mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-01-26 23:36:59 -05:00
Merge pull request #1768 from csoler/v0.6-SSL111Fix
fixed OpenSSL 1.1.1 bug on debian due to security level being set to …
This commit is contained in:
commit
9c65836503
@ -422,6 +422,7 @@ int AuthSSLimpl::InitAuth(
|
|||||||
|
|
||||||
// get xPGP certificate.
|
// get xPGP certificate.
|
||||||
X509 *x509 = PEM_read_X509(ownfp, NULL, NULL, NULL);
|
X509 *x509 = PEM_read_X509(ownfp, NULL, NULL, NULL);
|
||||||
|
|
||||||
fclose(ownfp);
|
fclose(ownfp);
|
||||||
|
|
||||||
if (x509 == NULL)
|
if (x509 == NULL)
|
||||||
@ -430,8 +431,38 @@ int AuthSSLimpl::InitAuth(
|
|||||||
std::cerr << std::endl;
|
std::cerr << std::endl;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
SSL_CTX_use_certificate(sslctx, x509);
|
|
||||||
mOwnPublicKey = X509_get_pubkey(x509);
|
int result = SSL_CTX_use_certificate(sslctx, x509);
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
||||||
|
if(result != 1)
|
||||||
|
{
|
||||||
|
// In debian Buster, openssl security level is set to 2 which preclude the use of SHA1, originally used to sign RS certificates.
|
||||||
|
// As a consequence, on these systems, locations created with RS previously to Jan.2020 will not start unless we revert the
|
||||||
|
// security level to a value of 1.
|
||||||
|
|
||||||
|
int save_sec = SSL_CTX_get_security_level(sslctx);
|
||||||
|
SSL_CTX_set_security_level(sslctx,1);
|
||||||
|
result = SSL_CTX_use_certificate(sslctx, x509);
|
||||||
|
|
||||||
|
if(result == 1)
|
||||||
|
{
|
||||||
|
std::cerr << std::endl;
|
||||||
|
std::cerr << " Your Retroshare certificate uses low security settings that are incompatible " << std::endl;
|
||||||
|
std::cerr << "(WW) with current security level " << save_sec << " of the OpenSSL library. Retroshare will still start " << std::endl;
|
||||||
|
std::cerr << " (with security level set to 1), but you should probably create a new location." << std::endl;
|
||||||
|
std::cerr << std::endl;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if(result != 1)
|
||||||
|
{
|
||||||
|
std::cerr << "(EE) Cannot use your Retroshare certificate. Some error occured in SSL_CTX_use_certificate()" << std::endl;
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
mOwnPublicKey = X509_get_pubkey(x509);
|
||||||
|
|
||||||
// get private key
|
// get private key
|
||||||
FILE *pkfp = RsDirUtil::rs_fopen(priv_key_file, "rb");
|
FILE *pkfp = RsDirUtil::rs_fopen(priv_key_file, "rb");
|
||||||
|
Loading…
x
Reference in New Issue
Block a user