Ubuntu Oneiric: OpenSSL w/o SSLv2, bsd/libutil.h, unused vars

CHANGES

@@ -98,6 +98,9 @@ porting:
 	fixed sa_family_t compile error on DragonFly. Thanks to Tony Young for
 	reporting this issue and sending a patch.
 
+	Ubuntu Oneiric: OpenSSL no longer provides SSLv2 functions; libutil.sh
+	is now bsd/libutil.h; compiler warns on vars that is only written to
+
 new features: 
 	added option max-children that limits the number of concurrent child
 	processes. Thanks to Sam Liddicott for providing the patch.

config.h.in

@@ -263,6 +263,9 @@
 /* Define if you have the <util.h> header file. (NetBSD, OpenBSD: openpty()) */
 #undef HAVE_UTIL_H
 
+/* Define if you have the <bsd/libutil.h> header file. */
+#undef HAVE_BSD_LIBUTIL_H
+
 /* Define if you have the <libutil.h> header file. (FreeBSD: openpty()) */
 #undef HAVE_LIBUTIL_H
 
@@ -382,6 +385,12 @@
 /* Define if you have the unsetenv function. not on HP-UX */
 #undef HAVE_UNSETENV
 
+/* Define if you have the SSLv2_client_method function. not in new openssl */
+#undef HAVE_SSLv2_client_method
+
+/* Define if you have the SSLv2_server_method function. not in new openssl */
+#undef HAVE_SSLv2_server_method
+
 /* Define if you have the flock function */
 #undef HAVE_FLOCK
 

configure.in

@@ -77,7 +77,7 @@ AC_CHECK_HEADERS(termios.h linux/if_tun.h)
 AC_CHECK_HEADERS(net/if_dl.h)
 AC_CHECK_HEADERS(linux/types.h linux/errqueue.h)
 AC_CHECK_HEADERS(sys/utsname.h sys/select.h sys/file.h)
-AC_CHECK_HEADERS(util.h libutil.h sys/stropts.h regex.h)
+AC_CHECK_HEADERS(util.h bsd/libutil.h libutil.h sys/stropts.h regex.h)
 AC_CHECK_HEADERS(linux/fs.h linux/ext2_fs.h)
 
 dnl Checks for setgrent, getgrent and endgrent.
@@ -537,12 +537,12 @@ fi
 
 # check for fips support
 AC_MSG_CHECKING(whether to include openssl fips support)
-AC_ARG_ENABLE(fips, [  --disable-fips          disable OpenSSL FIPS support],
+AC_ARG_ENABLE(fips, [  --enable-fips          enable OpenSSL FIPS support],
   [ case "$enableval" in
-    no) AC_MSG_RESULT(no); WITH_FIPS= ;;
-    *) AC_MSG_RESULT(yes); WITH_FIPS=1 ;;
+    yes) AC_MSG_RESULT(yes); WITH_FIPS=1 ;;
+    *) AC_MSG_RESULT(no); WITH_FIPS= ;;
    esac],
-   [ AC_MSG_RESULT(yes);   WITH_FIPS=1 ])
+   [ AC_MSG_RESULT(no);   WITH_FIPS= ])
 
 if test -n "$WITH_FIPS"; then
   if test -n "$WITH_OPENSSL"; then
@@ -1274,6 +1274,10 @@ AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV),
 dnl Search for unsetenv()
 AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV))
 
+dnl Search for SSLv2_client_method, SSLv2_server_method
+AC_CHECK_FUNC(SSLv3_client_method, AC_DEFINE(HAVE_SSLv3_client_method), AC_CHECK_LIB(crypt, SSLv3_client_method, [LIBS=-lcrypt $LIBS]))
+AC_CHECK_FUNC(SSLv2_server_method, AC_DEFINE(HAVE_SSLv2_server_method), AC_CHECK_LIB(crypt, SSLv2_server_method, [LIBS=-lcrypt $LIBS]))
+
 
 dnl Run time checks
 

fdname.c

@@ -1,5 +1,5 @@
 /* source: fdname.c */
-/* Copyright Gerhard Rieger 2003-2008 */
+/* Copyright Gerhard Rieger 2003-2011 */
 /* Published under the GNU General Public License V.2, see file COPYING */
 
