+Description: Remove the systemprocessor name in the compilate
+ Required for reproducible builds, and it is also not reliable
+Author: Gert Wollny <gw.fossdev@gmail.com>
+
--- a/CMake/GenerateDCMTKConfigure.cmake
+++ b/CMake/GenerateDCMTKConfigure.cmake
@@ -64,15 +64,6 @@
--- /dev/null
+Description: Compile with openssl-1.1
+Author: Gert Wollny <gw.fossdev@gmail.com>
+Bug-Debian: http://bugs.debian.org/828281
+
+--- a/dcmtls/libsrc/tlslayer.cc
++++ b/dcmtls/libsrc/tlslayer.cc
+@@ -48,6 +48,11 @@
+ #define DCMTK_SSL_CTX_get0_param(A) A->param;
+ #endif
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define SSL_CTX_get_cert_store(ctx) ctx->cert_store
++#define EVP_PKEY_id(key) key->type;
++#endif
++
+ extern "C" int DcmTLSTransportLayer_certificateValidationCallback(int ok, X509_STORE_CTX *storeContext);
+
+ OFLogger DCM_dcmtlsLogger = OFLog::getLogger("dcmtk.dcmtls");
+@@ -114,18 +119,21 @@
+ {"TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", SSL3_TXT_ADH_DES_40_CBC_SHA},
+ {"TLS_DH_anon_WITH_DES_CBC_SHA", SSL3_TXT_ADH_DES_64_CBC_SHA},
+ {"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", SSL3_TXT_ADH_DES_192_CBC_SHA},
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ {"TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA},
+ {"TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA},
+ {"TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA},
+ {"TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA},
++#endif
+ {"TLS_DHE_DSS_WITH_RC4_128_SHA", TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA}
+
+ #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
+- // cipersuites added in OpenSSL 0.9.7
+ ,
++ // cipersuites added in OpenSSL 0.9.7
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ {"TLS_RSA_EXPORT_WITH_RC4_56_MD5", TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5},
+ {"TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5},
+-
++#endif
+ /* AES ciphersuites from RFC3268 */
+ {"TLS_RSA_WITH_AES_128_CBC_SHA", TLS1_TXT_RSA_WITH_AES_128_SHA},
+ {"TLS_DH_DSS_WITH_AES_128_CBC_SHA", TLS1_TXT_DH_DSS_WITH_AES_128_SHA},
+@@ -184,7 +192,9 @@
+ // but the API has been available at least since 0.9.5.
+ SSL_library_init();
+ SSL_load_error_strings();
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ SSLeay_add_all_algorithms();
++#endif
+ seedPRNG(randFile);
+ }
+
+@@ -330,7 +340,7 @@
+ /* fileType should be SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM */
+ if (transportLayerContext)
+ {
+- X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(transportLayerContext->cert_store, X509_LOOKUP_file());
++ X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(transportLayerContext), X509_LOOKUP_file());
+ if (x509_lookup == NULL) return TCS_tlsError;
+ if (! X509_LOOKUP_load_file(x509_lookup, fileName, fileType)) return TCS_tlsError;
+ } else return TCS_illegalCall;
+@@ -342,7 +352,7 @@
+ /* fileType should be SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM */
+ if (transportLayerContext)
+ {
+- X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(transportLayerContext->cert_store, X509_LOOKUP_hash_dir());
++ X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(transportLayerContext), X509_LOOKUP_hash_dir());
+ if (x509_lookup == NULL) return TCS_tlsError;
