Modifications to libretroshare to enable a

build against a standard OpenSSL library... Still lots to do (implement AuthSSL), compiles all but final gui. use USE_XPGP flag in build script to control it. git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@796 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2024-10-01 02:35:48 -04:00 · 2008-11-09 16:52:14 +00:00 · 2008-11-09 16:52:14 +00:00 · 1e33267951
commit 1e33267951
parent f810a0f58f
10 changed files with 306 additions and 36 deletions
--- a/libretroshare/src/pqi/Makefile
+++ b/libretroshare/src/pqi/Makefile
@ -14,14 +14,7 @@ LOOP_OBJ = pqiloopback.o
 STREAM_OBJ = pqistreamer.o pqiarchive.o pqibin.o
 MGR_OBJ = pqimonitor.o p3dhtmgr.o p3connmgr.o p3cfgmgr.o p3authmgr.o
 GRP_OBJ = pqiperson.o pqihandler.o pqiservice.o pqipersongrp.o  
-
-ifdef PQI_USE_XPGP
-	SSL_OBJ = authxpgp.o cleanupxpgp.o  
-else
-	SSL_OBJ  = sslcert.o  
-endif
-
-SSL_OBJ  += pqissl.o pqissllistener.o pqisslpersongrp.o
+SSL_OBJ  = pqissl.o pqissllistener.o pqisslpersongrp.o
 UDP_OBJ  = pqissludp.o

 OTHER_OBJ = p3notify.o
@ -34,12 +27,20 @@ RSOBJ = $(BASE_OBJ) $(LOOP_OBJ) \
 	$(GRP_OBJ) \
 	$(OTHER_OBJ)

-TESTOBJ  = xpgp_id.o net_test.o dht_test.o net_test1.o
+TESTOBJ  = net_test.o dht_test.o net_test1.o
 #conn_test.o

-TESTS  = xpgp_id net_test dht_test net_test1
+TESTS  = net_test dht_test net_test1
 #conn_test

+ifdef PQI_USE_XPGP
+	SSL_OBJ += authxpgp.o cleanupxpgp.o  
+	TESTOBJ += xpgp_id.o
+	TESTS   += xpgp_id
+else
+	#SSL_OBJ  = sslcert.o  
+endif
+