 /* the subroutine sockname prints the basic info about the address of a socket
@@ -103,7 +103,6 @@ static int procgetfdname(int fd, char *filepath, size_t pathsize) {
    
 int statname(const char *file, int fd, int filetype, FILE *outfile) {
    char filepath[PATH_MAX];
-   int result;
 
    filepath[0] = '\0';
 #if HAVE_PROC_DIR_FD
@@ -144,7 +143,7 @@ int statname(const char *file, int fd, int filetype, FILE *outfile) {
    case (S_IFSOCK>>12): /* 12, socket */
 #if _WITH_SOCKET
       if (fd >= 0) {
-	 result = sockname(fd, outfile);
+	 sockname(fd, outfile);
       } else if (file) {
 	 fprintf(outfile, "socket %s", file);
       } else {

filan.c

@@ -215,7 +215,6 @@ int filan_stat(
 #endif /* !HAVE_STAT64 */
 	       , int statfd, int dynfd, FILE *outfile) {
    char stdevstr[8];
-   int result;
 
    /* print header */
    if (!headprinted) {
@@ -374,7 +373,7 @@ int filan_stat(
    case (S_IFIFO):	/* 1, FIFO */
       break;
    case (S_IFCHR):	/* 2, character device */
-      result = cdevan(statfd, outfile);
+      cdevan(statfd, outfile);
       break;
    case (S_IFDIR):	/* 4, directory */
       break;
@@ -387,7 +386,7 @@ int filan_stat(
 #ifdef S_IFSOCK
    case (S_IFSOCK): /* 12, socket */
 #if _WITH_SOCKET
-      result = sockan(statfd, outfile);
+      sockan(statfd, outfile);
 #else
       Warn("SOCKET support not compiled in");
       return -1;

sslcls.c

@@ -1,5 +1,5 @@
 /* source: sslcls.c */
-/* Copyright Gerhard Rieger 2001-2010 */
+/* Copyright Gerhard Rieger 2001-2011 */
 /* Published under the GNU General Public License V.2, see file COPYING */
 
 /* explicit system call and C library trace function, for those who miss strace
@@ -35,71 +35,75 @@ int sycSSL_library_init(void) {
    return result;
 }
 
-SSL_METHOD *sycSSLv2_client_method(void) {
-   SSL_METHOD *result;
+#if HAVE_SSLv2_client_method
+const SSL_METHOD *sycSSLv2_client_method(void) {
+   const SSL_METHOD *result;
    Debug("SSLv2_client_method()");
    result = SSLv2_client_method();
    Debug1("SSLv2_client_method() -> %p", result);
    return result;
 }
+#endif
 
-SSL_METHOD *sycSSLv2_server_method(void) {
-   SSL_METHOD *result;
+#if HAVE_SSLv2_server_method
+const SSL_METHOD *sycSSLv2_server_method(void) {
+   const SSL_METHOD *result;
    Debug("SSLv2_server_method()");
    result = SSLv2_server_method();
    Debug1("SSLv2_server_method() -> %p", result);
    return result;
 }
+#endif
 
-SSL_METHOD *sycSSLv3_client_method(void) {
-   SSL_METHOD *result;
+const SSL_METHOD *sycSSLv3_client_method(void) {
+   const SSL_METHOD *result;
    Debug("SSLv3_client_method()");
    result = SSLv3_client_method();
    Debug1("SSLv3_client_method() -> %p", result);
    return result;
 }
 
-SSL_METHOD *sycSSLv3_server_method(void) {
-   SSL_METHOD *result;
+const SSL_METHOD *sycSSLv3_server_method(void) {
+   const SSL_METHOD *result;
    Debug("SSLv3_server_method()");
    result = SSLv3_server_method();
    Debug1("SSLv3_server_method() -> %p", result);
    return result;
 }
 
