Backward compat with older OpenSSL versions

dtool/src/prc/encryptStreamBuf.cxx

@@ -111,6 +111,11 @@ open_read(istream *source, bool owns_source, const string &password) {
   _source = source;
   _owns_source = owns_source;
 
+  if (_read_ctx != NULL) {
+    EVP_CIPHER_CTX_free(_read_ctx);
+    _read_ctx = NULL;
+  }
+
   // Now read the header information.
   StreamReader sr(_source, false);
   int nid = sr.get_uint16();
@@ -122,11 +127,6 @@ open_read(istream *source, bool owns_source, const string &password) {
   if (cipher == NULL) {
     prc_cat.error()
       << "Unknown encryption algorithm in stream.\n";
-
-    if (_read_ctx != NULL) {
-      EVP_CIPHER_CTX_free(_read_ctx);
-      _read_ctx = NULL;
-    }
     return;
   }
 
@@ -147,11 +147,7 @@ open_read(istream *source, bool owns_source, const string &password) {
 
   string iv = sr.extract_bytes(iv_length);
 
-  if (_read_ctx != NULL) {
-    EVP_CIPHER_CTX_reset(_read_ctx);
-  } else {
-    _read_ctx = EVP_CIPHER_CTX_new();
-  }
+  _read_ctx = EVP_CIPHER_CTX_new();
   nassertv(_read_ctx != NULL);
 
   // Initialize the context
@@ -228,11 +224,6 @@ open_write(ostream *dest, bool owns_dest, const string &password) {
   if (cipher == NULL) {
     prc_cat.error()
       << "Unknown encryption algorithm: " << _algorithm << "\n";
-
-    if (_write_ctx != NULL) {
-      EVP_CIPHER_CTX_free(_write_ctx);
-      _write_ctx = NULL;
-    }
     return;
   }
 
@@ -246,11 +237,7 @@ open_write(ostream *dest, bool owns_dest, const string &password) {
   unsigned char *iv = (unsigned char *)alloca(iv_length);
   RAND_pseudo_bytes(iv, iv_length);
 
-  if (_read_ctx != NULL) {
-    EVP_CIPHER_CTX_reset(_write_ctx);
-  } else {
-    _write_ctx = EVP_CIPHER_CTX_new();
-  }
+  _write_ctx = EVP_CIPHER_CTX_new();
   nassertv(_write_ctx != NULL);
 
   int result;

panda/src/downloader/httpClient.cxx

@@ -232,6 +232,12 @@ operator = (const HTTPClient &copy) {
 HTTPClient::
 ~HTTPClient() {
   if (_ssl_ctx != (SSL_CTX *)NULL) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+    // Before we can free the context, we must remove the X509_STORE pointer
+    // from it, so it won't be destroyed along with it (this object is shared
+    // among all contexts).
+    _ssl_ctx->cert_store = NULL;
+#endif
     SSL_CTX_free(_ssl_ctx);
   }
 
@@ -1119,9 +1125,11 @@ get_ssl_ctx() {
   sslw->notify_ssl_errors();
 
   X509_STORE *store = sslw->get_x509_store();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
   if (store != NULL) {
     X509_STORE_up_ref(store);
   }
+#endif
   SSL_CTX_set_cert_store(_ssl_ctx, store);
 
   return _ssl_ctx;