From 29bc76e3d3252dfc311d1ffaa15be66abd8509ee Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 16 Feb 2016 00:35:34 +0200 Subject: [PATCH] OpenSSL: Do not use library init/deinit functions with 1.1.0 SSL_library_init() does not work properly after EVP_cleanup() starting from OpenSSL 1.1.0 pre release 3. The automated library init/deinit functions in that pre release are supposed to handle all initialization and deinitialiation, so comment out the explicit calls to these function with OpenSSL 1.1.0 and newer. Signed-off-by: Jouni Malinen --- src/crypto/tls_openssl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index a03d8d817..7ef621448 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -900,6 +900,7 @@ void * tls_init(const struct tls_config *conf) } #endif /* OPENSSL_FIPS */ #endif /* CONFIG_FIPS */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_load_error_strings(); SSL_library_init(); #ifndef OPENSSL_NO_SHA256 @@ -921,6 +922,7 @@ void * tls_init(const struct tls_config *conf) #endif /* OPENSSL_NO_RC2 */ PKCS12_PBE_add(); #endif /* PKCS12_FUNCS */ +#endif /* < 1.1.0 */ } else { context = tls_context_new(conf); if (context == NULL) @@ -1022,6 +1024,7 @@ void tls_deinit(void *ssl_ctx) tls_openssl_ref_count--; if (tls_openssl_ref_count == 0) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif /* OPENSSL_NO_ENGINE */ @@ -1029,6 +1032,7 @@ void tls_deinit(void *ssl_ctx) ERR_remove_thread_state(NULL); ERR_free_strings(); EVP_cleanup(); +#endif /* < 1.1.0 */ os_free(tls_global->ocsp_stapling_response); tls_global->ocsp_stapling_response = NULL; os_free(tls_global);