 all: librs tests

--- a/libretroshare/src/pqi/authssl.h
+++ b/libretroshare/src/pqi/authssl.h
@ -0,0 +1,176 @@
+/*
+ * libretroshare/src/pqi: authssl.h
+ *
+ * 3P/PQI network interface for RetroShare.
+ *
+ * Copyright 2004-2008 by Robert Fernie.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License Version 2 as published by the Free Software Foundation.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ * USA.
+ *
+ * Please report all bugs and problems to "retroshare@lunamutt.com".
+ *
+ */
+
+#ifndef MRK_AUTH_SSL_HEADER
+#define MRK_AUTH_SSL_HEADER
+
+/* This is a dummy auth header.... to 
+ * work with the standard OpenSSL as opposed to the patched version.
+ *
+ * It is expected to be replaced by authpgp shortly.
+ * (or provide the base OpenSSL iteraction for authpgp).
+ *
+ */
+
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+
+#include <string>
+#include <map>
+
+#include "util/rsthreads.h"
+
+#include "pqi/pqi_base.h"
+#include "pqi/pqinetwork.h"
+#include "pqi/p3authmgr.h"
+
+class AuthXPGP;
+
+class AuthSSL: public p3AuthMgr
+{
+	public:
+
+	/* Initialisation Functions (Unique) */
+	AuthSSL();
+virtual bool	active();
+virtual int	InitAuth(const char *srvr_cert, const char *priv_key, 
+					const char *passwd);
+virtual bool	CloseAuth();
+virtual int     setConfigDirectories(std::string confFile, std::string neighDir);
+
+	/*********** Overloaded Functions from p3AuthMgr **********/
+	
+	/* get Certificate Ids */
+	
+virtual	std::string OwnId();
+virtual bool    getAllList(std::list<std::string> &ids);
+virtual bool    getAuthenticatedList(std::list<std::string> &ids);
+virtual bool    getUnknownList(std::list<std::string> &ids);
+	
+	/* get Details from the Certificates */
+	
+virtual bool    isValid(std::string id);
+virtual bool    isAuthenticated(std::string id);
+virtual	std::string getName(std::string id);
+virtual bool    getDetails(std::string id, pqiAuthDetails &details);
+	
+	/* High Level Load/Save Configuration */
+virtual bool FinalSaveCertificates();
+virtual bool CheckSaveCertificates();
+virtual bool saveCertificates();
+virtual bool loadCertificates();
+
+	/* Load/Save certificates */
+virtual bool LoadCertificateFromString(std::string pem, std::string &id);
+virtual	std::string SaveCertificateToString(std::string id);
+virtual bool LoadCertificateFromFile(std::string filename, std::string &id);
+virtual bool SaveCertificateToFile(std::string id, std::string filename);
+
+virtual bool LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id);	
+virtual	bool SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len);
+	
+	/* Signatures */
+
+virtual bool AuthCertificate(std::string uid);
+virtual bool SignCertificate(std::string id);
+virtual bool RevokeCertificate(std::string id);
+virtual bool TrustCertificate(std::string id, bool trust);
+	
+	/* Sign / Encrypt / Verify Data (TODO) */
+virtual bool 	SignData(std::string input, std::string &sign);
+virtual bool 	SignData(const void *data, const uint32_t len, std::string &sign);
+
+	/*********** Overloaded Functions from p3AuthMgr **********/
+
+	public: /* SSL specific functions used in pqissl/pqissllistener */
+SSL_CTX *getCTX();
+
+bool 	ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id */
+bool 	FailedCertificate(X509 *x509, bool incoming);     /* store for discovery */
+bool 	CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
+
+	/* Special Config Loading (backwards compatibility) */
+bool  	loadCertificates(bool &oldFormat, std::map<std::string, std::string> &keyValueMap);
+
+#if 0
+	private:
+
+	/* Helper Functions */
+
+bool 	ProcessXPGP(XPGP *xpgp, std::string &id);
+
+XPGP *	loadXPGPFromPEM(std::string pem);
+XPGP *	loadXPGPFromFile(std::string fname, std::string hash);
+bool    saveXPGPToFile(XPGP *xpgp, std::string fname, std::string &hash);
+
+XPGP *	loadXPGPFromDER(const uint8_t *ptr, uint32_t len);
+bool 	saveXPGPToDER(XPGP *xpgp, uint8_t **ptr, uint32_t *len);
+
+	/*********** LOCKED Functions ******/
+bool 	locked_FindCert(std::string id, xpgpcert **cert);
+
+
+	/* Data */
+	RsMutex xpgpMtx;  /**** LOCKING */
+
+	int init;
+	std::string mCertConfigFile;
+	std::string mNeighDir;
+
+	SSL_CTX *sslctx;
+	XPGP_KEYRING *pgp_keyring;
+
+	std::string mOwnId;
+	xpgpcert *mOwnCert;
+	EVP_PKEY *pkey;
+
+	bool mToSaveCerts;
+	bool mConfigSaveActive;
+	std::map<std::string, xpgpcert *> mCerts;
+#endif
+
+};
+
+/* Helper Functions */
+int printSSLError(SSL *ssl, int retval, int err, unsigned long err2, std::ostream &out);
+std::string getX509NameString(X509_NAME *name);
+std::string getX509CNString(X509_NAME *name);
+
+std::string getX509OrgString(X509_NAME *name);
+std::string getX509LocString(X509_NAME *name);
+std::string getX509CountryString(X509_NAME *name);
+
+#if 0
+std::list<std::string> getXPGPsigners(XPGP *cert);
+std::string getXPGPInfo(XPGP *cert);
+std::string getXPGPAuthCode(XPGP *xpgp);
+
+int     LoadCheckXPGPandGetName(const char *cert_file, 
+			std::string &userName, std::string &userId);
+bool 	getXPGPid(XPGP *xpgp, std::string &xpgpid);
+#endif
+
+
+#endif // MRK_SSL_XPGP_CERT_HEADER
--- a/libretroshare/src/pqi/pqissl.cc
+++ b/libretroshare/src/pqi/pqissl.cc
@ -104,7 +104,7 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent, p3AuthMgr *am, p3ConnectM
 	mAuthMgr((AuthXPGP *) am), mConnMgr(cm)
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
-	mAuthMgr(am), mConnMgr(cm)
+	mAuthMgr((AuthSSL *) am), mConnMgr(cm)
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

