generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-23 00:07:59 +02:00
Code Issues Projects Releases Wiki Activity

Basic support for OpenSSL 3.0.0 (#3448)

Browse Source 
* updated README.md

* Create close-inactive-issues.yml

* check return codes of EVP_CIPHER_CTX_new and EVP_CipherInit

Especially with OpenSSL 3, it is possible that EVP_CipherInit may fail even when
passed a non-null cipher[1]. Without the checking, it will finally get to a
segfault.

[1] https://github.com/openssl/openssl/issues/16864

* Automatically load default and legacy providers with OpenSSL 3

Without the legacy provider [1], some ciphers are not available. For example,
the 'des-ecb' one used by test sutie is missed and the test will fail.

[1] OSSL_PROVIDER-LEGACY(7ossl)

* Make p12 ca order the same as pem

OpenSSL < 3 returns p12 ca order in reversed order. This is fixed
in OpenSSL 3. We work around it with old OpenSSL.

See:
https://github.com/openssl/openssl/issues/16421
https://github.com/openssl/openssl/pull/12641
f5eb85eb0f

* Implement SSL abort handling on OpenSSL 3

On an unexpected EOF, versions before OpenSSL 3.0 returned SSL_ERROR_SYSCALL,
nothing was added to the error stack, and errno was 0. Since OpenSSL 3.0 the
returned error is SSL_ERROR_SSL with a meaningful error on the error stack.[1]

[1] SSL_GET_ERROR(3ossl)

Co-authored-by: Günter Obiltschnig <guenter.obiltschnig@appinf.com>
Co-authored-by: Robin Lee <cheeselee@fedoraproject.org>
Co-authored-by: Aleksandar Fabijanic <aleks-f@users.noreply.github.com>
This commit is contained in:
Robin Lee
2022-03-30 02:23:44 +08:00
committed by GitHub
parent 5a0b18246b
commit 3bab3548f4
5 changed files with 35 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
NetSSL_OpenSSL/src/SecureSocketImpl.cpp
View File

@@ -483,11 +483,11 @@ int SecureSocketImpl::handleError(int rc)
// these should not occur
poco_bugcheck();
return rc;
// SSL_GET_ERROR(3ossl):
// On an unexpected EOF, versions before OpenSSL 3.0 returned
// SSL_ERROR_SYSCALL, nothing was added to the error stack, and
// errno was 0. Since OpenSSL 3.0 the returned error is
// SSL_ERROR_SSL with a meaningful error on the error stack.
// SSL_GET_ERROR(3ossl):
// On an unexpected EOF, versions before OpenSSL 3.0 returned
// SSL_ERROR_SYSCALL, nothing was added to the error stack, and
// errno was 0. Since OpenSSL 3.0 the returned error is
// SSL_ERROR_SSL with a meaningful error on the error stack.
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
case SSL_ERROR_SSL:
#else