Support for the latest version of OpenSSL

dtool/src/parser-inc/ssl.h

@@ -10,5 +10,6 @@ struct X509;
 struct X509_STORE;
 struct X509_NAME;
 struct SSL;
+#define STACK_OF(num) STACK
 
 #endif

panda/src/downloader/httpChannel.cxx

@@ -1610,8 +1610,8 @@ run_ssl_handshake() {
     SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
   }
 
-  SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
-  if (cipher == (SSL_CIPHER *)NULL) {
+  const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
+  if (cipher == (const SSL_CIPHER *)NULL) {
     downloader_cat.warning()
       << "No current cipher on SSL connection.\n";
   } else {

panda/src/express/multifile.cxx

@@ -803,15 +803,15 @@ add_signature(const Filename &composite, const string &password) {
 //               needed.  Returns true on success, false on failure.
 ////////////////////////////////////////////////////////////////////
 bool Multifile::
-add_signature(X509 *certificate, STACK *chain, EVP_PKEY *pkey) {
+add_signature(X509 *certificate, STACK_OF(X509) *chain, EVP_PKEY *pkey) {
   // Convert the certificate and chain into our own CertChain
   // structure.
   CertChain cert_chain;
   cert_chain.push_back(CertRecord(certificate));
   if (chain != NULL) {
-    int num = sk_num(chain);
+    int num = sk_X509_num(chain);
     for (int i = 0; i < num; ++i) {
-      cert_chain.push_back(CertRecord((X509 *)sk_value(chain, i)));
+      cert_chain.push_back(CertRecord((X509 *)sk_X509_value(chain, i)));
     }
   }
 
@@ -1129,13 +1129,13 @@ validate_signature_certificate(int n) const {
   OpenSSLWrapper *sslw = OpenSSLWrapper::get_global_ptr();
 
   // Copy our CertChain structure into an X509 pointer and
-  // accompanying STACK pointer.
+  // accompanying STACK_OF(X509) pointer.
   X509 *x509 = chain[0]._cert;
-  STACK *stack = NULL;
+  STACK_OF(X509) *stack = NULL;
   if (chain.size() > 1) {
-    stack = sk_new(NULL);
+    stack = sk_X509_new(NULL);
     for (size_t n = 1; n < chain.size(); ++n) {
-      sk_push(stack, (char *)chain[n]._cert);
+      sk_X509_push(stack, chain[n]._cert);
     }
   }
 
@@ -1156,7 +1156,7 @@ validate_signature_certificate(int n) const {
       << "\n";
   }
 
-  sk_free(stack);
+  sk_X509_free(stack);
   X509_STORE_CTX_cleanup(ctx);
   X509_STORE_CTX_free(ctx);
 

panda/src/express/multifile.h

@@ -100,7 +100,7 @@ PUBLISHED:
                      const string &password = "");
   bool add_signature(const Filename &composite, 
                      const string &password = "");
-  bool add_signature(X509 *certificate, STACK *chain, EVP_PKEY *pkey);
+  bool add_signature(X509 *certificate, STACK_OF(X509) *chain, EVP_PKEY *pkey);
   bool add_signature(const CertChain &chain, EVP_PKEY *pkey);
 
   int get_num_signatures() const;

panda/src/nativenet/socket_tcp_ssl.h

@@ -28,12 +28,13 @@ struct SSlStartup
 {
    SSlStartup()
    {
-        SSL_METHOD *meth;
+        const SSL_METHOD *meth;
         SSLeay_add_ssl_algorithms();
         //meth = SSLv23_server_method();
         meth = SSLv23_method();
         SSL_load_error_strings();
-        global_ssl_ctx = SSL_CTX_new (meth);                        
+        // I hate this cast, but older versions of OpenSSL need it.
+        global_ssl_ctx = SSL_CTX_new ((SSL_METHOD *) meth);                        
    }
 
    ~SSlStartup()
@@ -324,7 +325,3 @@ inline void Socket_TCP_SSL::DetailErrorFormat(void)
 
 #endif //__SOCKET_TCP_SSL_H__
 
-
-
-
-