+ if (! X509_LOOKUP_add_dir(x509_lookup, pathName, fileType)) return TCS_tlsError;
+ } else return TCS_illegalCall;
+@@ -464,7 +474,7 @@
+ EVP_PKEY *pubkey = X509_get_pubkey(peerCertificate); // creates copy of public key
+ if (pubkey)
+ {
+- switch (EVP_PKEY_type(pubkey->type))
++ switch (EVP_PKEY_id(pubkey))
+ {
+ case EVP_PKEY_RSA:
+ certPubKeyType = "RSA";
+--- a/dcmsign/libsrc/sicert.cc
++++ b/dcmsign/libsrc/sicert.cc
+@@ -39,6 +39,10 @@
+ #include <openssl/pem.h>
+ END_EXTERN_C
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define EVP_PKEY_id(key) key->type;
++#endif
++
+ SiCertificate::SiCertificate()
+ : x509(NULL)
+ {
+@@ -57,7 +61,7 @@
+ EVP_PKEY *pkey = X509_extract_key(x509);
+ if (pkey)
+ {
+- switch(pkey->type)
++ switch(EVP_PKEY_id(pkey))
+ {
+ case EVP_PKEY_RSA:
+ result = EKT_RSA;
+@@ -85,7 +89,7 @@
+ EVP_PKEY *pkey = X509_extract_key(x509);
+ if (pkey)
+ {
+- switch(pkey->type)
++ switch(EVP_PKEY_id(pkey))
+ {
+ case EVP_PKEY_RSA:
+ return new SiRSA(EVP_PKEY_get1_RSA(pkey));
+@@ -111,7 +115,7 @@
+ x509 = NULL;
+ if (filename)
+ {
+- BIO *in = BIO_new(BIO_s_file_internal());
++ BIO *in = BIO_new(BIO_s_file());
+ if (in)
+ {
+ if (BIO_read_filename(in, filename) > 0)
+--- a/dcmsign/libsrc/sicertvf.cc
++++ b/dcmsign/libsrc/sicertvf.cc
+@@ -72,7 +72,7 @@
+ X509_CRL *x509crl = NULL;
+ if (fileName)
+ {
+- BIO *in = BIO_new(BIO_s_file_internal());
++ BIO *in = BIO_new(BIO_s_file());
+ if (in)
+ {
+ if (BIO_read_filename(in, fileName) > 0)
+@@ -107,11 +107,12 @@
+ X509 *rawcert = certificate.getRawCertificate();
+ if (rawcert == NULL) return SI_EC_VerificationFailed_NoCertificate;
+
+- X509_STORE_CTX ctx;
+- X509_STORE_CTX_init(&ctx, x509store, rawcert, NULL);
+- int ok = X509_verify_cert(&ctx); /* returns nonzero if successful */
+- errorCode = X509_STORE_CTX_get_error(&ctx);
+- X509_STORE_CTX_cleanup(&ctx);
++ X509_STORE_CTX *ctx = NULL;
++ ctx = X509_STORE_CTX_new();
++ int ok = X509_STORE_CTX_init(ctx, x509store, rawcert, NULL);
++ errorCode = X509_STORE_CTX_get_error(ctx);
++ X509_STORE_CTX_cleanup(ctx);
++ X509_STORE_CTX_free(ctx);
+ if (ok) return EC_Normal; else return SI_EC_VerificationFailed_NoTrust;
+ }
+
+--- a/dcmsign/libsrc/siprivat.cc
++++ b/dcmsign/libsrc/siprivat.cc
+@@ -38,6 +38,9 @@
+ #include <openssl/pem.h>
+ END_EXTERN_C
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define EVP_PKEY_id(key) key->type;
++#endif
+
+ /* buf : buffer to write password into
+ * size : length of buffer in bytes
+@@ -96,7 +99,7 @@
+ pkey = NULL;
+ if (filename)
+ {
+- BIO *in = BIO_new(BIO_s_file_internal());
++ BIO *in = BIO_new(BIO_s_file());
+ if (in)
+ {
+ if (BIO_read_filename(in, filename) > 0)
+@@ -125,7 +128,7 @@
+ E_KeyType result = EKT_none;
+ if (pkey)
+ {
+- switch(pkey->type)
++ switch(EVP_PKEY_id(pkey))
+ {
+ case EVP_PKEY_RSA:
+ result = EKT_RSA;
+@@ -149,7 +152,7 @@
+ {
+ if (pkey)
+ {
+- switch(pkey->type)
++ switch(EVP_PKEY_id(pkey))
+ {
+ case EVP_PKEY_RSA:
+ return new SiRSA(EVP_PKEY_get1_RSA(pkey));
+--- a/dcmpstat/libsrc/dviface.cc
++++ b/dcmpstat/libsrc/dviface.cc
+@@ -4080,7 +4080,7 @@
+
+ /* attempt to load the private key with the given password*/
+ EVP_PKEY *pkey = NULL;
+- BIO *in = BIO_new(BIO_s_file_internal());
++ BIO *in = BIO_new(BIO_s_file());
+ if (in)
+ {
+ if (BIO_read_filename(in, filename.c_str()) > 0)