@ -1075,6 +1075,7 @@ int 	pqissl::Extract_Failed_SSL_Certificate()
 	mAuthMgr->FailedCertificateXPGP(peercert, false);
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
+	mAuthMgr->FailedCertificate(peercert, false);
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

@ -1111,7 +1112,7 @@ int 	pqissl::Authorise_SSL_Connection()
 	waiting = WAITING_NOT;

 	// Get the Peer Certificate....
-	AuthXPGP *authXPGP = (AuthXPGP *) getAuthMgr();
+	//AuthXPGP *authXPGP = (AuthXPGP *) getAuthMgr();

 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
@ -1147,7 +1148,7 @@ int 	pqissl::Authorise_SSL_Connection()
 	certCorrect = mAuthMgr->CheckCertificateXPGP(PeerId(), peercert);
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
-
+	certCorrect = mAuthMgr->CheckCertificate(PeerId(), peercert);
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

--- a/libretroshare/src/pqi/pqissl.h
+++ b/libretroshare/src/pqi/pqissl.h
@ -45,6 +45,7 @@
 #include "pqi/authxpgp.h"
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
+#include "pqi/authssl.h"
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

@ -208,6 +209,10 @@ virtual int net_internal_fcntl_nonblock(int fd) { return unix_fcntl_nonblock(fd)

 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
+
+	//p3AuthMgr *mAuthMgr;
+	AuthSSL *mAuthMgr;
+
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

--- a/libretroshare/src/pqi/pqissllistener.cc
+++ b/libretroshare/src/pqi/pqissllistener.cc
@ -55,7 +55,7 @@ pqissllistenbase::pqissllistenbase(struct sockaddr_in addr, p3AuthMgr *am, p3Con
 	mAuthMgr((AuthXPGP *) am), mConnMgr(cm)
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
-	mAuthMgr(am), mConnMgr(cm)
+	mAuthMgr((AuthSSL *) am), mConnMgr(cm)
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

@ -455,7 +455,7 @@ int 	pqissllistenbase::Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_
 	mAuthMgr->FailedCertificateXPGP(peercert, true);
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
-	sslccr -> registerCertificate(peercert, *inaddr, true);
+	mAuthMgr->FailedCertificate(peercert, true);
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

@ -616,7 +616,7 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem
 	bool certOk = mAuthMgr->ValidateCertificateXPGP(peercert, newPeerId);
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
-	cert *npc = sslccr -> registerCertificate(peercert, remote_addr, true);
+	bool certOk = mAuthMgr->ValidateCertificate(peercert, newPeerId);
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

@ -631,7 +631,15 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem

 		// bad - shutdown.
 		// pqissllistenbase will shutdown!
+/**************** PQI_USE_XPGP ******************/
+#if defined(PQI_USE_XPGP)
 		XPGP_free(peercert);
+#else /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+		X509_free(peercert);
+#endif /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+
 		return -1;
 	}
 	else
@ -666,12 +674,28 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem
 		out << std::endl;
 		out << "pqissllistenbase: Will shut it down!" << std::endl;
  	        pqioutput(PQL_WARNING, pqissllistenzone, out.str());
+/**************** PQI_USE_XPGP ******************/
+#if defined(PQI_USE_XPGP)
 		XPGP_free(peercert);
+#else /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+		X509_free(peercert);
+#endif /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+
 		return -1;
 	}

