diff --git a/config.h.in b/config.h.in index 90be6906b..c5d8accd3 100644 --- a/config.h.in +++ b/config.h.in @@ -928,11 +928,8 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H -/* Define to 1 if you have the `TLS_client_method' function. */ -#undef HAVE_TLS_CLIENT_METHOD - -/* Define to 1 if you have the `TLS_server_method' function. */ -#undef HAVE_TLS_SERVER_METHOD +/* Define to 1 if you have the `TLS_method' function. */ +#undef HAVE_TLS_METHOD /* Define to 1 if you have the `ttyslot' function. */ #undef HAVE_TTYSLOT diff --git a/configure b/configure index 88f7cfef5..c71e49c7d 100755 --- a/configure +++ b/configure @@ -22434,16 +22434,10 @@ then : printf "%s\n" "#define HAVE_SSL_CTX_GET0_CERTIFICATE 1" >>confdefs.h fi -ac_fn_c_check_func "$LINENO" "TLS_client_method" "ac_cv_func_TLS_client_method" -if test "x$ac_cv_func_TLS_client_method" = xyes +ac_fn_c_check_func "$LINENO" "TLS_method" "ac_cv_func_TLS_method" +if test "x$ac_cv_func_TLS_method" = xyes then : - printf "%s\n" "#define HAVE_TLS_CLIENT_METHOD 1" >>confdefs.h - -fi -ac_fn_c_check_func "$LINENO" "TLS_server_method" "ac_cv_func_TLS_server_method" -if test "x$ac_cv_func_TLS_server_method" = xyes -then : - printf "%s\n" "#define HAVE_TLS_SERVER_METHOD 1" >>confdefs.h + printf "%s\n" "#define HAVE_TLS_METHOD 1" >>confdefs.h fi diff --git a/configure.ac b/configure.ac index ab312caa9..6ae6c3003 100644 --- a/configure.ac +++ b/configure.ac @@ -2992,7 +2992,7 @@ dnl if test "${enable_openssl-no}" != no; then OLIBS="$LIBS" LIBS="$LIBS $LIBTLS" - AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate TLS_client_method TLS_server_method]) + AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate TLS_method]) # SSL_CTX_set_min_proto_version may be a macro AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [ AC_INCLUDES_DEFAULT diff --git a/include/sudo_compat.h b/include/sudo_compat.h index 971443dd9..fca47bd8b 100644 --- a/include/sudo_compat.h +++ b/include/sudo_compat.h @@ -358,11 +358,8 @@ int getdomainname(char *, size_t); # ifndef HAVE_ASN1_STRING_GET0_DATA # define ASN1_STRING_get0_data(x) ASN1_STRING_data(x) # endif -# ifndef HAVE_TLS_CLIENT_METHOD -# define TLS_client_method() SSLv23_client_method() -# endif -# ifndef HAVE_TLS_SERVER_METHOD -# define TLS_server_method() SSLv23_server_method() +# ifndef HAVE_TLS_METHOD +# define TLS_method() SSLv23_method() # endif #endif /* HAVE_OPENSSL */ diff --git a/logsrvd/tls_client.c b/logsrvd/tls_client.c index 9d5e58c82..d7e5a669b 100644 --- a/logsrvd/tls_client.c +++ b/logsrvd/tls_client.c @@ -231,7 +231,7 @@ tls_client_setup(int sock, const char *ca_bundle_file, const char *cert_file, debug_decl(tls_client_setup, SUDO_DEBUG_UTIL); ssl_ctx = init_tls_context(ca_bundle_file, cert_file, key_file, - dhparam_file, ciphers_v12,ciphers_v13, verify_server); + dhparam_file, ciphers_v12, ciphers_v13, verify_server); if (ssl_ctx == NULL) { sudo_warnx(U_("unable to initialize TLS context")); debug_return_bool(false); diff --git a/logsrvd/tls_init.c b/logsrvd/tls_init.c index 8c837edb1..5f1ba14aa 100644 --- a/logsrvd/tls_init.c +++ b/logsrvd/tls_init.c @@ -191,7 +191,7 @@ init_tls_context(const char *ca_bundle_file, const char *cert_file, } /* Create the ssl context and enforce TLS 1.2 or higher. */ - if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) { + if ((ctx = SSL_CTX_new(TLS_method())) == NULL) { errstr = ERR_reason_error_string(ERR_get_error()); sudo_warnx(U_("unable to create TLS context: %s"), errstr); goto bad; diff --git a/plugins/sudoers/log_client.c b/plugins/sudoers/log_client.c index b79c7a610..c56e54606 100644 --- a/plugins/sudoers/log_client.c +++ b/plugins/sudoers/log_client.c @@ -188,7 +188,7 @@ tls_init(struct client_closure *closure) SSL_load_error_strings(); /* Create the ssl context and enforce TLS 1.2 or higher. */ - if ((closure->ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) { + if ((closure->ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) { errstr = ERR_reason_error_string(ERR_get_error()); sudo_warnx(U_("Creation of new SSL_CTX object failed: %s"), errstr); goto bad;