summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Pearson <kb9vqf@pearsoncomputing.net>2018-07-17 14:52:03 -0500
committerTimothy Pearson <kb9vqf@pearsoncomputing.net>2018-07-17 14:52:03 -0500
commitbdf74509a3bb1b9004c1f53839bbc89344df598f (patch)
treeb03c8179e830e6f5242e0d32d42c99a89821a975
parent84485fe60794570045619ab05f1304dd67ee8f9c (diff)
downloadlibtdeldap-bdf74509.tar.gz
libtdeldap-bdf74509.zip
OpenSSL 1.1.0 and later use a builtin OID database that conficts with our explicit OID definitions
Attempt to detect OpenSSL verisons prior to 1.1.0, and only add explicit OID definitions for those older versions
-rw-r--r--src/libtdeldap.cpp64
-rw-r--r--src/libtdeldap.h1
2 files changed, 59 insertions, 6 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index e3e7fe6..9975717 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -27,6 +27,7 @@
#include <tqdir.h>
#include <tqfile.h>
+#include <tqprocess.h>
#include <tqcheckbox.h>
#include <tdeapplication.h>
@@ -5196,6 +5197,47 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
return 0;
}
+TQString LDAPManager::getOpenSSLVersion() {
+ TQString output;
+ int timeout = 0;
+ int version_end_pos = 0;
+
+ TQProcess *opensslproc = new TQProcess;
+
+ opensslproc->addArgument("openssl");
+ opensslproc->addArgument("version");
+
+ if (!opensslproc->start()) {
+ delete opensslproc;
+ return TQString::null;
+ }
+
+ while (opensslproc->isRunning()) {
+ if (timeout > 10000) {
+ opensslproc->kill();
+ tqApp->processEvents();
+ delete opensslproc;
+ return TQString::null;
+ }
+ tqApp->processEvents();
+ usleep(10000);
+ timeout++;
+ }
+
+ TQByteArray byteOutput = opensslproc->readStdout();
+
+ delete opensslproc;
+
+ output = byteOutput.data();
+ output = output.replace("OpenSSL ", "");
+ version_end_pos = output.find(" ");
+ if (version_end_pos > 0) {
+ output.truncate(version_end_pos);
+ }
+
+ return output;
+}
+
int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, TQString *errstr) {
return writeOpenSSLConfigurationFile(realmcfg, LDAPUserInfo(), TQString::fromLatin1(OPENSSL_EXTENSIONS_FILE), TQString::null, TQString::null, TQString::null, TQString::null, errstr);
}
@@ -5206,6 +5248,14 @@ int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUse
crl_url = TQString("URI:file://%1,URI:file://%2").arg(KERBEROS_PKI_CRL_FILE).arg(ca_public_crl_certfile);
+ TQString openssl_version = getOpenSSLVersion();
+ if (openssl_version.length() < 1) {
+ if (errstr) {
+ *errstr = i18n("Could not determine OpenSSL version. Is OpenSSL installed?");
+ }
+ return 1;
+ }
+
if (caRootKeyFile == "") {
caRootKeyFile = KERBEROS_PKI_PEMKEY_FILE;
}
@@ -5242,12 +5292,14 @@ int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUse
stream << "# This file was automatically generated by TDE\n";
stream << "# All changes will be lost!\n";
stream << "\n";
- stream << "oid_section = new_oids" << "\n";
- stream << "\n";
- stream << "[new_oids]" << "\n";
- stream << "uid = 0.9.2342.19200300.100.1.1" << "\n";
- stream << "pkkdcekuoid = 1.3.6.1.5.2.3.5" << "\n";
- stream << "\n";
+ if (openssl_version.startsWith("0") || openssl_version.startsWith("1.0")) {
+ stream << "oid_section = new_oids" << "\n";
+ stream << "\n";
+ stream << "[new_oids]" << "\n";
+ stream << "uid = 0.9.2342.19200300.100.1.1" << "\n";
+ stream << "pkkdcekuoid = 1.3.6.1.5.2.3.5" << "\n";
+ stream << "\n";
+ }
stream << "[ca]" << "\n";
stream << "default_ca = certificate_authority" << "\n";
stream << "\n";
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index e8515f2..9121c45 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -605,6 +605,7 @@ class LDAPManager : public TQObject {
LDAPMasterReplicationInfo parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo replicationinfo, LDAPMessage* entry);
TQString parseLDAPSyncProvOverlayConfigRecord(LDAPMessage* entry);
bool parseLDAPTDEStringAttribute(LDAPMessage* entry, TQString attribute, TQString& retval);
+ static TQString getOpenSSLVersion();
private:
TQString m_realm;