-SSL_METHOD *sycSSLv23_client_method(void) {
-   SSL_METHOD *result;
+const SSL_METHOD *sycSSLv23_client_method(void) {
+   const SSL_METHOD *result;
    Debug("SSLv23_client_method()");
    result = SSLv23_client_method();
    Debug1("SSLv23_client_method() -> %p", result);
    return result;
 }
 
-SSL_METHOD *sycSSLv23_server_method(void) {
-   SSL_METHOD *result;
+const SSL_METHOD *sycSSLv23_server_method(void) {
+   const SSL_METHOD *result;
    Debug("SSLv23_server_method()");
    result = SSLv23_server_method();
    Debug1("SSLv23_server_method() -> %p", result);
    return result;
 }
 
-SSL_METHOD *sycTLSv1_client_method(void) {
-   SSL_METHOD *result;
+const SSL_METHOD *sycTLSv1_client_method(void) {
+   const SSL_METHOD *result;
    Debug("TLSv1_client_method()");
    result = TLSv1_client_method();
    Debug1("TLSv1_client_method() -> %p", result);
    return result;
 }
 
-SSL_METHOD *sycTLSv1_server_method(void) {
-   SSL_METHOD *result;
+const SSL_METHOD *sycTLSv1_server_method(void) {
+   const SSL_METHOD *result;
    Debug("TLSv1_server_method()");
    result = TLSv1_server_method();
    Debug1("TLSv1_server_method() -> %p", result);
    return result;
 }
 
-SSL_CTX *sycSSL_CTX_new(SSL_METHOD *method) {
+SSL_CTX *sycSSL_CTX_new(const SSL_METHOD *method) {
    SSL_CTX *result;
    Debug1("SSL_CTX_new(%p)", method);
    result = SSL_CTX_new(method);

sslcls.h

@@ -1,5 +1,5 @@
 /* source: sslcls.h */
-/* Copyright Gerhard Rieger 2001-2010 */
+/* Copyright Gerhard Rieger 2001-2011 */
 /* Published under the GNU General Public License V.2, see file COPYING */
 
 #ifndef __sslcls_h_included
@@ -10,15 +10,15 @@
 
 void sycSSL_load_error_strings(void);
 int sycSSL_library_init(void);
-SSL_METHOD *sycSSLv2_client_method(void);
-SSL_METHOD *sycSSLv2_server_method(void);
-SSL_METHOD *sycSSLv3_client_method(void);
-SSL_METHOD *sycSSLv3_server_method(void);
-SSL_METHOD *sycSSLv23_client_method(void);
-SSL_METHOD *sycSSLv23_server_method(void);
-SSL_METHOD *sycTLSv1_client_method(void);
-SSL_METHOD *sycTLSv1_server_method(void);
-SSL_CTX *sycSSL_CTX_new(SSL_METHOD *method);
+const SSL_METHOD *sycSSLv2_client_method(void);
+const SSL_METHOD *sycSSLv2_server_method(void);
+const SSL_METHOD *sycSSLv3_client_method(void);
+const SSL_METHOD *sycSSLv3_server_method(void);
+const SSL_METHOD *sycSSLv23_client_method(void);
+const SSL_METHOD *sycSSLv23_server_method(void);
+const SSL_METHOD *sycTLSv1_client_method(void);
+const SSL_METHOD *sycTLSv1_server_method(void);
+SSL_CTX *sycSSL_CTX_new(const SSL_METHOD *method);
 SSL *sycSSL_new(SSL_CTX *ctx);
 int sycSSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
 				     const char *CApath);

sysincludes.h

@@ -149,7 +149,9 @@
 #if HAVE_UTIL_H
 #include <util.h>		/* NetBSD, OpenBSD openpty() */
 #endif
-#if HAVE_LIBUTIL_H
+#if HAVE_BSD_LIBUTIL_H
+#include <bsd/libutil.h>	/* FreeBSD openpty() */
+#elif HAVE_LIBUTIL_H
 #include <libutil.h>		/* FreeBSD openpty() */
 #endif
 #if HAVE_SYS_STROPTS_H

test.sh

@@ -1744,6 +1744,8 @@ runstcp4 () {
     pid=$!
     usleep $MICROS
     kill "$pid" 2>/dev/null
+    wait
+    usleep $MICROS
     test ! -s "$td/tcp4.stderr"
 }
 
