PATCH: OpenSSL 1.0.1 workaround for 10-year old gcc bugs

Wed, 25 Apr 2012 11:47:49 -0700 

This week's inter-operability workaround for OpenSSL 1.0.1 does not
compile on 10+ year old gcc compilers (gcc 2.95.3 on Solaris 9, gcc
3.2.3 on BSD/OS 4).

The patch below should work with the latest snapshot, stable, and
supported legacy releases.

        Wietse

[20120425-tls-gcc-patch]

20120425

        Workaround: bugs in 10-year old gcc versions break compilation
        with #ifdef inside a macro invocation (NOT: definition).
        Files: tls/tls.h, tls/tls_client.c, tls/tls_server.c.

diff -cr /var/tmp/postfix-2.10-20120422/src/tls/tls.h src/tls/tls.h
*** /var/tmp/postfix-2.10-20120422/src/tls/tls.h        Sun Apr 22 18:28:54 2012
--- src/tls/tls.h       Wed Apr 25 08:48:36 2012
***************
*** 177,187 ****
--- 177,191 ----
  #define TLS_PROTOCOL_TLSv1_1  (1<<3)  /* TLSv1_1 */
  #else
  #define TLS_PROTOCOL_TLSv1_1  0       /* Unknown */
+ #undef  SSL_OP_NO_TLSv1_1
+ #define SSL_OP_NO_TLSv1_1     0L      /* Noop */
  #endif
  #ifdef SSL_TXT_TLSV1_2
  #define TLS_PROTOCOL_TLSv1_2  (1<<4)  /* TLSv1_2 */
  #else
  #define TLS_PROTOCOL_TLSv1_2  0       /* Unknown */
+ #undef  SSL_OP_NO_TLSv1_2
+ #define SSL_OP_NO_TLSv1_2     0L      /* Noop */
  #endif
  #define TLS_KNOWN_PROTOCOLS   \
        ( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \
diff -cr /var/tmp/postfix-2.10-20120422/src/tls/tls_client.c 
src/tls/tls_client.c
*** /var/tmp/postfix-2.10-20120422/src/tls/tls_client.c Sun Apr 22 18:12:25 2012
--- src/tls/tls_client.c        Wed Apr 25 08:46:54 2012
***************
*** 859,870 ****
      if (protomask != 0)
        SSL_set_options(TLScontext->con,
                   ((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L)
- #ifdef SSL_OP_NO_TLSv1_1
             | ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L)
- #endif
- #ifdef SSL_OP_NO_TLSv1_2
             | ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L)
- #endif
                 | ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L)
               | ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L));
  
--- 859,866 ----
diff -cr /var/tmp/postfix-2.10-20120422/src/tls/tls_server.c 
src/tls/tls_server.c
*** /var/tmp/postfix-2.10-20120422/src/tls/tls_server.c Sun Apr 22 18:13:25 2012
--- src/tls/tls_server.c        Wed Apr 25 08:47:01 2012
***************
*** 403,414 ****
      if (protomask != 0)
        SSL_CTX_set_options(server_ctx,
                   ((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L)
- #ifdef SSL_OP_NO_TLSv1_1
             | ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L)
- #endif
- #ifdef SSL_OP_NO_TLSv1_2
             | ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L)
- #endif
                 | ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L)
               | ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L));
  
--- 403,410 ----

Reply via email to