+++ /dev/null
---- a/dcmtls/libsrc/tlslayer.cc
-+++ b/dcmtls/libsrc/tlslayer.cc
-@@ -48,6 +48,11 @@
- #define DCMTK_SSL_CTX_get0_param(A) A->param;
- #endif
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#define SSL_CTX_get_cert_store(ctx) ctx->cert_store
-+#define EVP_PKEY_id(key) key->type;
-+#endif
-+
- extern "C" int DcmTLSTransportLayer_certificateValidationCallback(int ok, X509_STORE_CTX *storeContext);
-
- OFLogger DCM_dcmtlsLogger = OFLog::getLogger("dcmtk.dcmtls");
-@@ -114,18 +119,21 @@
- {"TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", SSL3_TXT_ADH_DES_40_CBC_SHA},
- {"TLS_DH_anon_WITH_DES_CBC_SHA", SSL3_TXT_ADH_DES_64_CBC_SHA},
- {"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", SSL3_TXT_ADH_DES_192_CBC_SHA},
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- {"TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA", TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA},
- {"TLS_RSA_EXPORT1024_WITH_RC4_56_SHA", TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA},
- {"TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA},
- {"TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA", TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA},
-+#endif
- {"TLS_DHE_DSS_WITH_RC4_128_SHA", TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA}
-
- #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
-- // cipersuites added in OpenSSL 0.9.7
- ,
-+ // cipersuites added in OpenSSL 0.9.7
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- {"TLS_RSA_EXPORT_WITH_RC4_56_MD5", TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5},
- {"TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5", TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5},
--
-+#endif
- /* AES ciphersuites from RFC3268 */
- {"TLS_RSA_WITH_AES_128_CBC_SHA", TLS1_TXT_RSA_WITH_AES_128_SHA},
- {"TLS_DH_DSS_WITH_AES_128_CBC_SHA", TLS1_TXT_DH_DSS_WITH_AES_128_SHA},
-@@ -184,7 +192,9 @@
- // but the API has been available at least since 0.9.5.
- SSL_library_init();
- SSL_load_error_strings();
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- SSLeay_add_all_algorithms();
-+#endif
- seedPRNG(randFile);
- }
-
-@@ -330,7 +340,7 @@
- /* fileType should be SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM */
- if (transportLayerContext)
- {
-- X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(transportLayerContext->cert_store, X509_LOOKUP_file());
-+ X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(transportLayerContext), X509_LOOKUP_file());
- if (x509_lookup == NULL) return TCS_tlsError;
- if (! X509_LOOKUP_load_file(x509_lookup, fileName, fileType)) return TCS_tlsError;
- } else return TCS_illegalCall;
-@@ -342,7 +352,7 @@
- /* fileType should be SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM */
- if (transportLayerContext)
- {
-- X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(transportLayerContext->cert_store, X509_LOOKUP_hash_dir());
-+ X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(transportLayerContext), X509_LOOKUP_hash_dir());
- if (x509_lookup == NULL) return TCS_tlsError;
- if (! X509_LOOKUP_add_dir(x509_lookup, pathName, fileType)) return TCS_tlsError;
- } else return TCS_illegalCall;
-@@ -464,7 +474,7 @@
- EVP_PKEY *pubkey = X509_get_pubkey(peerCertificate); // creates copy of public key