@@ -1753,8 +1755,9 @@ runstcp6 () {
 #    PORT="$1"
     $SOCAT /dev/null TCP6-LISTEN:$PORT 2>"$td/tcp6.stderr" &
     pid=$!
-    usleep $MICROS
     kill "$pid" 2>/dev/null
+    wait
+    usleep $MICROS
     test ! -s "$td/tcp6.stderr"
 }
 
@@ -1766,6 +1769,8 @@ runsudp4 () {
     pid=$!
     usleep $MICROS
     kill "$pid" 2>/dev/null
+    wait
+    usleep $MICROS
     test ! -s "$td/udp4.stderr"
 }
 
@@ -1777,6 +1782,8 @@ runsudp6 () {
     pid=$!
     usleep $MICROS
     kill "$pid" 2>/dev/null
+    wait
+    usleep $MICROS
     test ! -s "$td/udp6.stderr"
 }
 
@@ -1787,6 +1794,8 @@ runssctp4 () {
     pid=$!
     usleep $MICROS
     kill "$pid" 2>/dev/null
+    wait
+    usleep $MICROS
     test ! -s "$td/sctp4.stderr"
 }
 
@@ -1797,6 +1806,8 @@ runssctp6 () {
     pid=$!
     usleep $MICROS
     kill "$pid" 2>/dev/null
+    wait
+    usleep $MICROS
     test ! -s "$td/sctp6.stderr"
 }
 
@@ -3867,7 +3878,7 @@ TEST="$NAME: $TESTKEYW half close"
 # have a "peer" socat "peer" that executes "$OD_C" and see if EOF on the
 # connecting socat  brings the result of od
 if ! eval $NUMCOND; then :;
-elif [ "$FEAT" != ';' -a ! testaddrs "$FEAT" >/dev/null; then
+elif [ "$FEAT" != ',' ] && ! testaddrs "$FEAT" >/dev/null; then
     $PRINTF "test $F_n $TEST... ${YELLOW}$FEAT not available${NORMAL}\n" $N
     numCANT=$((numCANT+1))
 elif ! runs$RUNS; then

xio-exec.c

@@ -1,5 +1,5 @@
 /* source: xio-exec.c */
-/* Copyright Gerhard Rieger 2001-2008 */
+/* Copyright Gerhard Rieger 2001-2011 */
 /* Published under the GNU General Public License V.2, see file COPYING */
 
 /* this file contains the source for opening addresses of exec type */
@@ -54,7 +54,7 @@ static int xioopen_exec(int argc, const char *argv[], struct opt *opts,
 	 NULL
       } ;
       char **pargv = NULL;
-      int pargc, i;
+      int pargc;
       size_t len;
       const char *strp;
       char *token; /*! */
@@ -62,14 +62,12 @@ static int xioopen_exec(int argc, const char *argv[], struct opt *opts,
       char *path = NULL;
       char *tmp;
       int numleft;
-      int result;
 
       /*! Close(something) */
       /* parse command line */
       Debug1("child: args = \"%s\"", argv[1]);
       pargv = Malloc(8*sizeof(char *));
       if (pargv == NULL)  return STAT_RETRYLATER;
-      i = 0;
       len = strlen(argv[1])+1;
       strp = argv[1];
       token = Malloc(len); /*! */
@@ -125,7 +123,7 @@ static int xioopen_exec(int argc, const char *argv[], struct opt *opts,
 	 Dup2(duptostderr, 2);
       }
       Notice1("execvp'ing \"%s\"", token);
-      result = Execvp(token, pargv);
+      Execvp(token, pargv);
       /* here we come only if execvp() failed */
       switch (pargc) {
       case 1: Error3("execvp(\"%s\", \"%s\"): %s", token, pargv[0], strerror(errno)); break; 

