From 5f2a02b34bde67c5461a1ca3e0f41b23829b3a15 Mon Sep 17 00:00:00 2001
From: Mark Janssen -- Sig-I/O Automatisering <mark@sig-io.nl>
Date: Fri, 28 Jun 2019 13:39:49 +0200
Subject: [PATCH] Temporary ugly fix for building with openssl1.0 or 1.1

Use either make -f Makefile.ssl1o or make -f Makefile.ssl11
When using OpenSSL1.0 or 1.1 based systems
---
 Makefile.ssl10 | 105 +++++++++++++++++++++++++++++++++++++++++++++++++
 Makefile.ssl11 | 105 +++++++++++++++++++++++++++++++++++++++++++++++++
 ptstream.c     |   9 +++++
 3 files changed, 219 insertions(+)
 create mode 100644 Makefile.ssl10
 create mode 100644 Makefile.ssl11

diff --git a/Makefile.ssl10 b/Makefile.ssl10
new file mode 100644
index 0000000..6ce3c4a
--- /dev/null
+++ b/Makefile.ssl10
@@ -0,0 +1,105 @@
+# Makefile for proxytunnel
+#
+# Please uncomment the appropriate settings
+
+name = proxytunnel
+version = $(shell awk 'BEGIN { FS="\"" } /^\#define VERSION / { print $$2 }' config.h)
+
+CC ?= cc
+CFLAGS ?= -Wall -O2 -ggdb -DOPENSSL10
+
+# Comment on non-gnu systems
+OPTFLAGS += -DHAVE_GETOPT_LONG
+
+# Comment if you don't have/want ssl
+OPTFLAGS += -DUSE_SSL
+
+# Most systems
+OPTFLAGS += -DSETPROCTITLE -DSPT_TYPE=2
+
+# Comment if you don't have this flag
+OPTFLAGS += -DSO_REUSEPORT
+
+# System dependant blocks... if your system is listed below, uncomment
+# the relevant lines
+
+# OpenBSD
+#OPTFLAGS += -DHAVE_SYS_PSTAT_H
+
+# DARWIN
+#OPTFLAGS += -DDARWIN
+
+# CYGWIN
+#OPTFLAGS += -DCYGWIN
+
+# SOLARIS
+#LDFLAGS += -lsocket -lnsl
+#LDFLAGS += -L/usr/local/ssl/lib	# Path to your SSL lib dir
+
+# END system dependant block
+
+SSL_LIBS := $(shell pkg-config --libs openssl 2>/dev/null)
+ifeq ($(SSL_LIBS),)
+SSL_LIBS := $(shell pkg-config --libs libssl 2>/dev/null)
+endif
+ifeq ($(SSL_LIBS),)
+SSL_LIBS := -lssl -lcrypto
+endif
+LDFLAGS += $(SSL_LIBS)
+
+prefix = /usr/local
+bindir = $(prefix)/bin
+datadir = $(prefix)/share
+mandir = $(datadir)/man
+
+# Remove strlcpy/strlcat on (open)bsd/darwin systems
+OBJ = proxytunnel.o	\
+	base64.o	\
+	strzcat.o	\
+	setproctitle.o	\
+	io.o		\
+	http.o		\
+	basicauth.o	\
+	readpassphrase.o	\
+	messages.o	\
+	cmdline.o	\
+	ntlm.o		\
+	ptstream.o
+
+UNAME = $(shell uname)
+ifneq ($(UNAME),Darwin)
+OBJ += strlcpy.o	\
+	strlcat.o
+endif
+
+.PHONY: all clean docs install
+
+all: proxytunnel
+
+docs:
+	$(MAKE) -C docs
+
+proxytunnel: $(OBJ)
+	$(CC) -o $(name) $(CFLAGS) $(OPTFLAGS) $(OBJ) $(LDFLAGS)
+
+clean:
+	@rm -f $(name) $(OBJ)
+	$(MAKE) -C docs clean
+
+install:
+	install -d $(DESTDIR)$(bindir)
+	install -p -m555 $(name) $(DESTDIR)$(bindir)
+	$(MAKE) -C docs install
+
+.c.o:
+	$(CC) $(CFLAGS) $(OPTFLAGS) -c -o $@ $<
+
+dist: clean docs
+	sed -i -e 's/^Version:.*$$/Version: $(version)/' contrib/proxytunnel.spec
+	find . ! -wholename '*/.svn*' | pax -d -w -x ustar -s ,^./,$(name)-$(version)/, | bzip2 >../$(name)-$(version).tar.bz2
+
+rpm: dist
+	rpmbuild -tb --clean --rmsource --rmspec --define "_rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" --define "_rpmdir ../" ../$(name)-$(version).tar.bz2
+
+srpm: dist
+	rpmbuild -ts --clean --rmsource --rmspec --define "_rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" --define "_srcrpmdir ../" ../$(name)-$(version).tar.bz2
diff --git a/Makefile.ssl11 b/Makefile.ssl11
new file mode 100644
index 0000000..ad3d599
--- /dev/null
+++ b/Makefile.ssl11
@@ -0,0 +1,105 @@
