LIST(APPEND CMAKE_REQUIRED_LIBRARIES socket)
LIST(APPEND CMAKE_REQUIRED_LIBRARIES umem)
# Ugly hack, but FindOpenSSL on Solaris does not link with libcrypto
- LIST(APPEND CMAKE_REQUIRED_LIBRARIES crypto)
SET(CMAKE_VERBOSE_MAKEFILE ON)
SET(CMAKE_INSTALL_RPATH_USE_LINK_PATH FALSE)
SET(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib:${RSPAMD_LIBDIR}")
ROOT ${SQLITE3_ROOT_DIR} MODULES sqlite3 sqlite)
ProcessPackage(ICONV LIBRARY iconv libiconv libiconv-2 c INCLUDE iconv.h INCLUDE_SUFFIXES include/libiconv
ROOT ${ICONV_ROOT_DIR} MODULES iconv)
-ProcessPackage(OPENSSL LIBRARY crypto INCLUDE err.h INCLUDE_SUFFIXES include/openssl
- ROOT ${OPENSSL_ROOT_DIR} MODULES openssl)
+ProcessPackage(LIBCRYPT LIBRARY crypto INCLUDE err.h INCLUDE_SUFFIXES include/openssl
+ ROOT ${OPENSSL_ROOT_DIR} MODULES openssl libcrypt)
+ProcessPackage(LIBSSL LIBRARY ssl INCLUDE ssl.h INCLUDE_SUFFIXES include/openssl
+ ROOT ${OPENSSL_ROOT_DIR} MODULES openssl libssl)
ProcessPackage(MAGIC LIBRARY magic INCLUDE magic.h INCLUDE_SUFFIXES include/libmagic
ROOT ${LIBMAGIC_ROOT_DIR} MODULES magic)
ENDIF ()
#Check for openssl (required for dkim)
-IF(WITH_OPENSSL)
- SET(HAVE_OPENSSL 1)
-ENDIF(WITH_OPENSSL)
+SET(HAVE_OPENSSL 1)
IF(GMIME2_VERSION VERSION_GREATER "2.4.0" OR NOT GMIME2_VERSION)
SET(GMIME24 1)
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/evp.h>
+#include <openssl/ssl.h>
#endif
#ifdef HAVE_TERMIOS_H
struct rlimit rlim;
struct rspamd_external_libs_ctx *ctx;
struct ottery_config *ottery_cfg;
+ static const char secure_ciphers[] = "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4";
ctx = g_slice_alloc0 (sizeof (*ctx));
ctx->crypto_ctx = rspamd_cryptobox_init ();
OpenSSL_add_all_algorithms ();
OpenSSL_add_all_digests ();
OpenSSL_add_all_ciphers ();
+ SSL_library_init ();
+ SSL_load_error_strings ();
+
+ if (RAND_poll () == 0) {
+ guchar seed[128];
+
+ /* Try to use ottery to seed rand */
+ ottery_rand_bytes (seed, sizeof (seed));
+ RAND_seed (seed, sizeof (seed));
+ rspamd_explicit_memzero (seed, sizeof (seed));
+ }
+
+ ctx->ssl_ctx = SSL_CTX_new (SSLv23_method ());
+ SSL_CTX_set_verify (ctx->ssl_ctx, SSL_VERIFY_PEER, NULL);
+ SSL_CTX_set_verify_depth (ctx->ssl_ctx, 4);
+ SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_COMPRESSION);
+ /* Default settings */
+ SSL_CTX_set_cipher_list (ctx->ssl_ctx, secure_ciphers);
#endif
g_random_set_seed (ottery_rand_uint32 ());
#ifdef HAVE_OPENSSL
EVP_cleanup ();
ERR_free_strings ();
+ SSL_CTX_free (ctx->ssl_ctx);
#endif
rspamd_inet_library_destroy ();
}
#include "libserver/events.h"
#include "libserver/roll_history.h"
#include "libserver/task.h"
+#include <openssl/ssl.h>
#include <magic.h>
void **local_addrs;
struct rspamd_cryptobox_library_ctx *crypto_ctx;
struct ottery_config *ottery_cfg;
+ SSL_CTX *ssl_ctx;
ref_entry_t ref;
};