CTX_free (store_ctx);
+ goto err;
+ }
+- X509_STORE_CTX_cleanup (&store_ctx);
++ X509_STORE_CTX_free (store_ctx);
+ if (chain)
+ {
+ certs = sk_X509_new_null ();
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/virtuoso.git/commitdiff/cbc7284ee1cf3dfc205893a3f3fbf9b99f30572b
More information about the pld-cvs-commit
mailing list