BUILD: ssl: eliminate warning with OpenSSL 1.1.0 regarding RAND_pseudo_bytes() This function was deprecated in 1.1.0 causing this warning : src/ssl_sock.c:551:3: warning: 'RAND_pseudo_bytes' is deprecated (declared at /opt/openssl-1.1.0/include/openssl/rand.h:47) [-Wdeprecated-declarations] The man suggests to use RAND_bytes() instead. While the return codes differ, it turns out that the function was already misused and was relying on RAND_bytes() return code instead. The patch was tested on 0.9.8, 1.0.0, 1.0.1, 1.0.2 and 1.1.0. This fix must be backported to 1.7 and the return code check should be backported to earlier versions if relevant.

commit: 77d88da7e1be29ff1ba5cd4634e2997060d30b2b [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Thu Jan 19 17:10:54 2017 +0100
committer: Willy Tarreau <w@1wt.eu> Thu Jan 19 17:28:08 2017 +0100
tree: 1aca95d87eda27b98897b64d36614ae85aa6371c
parent: a4fb8ed1f2969a79f2965b49a6f0e45536f01795 [diff] [blame]
diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h
index 0194eaa..c566199 100644
--- a/include/proto/openssl-compat.h
+++ b/include/proto/openssl-compat.h

@@ -171,4 +171,15 @@
 #define ERR_remove_state(x)
 #endif
 
+
+/* RAND_pseudo_bytes() is deprecated in 1.1.0 in favor of RAND_bytes(). Note
+ * that the return codes differ, but it happens that the only use case (ticket
+ * key update) was already wrong, considering a non-cryptographic random as a
+ * failure.
+ */
+#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#undef  RAND_pseudo_bytes
+#define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
+#endif
+
 #endif /* _PROTO_OPENSSL_COMPAT_H */
commit	77d88da7e1be29ff1ba5cd4634e2997060d30b2b	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Thu Jan 19 17:10:54 2017 +0100
committer	Willy Tarreau <w@1wt.eu>	Thu Jan 19 17:28:08 2017 +0100
tree	1aca95d87eda27b98897b64d36614ae85aa6371c
parent	a4fb8ed1f2969a79f2965b49a6f0e45536f01795 [diff] [blame]