 	/* Certificate consumed! */
+/**************** PQI_USE_XPGP ******************/
+#if defined(PQI_USE_XPGP)
 	bool certKnown = mAuthMgr->CheckCertificateXPGP(it->first, peercert);
+#else /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+	bool certKnown = mAuthMgr->CheckCertificate(it->first, peercert);
+#endif /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+
 	if (certKnown == false)
 	{
 		std::ostringstream out;
--- a/libretroshare/src/pqi/pqissllistener.h
+++ b/libretroshare/src/pqi/pqissllistener.h
@ -44,7 +44,7 @@
 #include "pqi/authxpgp.h"
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
-//#include "pqi/sslcert.h"
+#include "pqi/authssl.h"
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

@ -103,7 +103,8 @@ int     Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_in *inaddr);
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

-	p3AuthMgr *mAuthMgr;
+	AuthSSL *mAuthMgr;
+	//p3AuthMgr *mAuthMgr;

 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
--- a/libretroshare/src/rsserver/p3face-startup.cc
+++ b/libretroshare/src/rsserver/p3face-startup.cc
@ -96,7 +96,7 @@ RsFiles *rsFiles = NULL;
 	#include "pqi/authxpgp.h"
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
-
+	#include "pqi/authssl.h"
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

@ -436,6 +436,10 @@ int InitRetroShare(int argcIgnored, char **argvIgnored, RsInit *config)
 	std::string userName;
 	std::string userId;
 	bool existingUser = false;
+
+	/* do a null init to allow the SSL libray to startup! */
+/**************** PQI_USE_XPGP ******************/
+#if defined(PQI_USE_XPGP)
 	if (LoadCheckXPGPandGetName(config->load_cert.c_str(), userName, userId))
 	{
 		std::cerr << "Existing Name: " << userName << std::endl;
@ -446,6 +450,17 @@ int InitRetroShare(int argcIgnored, char **argvIgnored, RsInit *config)
 	{
 		std::cerr << "No Existing User" << std::endl;
 	}
+#else /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+
+	/* here we need to decide if existing user is okay....
+	 * obviously - it can't be until we have functions
+	 * to do it!
+	 */
+
+#endif /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+

 	/* do a null init to allow the SSL libray to startup! */
 /**************** PQI_USE_XPGP ******************/
@ -454,7 +469,7 @@ int InitRetroShare(int argcIgnored, char **argvIgnored, RsInit *config)
 	getAuthMgr() -> InitAuth(NULL, NULL, NULL);
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
-	getAuthMgr() -> InitAuth(NULL, NULL, NULL, NULL);
+	getAuthMgr() -> InitAuth(NULL, NULL, NULL);
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

@ -494,7 +509,7 @@ int RsServer::StartupRetroShare(RsInit *config)
 	if (1 != mAuthMgr -> InitAuth(NULL, NULL, NULL))
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
-	if (1 != mAuthMgr -> InitAuth(NULL, NULL, NULL, NULL))
+	if (1 != mAuthMgr -> InitAuth(NULL, NULL, NULL))
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	{
@ -549,7 +564,15 @@ int RsServer::StartupRetroShare(RsInit *config)
 	std::map<std::string, std::string> oldConfigMap;

 	mAuthMgr -> setConfigDirectories(certConfigFile, certNeighDir);
+
+/**************** PQI_USE_XPGP ******************/
+#if defined(PQI_USE_XPGP)
 	((AuthXPGP *) mAuthMgr) -> loadCertificates(oldFormat, oldConfigMap);
+#else /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+	mAuthMgr -> loadCertificates();
+#endif /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/


 	/**************************************************************************/
@ -727,6 +750,13 @@ int RsServer::StartupRetroShare(RsInit *config)
 	/* Hack Old Configuration into new System (first load only) */
 	/**************************************************************************/

+/**************** PQI_USE_XPGP ******************/
+#if defined(PQI_USE_XPGP)
+#else /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+#endif /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+
 	if (oldFormat)
 	{
 		std::cerr << "Startup() Loaded Old Certificate Format" << std::endl;
@ -911,10 +941,13 @@ int LoadCertificates(RsInit *config, bool autoLoginNT)
 				config->passwd.c_str()))
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
+	/* The SSL + PGP version will require
+	 *  Id of pgp account + password
+	 * padding with NULLs
+	 */
+
 	if (0 < authMgr -> InitAuth(config->load_cert.c_str(),
-				config->load_key.c_str(),
-				ca_loc.c_str(),
-				config->passwd.c_str()))
+				NULL, config->passwd.c_str()))
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/