+# Makefile for proxytunnel
+#
+# Please uncomment the appropriate settings
+
+name = proxytunnel
+version = $(shell awk 'BEGIN { FS="\"" } /^\#define VERSION / { print $$2 }' config.h)
+
+CC ?= cc
+CFLAGS ?= -Wall -O2 -ggdb -DOPENSSL11
+
+# Comment on non-gnu systems
+OPTFLAGS += -DHAVE_GETOPT_LONG
+
+# Comment if you don't have/want ssl
+OPTFLAGS += -DUSE_SSL
+
+# Most systems
+OPTFLAGS += -DSETPROCTITLE -DSPT_TYPE=2
+
+# Comment if you don't have this flag
+OPTFLAGS += -DSO_REUSEPORT
+
+# System dependant blocks... if your system is listed below, uncomment
+# the relevant lines
+
+# OpenBSD
+#OPTFLAGS += -DHAVE_SYS_PSTAT_H
+
+# DARWIN
+#OPTFLAGS += -DDARWIN
+
+# CYGWIN
+#OPTFLAGS += -DCYGWIN
+
+# SOLARIS
+#LDFLAGS += -lsocket -lnsl
+#LDFLAGS += -L/usr/local/ssl/lib	# Path to your SSL lib dir
+
+# END system dependant block
+
+SSL_LIBS := $(shell pkg-config --libs openssl 2>/dev/null)
+ifeq ($(SSL_LIBS),)
+SSL_LIBS := $(shell pkg-config --libs libssl 2>/dev/null)
+endif
+ifeq ($(SSL_LIBS),)
+SSL_LIBS := -lssl -lcrypto
+endif
+LDFLAGS += $(SSL_LIBS)
+
+prefix = /usr/local
+bindir = $(prefix)/bin
+datadir = $(prefix)/share
+mandir = $(datadir)/man
+
+# Remove strlcpy/strlcat on (open)bsd/darwin systems
+OBJ = proxytunnel.o	\
+	base64.o	\
+	strzcat.o	\
+	setproctitle.o	\
+	io.o		\
+	http.o		\
+	basicauth.o	\
+	readpassphrase.o	\
+	messages.o	\
+	cmdline.o	\
+	ntlm.o		\
+	ptstream.o
+
+UNAME = $(shell uname)
+ifneq ($(UNAME),Darwin)
+OBJ += strlcpy.o	\
+	strlcat.o
+endif
+
+.PHONY: all clean docs install
+
+all: proxytunnel
+
+docs:
+	$(MAKE) -C docs
+
+proxytunnel: $(OBJ)
+	$(CC) -o $(name) $(CFLAGS) $(OPTFLAGS) $(OBJ) $(LDFLAGS)
+
+clean:
+	@rm -f $(name) $(OBJ)
+	$(MAKE) -C docs clean
+
+install:
+	install -d $(DESTDIR)$(bindir)
+	install -p -m555 $(name) $(DESTDIR)$(bindir)
+	$(MAKE) -C docs install
+
+.c.o:
+	$(CC) $(CFLAGS) $(OPTFLAGS) -c -o $@ $<
+
+dist: clean docs
+	sed -i -e 's/^Version:.*$$/Version: $(version)/' contrib/proxytunnel.spec
+	find . ! -wholename '*/.svn*' | pax -d -w -x ustar -s ,^./,$(name)-$(version)/, | bzip2 >../$(name)-$(version).tar.bz2
+
+rpm: dist
+	rpmbuild -tb --clean --rmsource --rmspec --define "_rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" --define "_rpmdir ../" ../$(name)-$(version).tar.bz2
+
+srpm: dist
+	rpmbuild -ts --clean --rmsource --rmspec --define "_rpmfilename %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" --define "_srcrpmdir ../" ../$(name)-$(version).tar.bz2
diff --git a/ptstream.c b/ptstream.c
index bf3995f..4edfe30 100644
--- a/ptstream.c
+++ b/ptstream.c
@@ -208,7 +208,12 @@ int check_cert_names(X509 *cert, char *peer_host) {
 		for (i = 0; i < san_count; i++) {
 			gn = sk_GENERAL_NAME_value(gen_names, i);
 			if (gn->type == GEN_DNS && !(peer_host_is_ipv4 || peer_host_is_ipv6)) {
+#ifdef OPENSSL11
 				if (check_cert_valid_host((char*)ASN1_STRING_get0_data(gn->d.ia5), peer_host)) {
+#else
+				if (check_cert_valid_host((char*)ASN1_STRING_data(gn->d.ia5), peer_host)) {
+
+#endif
 					return 1;
 				}
 			} else if (gn->type == GEN_IPADD) {
@@ -254,7 +259,11 @@ int stream_enable_ssl(PTSTREAM *pts, const char *proxy_arg) {
 	/* Initialise the connection */
 	SSLeay_add_ssl_algorithms();
 	if (args_info.enforcetls1_flag) {
+#ifdef OPENSSL11
 		meth = TLS_client_method();
+#else
+		meth = TLSv1_client_method();
+#endif
 	} else {
 		meth = SSLv23_client_method();
 	}