[openssl-users] openssl 1.1 and sendmail

Matt Caswell matt at openssl.org
Mon Jun 27 11:42:45 UTC 2016

On 26/06/16 19:24, Carl Byington wrote:
> I am trying to modify the sendmail 8.16 snapshot to use openssl 1.1, but
> ran into a few issues.
> SSL_CTX_set_tmp_rsa_callback() was used to setup a temporary rsa key. It
> seems we never need to generate temp rsa keys since all the ephemeral
> rsa exchanges were removed. Is that correct?

Yes - these were export grade ciphersuites so they were removed and so
were the associated functions. We should probably add some no-op compat
macros for these.

> x509_vfy.h has:
> # define X509_STORE_set_verify_cb_func(ctx,func)
> ((ctx)->verify_cb=(func))
> which causes a compile error since the X509_STORE structure is opaque.
> Is there a workaround for this?

This was fixed some while ago in commit 7cafbb4bd and is available in
the latest master.


More information about the openssl-users mailing list