You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by GitBox <gi...@apache.org> on 2022/07/30 00:08:32 UTC
[GitHub] [guacamole-server] jmuehlner opened a new pull request, #387: GUACAMOLE-1652: Only call SSL init functions when the library version requires it.
jmuehlner opened a new pull request, #387:
URL: https://github.com/apache/guacamole-server/pull/387
This change fixes the issues with SFTP + VNC as described here: https://issues.apache.org/jira/browse/GUACAMOLE-1652.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [guacamole-server] necouchman commented on pull request #387: GUACAMOLE-1652: Only call SSL init functions when the library version requires it.
Posted by GitBox <gi...@apache.org>.
necouchman commented on PR #387:
URL: https://github.com/apache/guacamole-server/pull/387#issuecomment-1200061949
Should we also update this location, where SSL is initialized for Client -> guacd connections:
https://github.com/apache/guacamole-server/blob/eee3ac092c8d1c2b17404c7b52c8a2b794d1ec1a/src/guacd/daemon.c#L384-L387
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [guacamole-server] jmuehlner commented on pull request #387: GUACAMOLE-1652: Only call SSL init functions when the library version requires it.
Posted by GitBox <gi...@apache.org>.
jmuehlner commented on PR #387:
URL: https://github.com/apache/guacamole-server/pull/387#issuecomment-1200066796
> Should we also update this location, where SSL is initialized for Client -> guacd connections:
>
> https://github.com/apache/guacamole-server/blob/eee3ac092c8d1c2b17404c7b52c8a2b794d1ec1a/src/guacd/daemon.c#L384-L387
Yeah, might as well. It didn't break anything like this for me in testing, but those functions are not needed when the OpenSSL version is <= 1.1.0.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [guacamole-server] necouchman merged pull request #387: GUACAMOLE-1652: Only call SSL init functions when the library version requires it.
Posted by GitBox <gi...@apache.org>.
necouchman merged PR #387:
URL: https://github.com/apache/guacamole-server/pull/387
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [guacamole-server] jmuehlner commented on a diff in pull request #387: GUACAMOLE-1652: Only call SSL init functions when the library version requires it.
Posted by GitBox <gi...@apache.org>.
jmuehlner commented on code in PR #387:
URL: https://github.com/apache/guacamole-server/pull/387#discussion_r933712329
##########
src/guacd/daemon.c:
##########
@@ -381,10 +381,15 @@ int main(int argc, char* argv[]) {
CRYPTO_set_locking_callback(guacd_openssl_locking_callback);
#endif
- /* Init SSL */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ /* Init OpenSSL for OpenSSL Versions < 1.1.0 */
SSL_library_init();
SSL_load_error_strings();
ssl_context = SSL_CTX_new(SSLv23_server_method());
+#else
+ /* Set up OpenSSL for OpenSSL Versions >= 1.1.0 */
+ ssl_context = SSL_CTX_new(TLS_server_method());
Review Comment:
Per https://www.openssl.org/docs/manmaster/man3/SSLv23_server_method.html,
> SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
> These functions do not exist anymore, they have been renamed to TLS_method(), TLS_server_method() and TLS_client_method() respectively. Currently, the old function calls are renamed to the corresponding new ones by preprocessor macros, to ensure that existing code which uses the old function names still compiles. However, using the old function names is deprecated and new code should call the new functions instead.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [guacamole-server] necouchman commented on a diff in pull request #387: GUACAMOLE-1652: Only call SSL init functions when the library version requires it.
Posted by GitBox <gi...@apache.org>.
necouchman commented on code in PR #387:
URL: https://github.com/apache/guacamole-server/pull/387#discussion_r933793770
##########
src/guacd/daemon.c:
##########
@@ -381,10 +381,15 @@ int main(int argc, char* argv[]) {
CRYPTO_set_locking_callback(guacd_openssl_locking_callback);
#endif
- /* Init SSL */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ /* Init OpenSSL for OpenSSL Versions < 1.1.0 */
SSL_library_init();
SSL_load_error_strings();
ssl_context = SSL_CTX_new(SSLv23_server_method());
+#else
+ /* Set up OpenSSL for OpenSSL Versions >= 1.1.0 */
+ ssl_context = SSL_CTX_new(TLS_server_method());
Review Comment:
Nice catch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@guacamole.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org