OpenSSL 1.1.0 and later use a builtin OID database that conficts with our explicit OID definitions

Attempt to detect OpenSSL verisons prior to 1.1.0, and only add explicit OID definitions for those older versions
pull/1/head
Timothy Pearson 6 years ago
parent 84485fe607
commit bdf74509a3

@ -27,6 +27,7 @@
#include <tqdir.h> #include <tqdir.h>
#include <tqfile.h> #include <tqfile.h>
#include <tqprocess.h>
#include <tqcheckbox.h> #include <tqcheckbox.h>
#include <tdeapplication.h> #include <tdeapplication.h>
@ -5196,6 +5197,47 @@ int LDAPManager::writePAMFiles(LDAPPamConfig pamConfig, TQString *errstr) {
return 0; return 0;
} }
TQString LDAPManager::getOpenSSLVersion() {
TQString output;
int timeout = 0;
int version_end_pos = 0;
TQProcess *opensslproc = new TQProcess;
opensslproc->addArgument("openssl");
opensslproc->addArgument("version");
if (!opensslproc->start()) {
delete opensslproc;
return TQString::null;
}
while (opensslproc->isRunning()) {
if (timeout > 10000) {
opensslproc->kill();
tqApp->processEvents();
delete opensslproc;
return TQString::null;
}
tqApp->processEvents();
usleep(10000);
timeout++;
}
TQByteArray byteOutput = opensslproc->readStdout();
delete opensslproc;
output = byteOutput.data();
output = output.replace("OpenSSL ", "");
version_end_pos = output.find(" ");
if (version_end_pos > 0) {
output.truncate(version_end_pos);
}
return output;
}
int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, TQString *errstr) { int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, TQString *errstr) {
return writeOpenSSLConfigurationFile(realmcfg, LDAPUserInfo(), TQString::fromLatin1(OPENSSL_EXTENSIONS_FILE), TQString::null, TQString::null, TQString::null, TQString::null, errstr); return writeOpenSSLConfigurationFile(realmcfg, LDAPUserInfo(), TQString::fromLatin1(OPENSSL_EXTENSIONS_FILE), TQString::null, TQString::null, TQString::null, TQString::null, errstr);
} }
@ -5206,6 +5248,14 @@ int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUse
crl_url = TQString("URI:file://%1,URI:file://%2").arg(KERBEROS_PKI_CRL_FILE).arg(ca_public_crl_certfile); crl_url = TQString("URI:file://%1,URI:file://%2").arg(KERBEROS_PKI_CRL_FILE).arg(ca_public_crl_certfile);
TQString openssl_version = getOpenSSLVersion();
if (openssl_version.length() < 1) {
if (errstr) {
*errstr = i18n("Could not determine OpenSSL version. Is OpenSSL installed?");
}
return 1;
}
if (caRootKeyFile == "") { if (caRootKeyFile == "") {
caRootKeyFile = KERBEROS_PKI_PEMKEY_FILE; caRootKeyFile = KERBEROS_PKI_PEMKEY_FILE;
} }
@ -5242,12 +5292,14 @@ int LDAPManager::writeOpenSSLConfigurationFile(LDAPRealmConfig realmcfg, LDAPUse
stream << "# This file was automatically generated by TDE\n"; stream << "# This file was automatically generated by TDE\n";
stream << "# All changes will be lost!\n"; stream << "# All changes will be lost!\n";
stream << "\n"; stream << "\n";
if (openssl_version.startsWith("0") || openssl_version.startsWith("1.0")) {
stream << "oid_section = new_oids" << "\n"; stream << "oid_section = new_oids" << "\n";
stream << "\n"; stream << "\n";
stream << "[new_oids]" << "\n"; stream << "[new_oids]" << "\n";
stream << "uid = 0.9.2342.19200300.100.1.1" << "\n"; stream << "uid = 0.9.2342.19200300.100.1.1" << "\n";
stream << "pkkdcekuoid = 1.3.6.1.5.2.3.5" << "\n"; stream << "pkkdcekuoid = 1.3.6.1.5.2.3.5" << "\n";
stream << "\n"; stream << "\n";
}
stream << "[ca]" << "\n"; stream << "[ca]" << "\n";
stream << "default_ca = certificate_authority" << "\n"; stream << "default_ca = certificate_authority" << "\n";
stream << "\n"; stream << "\n";

@ -605,6 +605,7 @@ class LDAPManager : public TQObject {
LDAPMasterReplicationInfo parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo replicationinfo, LDAPMessage* entry); LDAPMasterReplicationInfo parseLDAPMasterReplicationRecord(LDAPMasterReplicationInfo replicationinfo, LDAPMessage* entry);
TQString parseLDAPSyncProvOverlayConfigRecord(LDAPMessage* entry); TQString parseLDAPSyncProvOverlayConfigRecord(LDAPMessage* entry);
bool parseLDAPTDEStringAttribute(LDAPMessage* entry, TQString attribute, TQString& retval); bool parseLDAPTDEStringAttribute(LDAPMessage* entry, TQString attribute, TQString& retval);
static TQString getOpenSSLVersion();
private: private:
TQString m_realm; TQString m_realm;

Loading…
Cancel
Save