git: 88ea962879be - main - rpc.tls[serv|clnt]d.c: Clean up code for OpenSSL3
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 01 Jun 2023 20:45:11 UTC
The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=88ea962879be7f989b263ad6d6686d72d888253a commit 88ea962879be7f989b263ad6d6686d72d888253a Author: Rick Macklem <rmacklem@FreeBSD.org> AuthorDate: 2023-06-01 20:43:00 +0000 Commit: Rick Macklem <rmacklem@FreeBSD.org> CommitDate: 2023-06-01 20:43:00 +0000 rpc.tls[serv|clnt]d.c: Clean up code for OpenSSL3 There were several function calls that are deprecated for OpenSSL1.1.1. These have been removed. There was also a function call deprecated for OpenSSL3 and that one has been #ifdef'd on OPENSSL_VERSION_NUMBER. Reviewed by: emaste, ngie Differential Revision: https://reviews.freebsd.org/D40275 --- usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c | 10 ++++------ usr.sbin/rpc.tlsservd/rpc.tlsservd.c | 10 ++++------ 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c index bdb6be6c0222..e6784576982a 100644 --- a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c +++ b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c @@ -299,7 +299,6 @@ main(int argc, char **argv) rpctls_syscall(RPCTLS_SYSC_CLSHUTDOWN, ""); SSL_CTX_free(rpctls_ctx); - EVP_cleanup(); return (0); } @@ -480,17 +479,12 @@ rpctls_setupcl_ssl(void) size_t len, rlen; int ret; - SSL_library_init(); - SSL_load_error_strings(); - OpenSSL_add_all_algorithms(); - ctx = SSL_CTX_new(TLS_client_method()); if (ctx == NULL) { rpctls_verbose_out("rpctls_setupcl_ssl: SSL_CTX_new " "failed\n"); return (NULL); } - SSL_CTX_set_ecdh_auto(ctx, 1); if (rpctls_ciphers != NULL) { /* @@ -686,7 +680,11 @@ rpctls_connect(SSL_CTX *ctx, int s, char *certname, u_int certlen, X509 **certp) return (NULL); } +#if OPENSSL_VERSION_NUMBER >= 0x30000000 + cert = SSL_get1_peer_certificate(ssl); +#else cert = SSL_get_peer_certificate(ssl); +#endif if (cert == NULL) { rpctls_verbose_out("rpctls_connect: get peer" " certificate failed\n"); diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c index 310b6fe6f449..275bc2b9389b 100644 --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c @@ -416,7 +416,6 @@ main(int argc, char **argv) rpctls_svc_run(); SSL_CTX_free(rpctls_ctx); - EVP_cleanup(); return (0); } @@ -652,16 +651,11 @@ rpctls_setup_ssl(const char *certdir) size_t len, rlen; int ret; - SSL_library_init(); - SSL_load_error_strings(); - OpenSSL_add_all_algorithms(); - ctx = SSL_CTX_new(TLS_server_method()); if (ctx == NULL) { rpctls_verbose_out("rpctls_setup_ssl: SSL_CTX_new failed\n"); return (NULL); } - SSL_CTX_set_ecdh_auto(ctx, 1); if (rpctls_ciphers != NULL) { /* @@ -811,7 +805,11 @@ rpctls_server(SSL_CTX *ctx, int s, uint32_t *flags, uint32_t *uidp, SSL_get_cipher(ssl)); } if (rpctls_do_mutual) { +#if OPENSSL_VERSION_NUMBER >= 0x30000000 + cert = SSL_get1_peer_certificate(ssl); +#else cert = SSL_get_peer_certificate(ssl); +#endif if (cert != NULL) { if (!rpctls_verbose) { gethostret = rpctls_gethost(s, sad, hostnam,