From: Art Cancro Date: Mon, 10 Jan 2022 16:28:03 +0000 (-0500) Subject: Unified the openssl library initialization code X-Git-Tag: v946~2 X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=41a68e93ee5d46eec3cf12f4614e53c1bac84e43 Unified the openssl library initialization code --- diff --git a/citadel/modules/crypto/serv_crypto.c b/citadel/modules/crypto/serv_crypto.c index dcbab519e..310150af8 100644 --- a/citadel/modules/crypto/serv_crypto.c +++ b/citadel/modules/crypto/serv_crypto.c @@ -268,15 +268,20 @@ void update_key_and_cert_if_needed(void) { // Initialize the SSL/TLS subsystem. void init_ssl(void) { - SSL_library_init(); // Initialize SSL transport layer + + // Initialize the OpenSSL library SSL_load_error_strings(); + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + SSL_library_init(); + // Load (or generate) a key and certificate mkdir(ctdl_key_dir, 0700); // If the keys directory does not exist, create it generate_key(file_crpt_file_key); // If a private key does not exist, create it generate_certificate(file_crpt_file_key, file_crpt_file_cer); // If a certificate does not exist, create it bind_to_key_and_certificate(); // Load key and cert from disk, and bind to them. - // Finally let the server know we're here + // Register some Citadel protocol commands for dealing with encrypted sessions CtdlRegisterProtoHook(cmd_stls, "STLS", "Start SSL/TLS session"); CtdlRegisterProtoHook(cmd_gtls, "GTLS", "Get SSL/TLS session status"); CtdlRegisterSessionHook(endtls, EVT_STOP, PRIO_STOP + 10); diff --git a/webcit-ng/tls.c b/webcit-ng/tls.c index 61ee44b0d..4a939a900 100644 --- a/webcit-ng/tls.c +++ b/webcit-ng/tls.c @@ -63,9 +63,11 @@ void bind_to_key_and_certificate(void) { // Initialize ssl engine, load certs and initialize openssl internals void init_ssl(void) { - // Initialize SSL transport layer - SSL_library_init(); + // Initialize the OpenSSL library SSL_load_error_strings(); + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + SSL_library_init(); // Now try to bind to the key and certificate. bind_to_key_and_certificate(); diff --git a/webcit/crypto.c b/webcit/crypto.c index 3d9b53469..9f85b2ad9 100644 --- a/webcit/crypto.c +++ b/webcit/crypto.c @@ -22,10 +22,6 @@ char *ssl_cipher_list = DEFAULT_SSL_CIPHER_LIST; pthread_key_t ThreadSSL; // Per-thread SSL context -void shutdown_ssl(void) { - ERR_free_strings(); -} - // Set the private key and certificate chain for the global SSL Context. // This is called during initialization, and can be called again later if the certificate changes. @@ -70,9 +66,11 @@ void bind_to_key_and_certificate(void) { // initialize ssl engine, load certs and initialize openssl internals void init_ssl(void) { - // Initialize SSL transport layer - SSL_library_init(); + // Initialize the OpenSSL library SSL_load_error_strings(); + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + SSL_library_init(); // Now try to bind to the key and certificate. bind_to_key_and_certificate(); diff --git a/webcit/sysdep.c b/webcit/sysdep.c index 0c58118a0..7c699699a 100644 --- a/webcit/sysdep.c +++ b/webcit/sysdep.c @@ -179,11 +179,6 @@ void ShutDownWebcit(void) icalmemory_free_ring (); ShutDownLibCitadel (); shutdown_modules (); -#ifdef HAVE_OPENSSL - if (is_https) { - shutdown_ssl(); - } -#endif } /*