MDEV-15596 10.2 doesn't work with openssl 1.1.1

b4db59ba · Georg Richter · Sergei Golubchik · 1db1340c · b4db59ba · b4db59ba
Commit b4db59ba authored Jun 18, 2018 by Georg Richter Committed by Sergei Golubchik Jun 21, 2018
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

include/ssl_compat.h include/ssl_compat.h +5 -1

vio/viosslfactories.c vio/viosslfactories.c +1 -0

No files found.
--- a/include/ssl_compat.h
+++ b/include/ssl_compat.h
@@ -27,7 +27,7 @@
 #define HAVE_OPENSSL11 1
 #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION)
 #define ERR_remove_state(X) ERR_clear_error()
-#define EVP_CIPHER_CTX_SIZE 168
+#define EVP_CIPHER_CTX_SIZE 176
 #define EVP_MD_CTX_SIZE 48
 #undef EVP_MD_CTX_init
 #define EVP_MD_CTX_init(X) do { bzero((X), EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0)
@@ -77,6 +77,10 @@
 #define X509_get0_notAfter(X) X509_get_notAfter(X)
 #endif
+#ifndef TLS1_3_VERSION
+#define SSL_CTX_set_ciphersuites(X,Y) 0
+#endif
 #ifdef	__cplusplus
 extern "C" {
 #endif /* __cplusplus */

--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -211,6 +211,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
    none of the provided ciphers could be selected
  */
  if (cipher &&
+      SSL_CTX_set_ciphersuites(ssl_fd->ssl_context, cipher) == 0 &&
      SSL_CTX_set_cipher_list(ssl_fd->ssl_context, cipher) == 0)
  {
    *error= SSL_INITERR_CIPHERS;