xio-listen.c

@@ -54,13 +54,7 @@ int
 	 successful establishment of tcp connection */
       result = _xioopen_listen(xfd, xioflags,
 			       (struct sockaddr *)us, uslen,
-			       opts, pf, socktype, proto,
-#if WITH_RETRY
-			       (xfd->retry||xfd->forever)?E_INFO:E_ERROR
-#else
-			       E_ERROR
-#endif /* WITH_RETRY */
-			       );
+			       opts, pf, socktype, proto, level);
 	 /*! not sure if we should try again on retry/forever */
       switch (result) {
       case STAT_OK: break;

xio-named.c

@@ -1,5 +1,5 @@
 /* source: xio-named.c */
-/* Copyright Gerhard Rieger 2001-2008 */
+/* Copyright Gerhard Rieger 2001-2011 */
 /* Published under the GNU General Public License V.2, see file COPYING */
 
 /* this file contains the source for filesystem entry functions */
@@ -96,7 +96,6 @@ int _xioopen_named_early(int argc, const char *argv[], xiofile_t *xfd,
 			 int groups,
 		      bool *exists, struct opt *opts) {
    const char *path = argv[1];
-   unsigned int iogroups = 0;
 #if HAVE_STAT64
    struct stat64 statbuf;
 #else
@@ -120,10 +119,8 @@ int _xioopen_named_early(int argc, const char *argv[], xiofile_t *xfd,
 	 Error2("stat(\"%s\"): %s", path, strerror(errno));
 	    return STAT_RETRYLATER;
       }
-      iogroups = GROUP_REG;
       *exists = false;
    } else {
-      iogroups = _groupbits(statbuf.st_mode);
       *exists = true;
    }
 
@@ -135,7 +132,6 @@ int _xioopen_named_early(int argc, const char *argv[], xiofile_t *xfd,
       Info1("\"%s\" already exists; removing it", path);
       if (Unlink(path) < 0) {
 	 Error2("unlink(\"%s\"): %s", path, strerror(errno));
-	 *exists = true;
       } else {
 	 *exists = false;
       }

xio-openssl.c

@@ -690,7 +690,7 @@ int
 			    SSL_CTX **ctx)
 {
    bool opt_fips = false;
-   SSL_METHOD *method;
+   const SSL_METHOD *method;
    char *me_str = NULL;	/* method string */
    char *ci_str = NULL;	/* cipher string */
    char *opt_key  = NULL;	/* file name of client private key */
@@ -747,8 +747,14 @@ int
    if (!server) {
       if (me_str != 0) {
 	 if (!strcasecmp(me_str, "SSLv2") || !strcasecmp(me_str, "SSL2")) {
+#if HAVE_SSLv2_client_method
 	    method = sycSSLv2_client_method();
-	 } else if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) {
+#else
+	    Error1("OpenSSL method \"%s\" not provided by library", me_str);
+	    method = sycSSLv23_server_method();
+#endif
+	 } else
+	 if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) {
 	    method = sycSSLv3_client_method();
 	 } else if (!strcasecmp(me_str, "SSLv23") || !strcasecmp(me_str, "SSL23") ||
 		    !strcasecmp(me_str, "SSL")) {
@@ -758,16 +764,22 @@ int
 	    method = sycTLSv1_client_method();
 	 } else {
 	    Error1("openssl-method=\"%s\": unknown method", me_str);
-	    method = sycSSLv23_client_method()/*!*/;
+	    method = sycSSLv23_client_method();
 	 }
       } else {
-	 method = sycSSLv23_client_method()/*!*/;
+	 method = sycSSLv23_client_method();
       }
    } else /* server */ {
       if (me_str != 0) {
 	 if (!strcasecmp(me_str, "SSLv2") || !strcasecmp(me_str, "SSL2")) {
+#if HAVE_SSLv2_server_method
 	    method = sycSSLv2_server_method();
-	 } else if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) {
+#else
+	    Error1("OpenSSL method \"%s\" not provided by library", me_str);
+	    method = sycSSLv23_server_method();
+#endif
+	 } else
+	 if (!strcasecmp(me_str, "SSLv3") || !strcasecmp(me_str, "SSL3")) {
 	    method = sycSSLv3_server_method();
 	 } else if (!strcasecmp(me_str, "SSLv23") || !strcasecmp(me_str, "SSL23") ||
 		    !strcasecmp(me_str, "SSL")) {
@@ -777,10 +789,10 @@ int
 	    method = sycTLSv1_server_method();
 	 } else {
 	    Error1("openssl-method=\"%s\": unknown method", me_str);
-	    method = sycSSLv23_server_method()/*!*/;
+	    method = sycSSLv23_server_method();
 	 }
       } else {
-	 method = sycSSLv23_server_method()/*!*/;
+	 method = sycSSLv23_server_method();
       }
    }
 