@ -953,7 +986,15 @@ bool ValidateCertificate(RsInit *config, std::string &userName)
 	std::string userId;
 	if (fname != "")
 	{
+/**************** PQI_USE_XPGP ******************/
+#if defined(PQI_USE_XPGP)
 		return LoadCheckXPGPandGetName(fname.c_str(), userName, userId);
+#else /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+		/* check against authmanagers private keys */
+#endif /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+
 	}
 	return false;
 }
@ -961,7 +1002,15 @@ bool ValidateCertificate(RsInit *config, std::string &userName)
 bool ValidateTrustedUser(RsInit *config, std::string fname, std::string &userName)
 {
 	std::string userId;
-	bool valid = LoadCheckXPGPandGetName(fname.c_str(), userName, userId);
+	bool valid = false;
+/**************** PQI_USE_XPGP ******************/
+#if defined(PQI_USE_XPGP)
+	valid = LoadCheckXPGPandGetName(fname.c_str(), userName, userId);
+#else /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+#endif /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+
 	if (valid)
 	{
 		config -> load_trustedpeer = true;
@ -1038,6 +1087,11 @@ bool RsGenerateCertificate(RsInit *config,
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	/* UNTIL THIS IS FILLED IN CANNOT GENERATE X509 REQ */
+	/* What should happen here - is a new openpgp certificate
+	 * is created, with a retroshare subkey, 
+	 * this is then used to generate a self-signed certificate 
+	 */
+	//mAuthMgr->createUser( );
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	{
--- a/libretroshare/src/rsserver/p3peers.cc
+++ b/libretroshare/src/rsserver/p3peers.cc
@ -758,17 +758,11 @@ std::ostream &operator<<(std::ostream &out, const RsPeerDetails &detail)

 /********** TRANSLATION ****/

-/**************** PQI_USE_XPGP ******************/
-#if defined(PQI_USE_XPGP)
-        #include "pqi/authxpgp.h"
-#else /* X509 Certificates */
-/**************** PQI_USE_XPGP ******************/
-
-#endif /* X509 Certificates */
-/**************** PQI_USE_XPGP ******************/

 uint32_t RsPeerTranslateTrust(uint32_t trustLvl)
 {
+/**************** PQI_USE_XPGP ******************/
+#if defined(PQI_USE_XPGP)
 	switch(trustLvl)
 	{
 		case TRUST_SIGN_OWN:
@ -788,6 +782,11 @@ uint32_t RsPeerTranslateTrust(uint32_t trustLvl)
 			return RS_TRUST_LVL_UNKNOWN;
 			break;
 	}
+#else /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+#endif /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+
 	return RS_TRUST_LVL_UNKNOWN;
 }

--- a/libretroshare/src/scripts/config-macosx.mk
+++ b/libretroshare/src/scripts/config-macosx.mk
@ -27,7 +27,7 @@ ifndef MAC_I386_BUILD
 endif

 # flags for components....
-PQI_USE_XPGP = 1
+#PQI_USE_XPGP = 1
 #PQI_USE_PROXY = 1
 #PQI_USE_CHANNELS = 1
 #USE_FILELOOK = 1
--- a/libretroshare/src/services/forum_test.cc
+++ b/libretroshare/src/services/forum_test.cc
@ -13,12 +13,21 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include <openssl/xPGP.h>
+
+
+/**************** PQI_USE_XPGP ******************/
+#if defined(PQI_USE_XPGP)
+	#include <openssl/xPGP.h>
+#else /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+
+#endif /* X509 Certificates */
+/**************** PQI_USE_XPGP ******************/
+
 #include <openssl/ssl.h>

 #include <openssl/err.h>
 #include <openssl/rand.h>
-#include <openssl/fips.h>

 static BIO *bio_err=NULL;