- if (pubkey)
- {
-- switch (EVP_PKEY_type(pubkey->type))
-+ switch (EVP_PKEY_id(pubkey))
- {
- case EVP_PKEY_RSA:
- certPubKeyType = "RSA";
---- a/dcmsign/libsrc/sicert.cc
-+++ b/dcmsign/libsrc/sicert.cc
-@@ -39,6 +39,10 @@
- #include <openssl/pem.h>
- END_EXTERN_C
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#define EVP_PKEY_id(key) key->type;
-+#endif
-+
- SiCertificate::SiCertificate()
- : x509(NULL)
- {
-@@ -57,7 +61,7 @@
- EVP_PKEY *pkey = X509_extract_key(x509);
- if (pkey)
- {
-- switch(pkey->type)
-+ switch(EVP_PKEY_id(pkey))
- {
- case EVP_PKEY_RSA:
- result = EKT_RSA;
-@@ -85,7 +89,7 @@
- EVP_PKEY *pkey = X509_extract_key(x509);
- if (pkey)
- {
-- switch(pkey->type)
-+ switch(EVP_PKEY_id(pkey))
- {
- case EVP_PKEY_RSA:
- return new SiRSA(EVP_PKEY_get1_RSA(pkey));
-@@ -111,7 +115,7 @@
- x509 = NULL;
- if (filename)
- {
-- BIO *in = BIO_new(BIO_s_file_internal());
-+ BIO *in = BIO_new(BIO_s_file());
- if (in)
- {
- if (BIO_read_filename(in, filename) > 0)
---- a/dcmsign/libsrc/sicertvf.cc
-+++ b/dcmsign/libsrc/sicertvf.cc
-@@ -72,7 +72,7 @@
- X509_CRL *x509crl = NULL;
- if (fileName)
- {
-- BIO *in = BIO_new(BIO_s_file_internal());
-+ BIO *in = BIO_new(BIO_s_file());
- if (in)
- {
- if (BIO_read_filename(in, fileName) > 0)
-@@ -107,11 +107,12 @@
- X509 *rawcert = certificate.getRawCertificate();
- if (rawcert == NULL) return SI_EC_VerificationFailed_NoCertificate;
-
-- X509_STORE_CTX ctx;
-- X509_STORE_CTX_init(&ctx, x509store, rawcert, NULL);
-- int ok = X509_verify_cert(&ctx); /* returns nonzero if successful */
-- errorCode = X509_STORE_CTX_get_error(&ctx);
-- X509_STORE_CTX_cleanup(&ctx);
-+ X509_STORE_CTX *ctx = NULL;
-+ ctx = X509_STORE_CTX_new();
-+ int ok = X509_STORE_CTX_init(ctx, x509store, rawcert, NULL);
-+ errorCode = X509_STORE_CTX_get_error(ctx);
-+ X509_STORE_CTX_cleanup(ctx);
-+ X509_STORE_CTX_free(ctx);
- if (ok) return EC_Normal; else return SI_EC_VerificationFailed_NoTrust;
- }
-
---- a/dcmsign/libsrc/siprivat.cc
-+++ b/dcmsign/libsrc/siprivat.cc
-@@ -38,6 +38,9 @@
- #include <openssl/pem.h>
- END_EXTERN_C
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#define EVP_PKEY_id(key) key->type;
-+#endif
-
- /* buf : buffer to write password into
- * size : length of buffer in bytes
-@@ -96,7 +99,7 @@
- pkey = NULL;
- if (filename)
- {
-- BIO *in = BIO_new(BIO_s_file_internal());
-+ BIO *in = BIO_new(BIO_s_file());
- if (in)
- {
- if (BIO_read_filename(in, filename) > 0)
-@@ -125,7 +128,7 @@
- E_KeyType result = EKT_none;
- if (pkey)
- {
-- switch(pkey->type)
-+ switch(EVP_PKEY_id(pkey))
- {
- case EVP_PKEY_RSA:
- result = EKT_RSA;
-@@ -149,7 +152,7 @@
- {
- if (pkey)
- {
-- switch(pkey->type)
-+ switch(EVP_PKEY_id(pkey))
- {
- case EVP_PKEY_RSA:
- return new SiRSA(EVP_PKEY_get1_RSA(pkey));
---- a/dcmpstat/libsrc/dviface.cc
-+++ b/dcmpstat/libsrc/dviface.cc
-@@ -4080,7 +4080,7 @@
-
- /* attempt to load the private key with the given password*/
- EVP_PKEY *pkey = NULL;
-- BIO *in = BIO_new(BIO_s_file_internal());
-+ BIO *in = BIO_new(BIO_s_file());
- if (in)
- {
- if (BIO_read_filename(in, filename.c_str()) > 0)
06_soversion_abi.patch
07_dont_export_all_executables.patch
08_remove_system_processor.patch
-dcmtk-361-20160216-ssl-1.1.patch
+09_openssl-1.1.patch
projects / dcmtk.git / commitdiff