xio-socket.c

@@ -736,7 +736,6 @@ int _xioopen_connect(struct single *xfd, struct sockaddr *us, size_t uslen,
       union sockaddr_union sin, *sinp;
       unsigned short *port, i, N;
       div_t dv;
-      bool problem;
 
       /* prepare sockaddr for bind probing */
       if (us) {
@@ -784,7 +783,6 @@ int _xioopen_connect(struct single *xfd, struct sockaddr *us, size_t uslen,
       }
       dv = div(random(), IPPORT_RESERVED-XIO_IPPORT_LOWER);
       i = N = XIO_IPPORT_LOWER + dv.rem;
-      problem = false;
       do {	/* loop over lowport bind() attempts */
 	 *port = htons(i);
 	 if (Bind(xfd->fd, (struct sockaddr *)sinp, sizeof(*sinp)) < 0) {
@@ -1187,7 +1185,6 @@ int _xioopen_dgram_recvfrom(struct single *xfd, int xioflags,
 			  struct opt *opts,
 			  int pf, int socktype, int proto, int level) {
    char *rangename;
-   socklen_t salen;
    bool dofork = false;
    pid_t pid;	/* mostly int; only used with fork */
    char infobuff[256];
@@ -1312,7 +1309,6 @@ int _xioopen_dgram_recvfrom(struct single *xfd, int xioflags,
       struct msghdr msgh = {0};
 
       socket_init(pf, pa);
-      salen = sizeof(struct sockaddr);
 
       if (drop) {
 	 char *dummy[2];

xio-udp.c

@@ -462,7 +462,6 @@ int xioopen_udp_recvfrom(int argc, const char *argv[], struct opt *opts,
 		     int pf, int socktype, int ipproto) {
    union sockaddr_union us;
    socklen_t uslen = sizeof(us);
-   bool needbind = false;
    int result;
 
    if (argc != 2) {
@@ -510,7 +509,6 @@ int xioopen_udp_recvfrom(int argc, const char *argv[], struct opt *opts,
 	 case PF_INET6: us.ip6.sin6_addr = la.ip6.sin6_addr; break;
 #endif
 	 }
-	 needbind = true;
       }
    }
 

xioopts.c

@@ -2828,7 +2828,7 @@ int retropt_bind(struct opt *opts,
    const char portsep[] = ":";
    const char *ends[] = { portsep, NULL };
    const char *nests[] = { "[", "]", NULL };
-   bool addrallowed, portallowed;
+   bool portallowed;
    char *bindname, *bindp;
    char hostname[512], *hostp = hostname, *portp = NULL;
    size_t hostlen = sizeof(hostname)-1;
@@ -2864,7 +2864,6 @@ int retropt_bind(struct opt *opts,
 #if WITH_IP6
    case AF_INET6:
 #endif /*WITH_IP6 */
-      addrallowed = true;
       portallowed = (feats>=2);
       nestlex((const char **)&bindp, &hostp, &hostlen, ends, NULL, NULL, nests,
 	      true, false, false);