From nobody Thu Jun 01 20:45:11 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QXJ6b3vjPz4Z8Hx; Thu, 1 Jun 2023 20:45:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QXJ6b3Pc8z465b; Thu, 1 Jun 2023 20:45:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1685652311; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VNv1XsSQY/SCKE3v1U+yI3REeuLyPS/xNnZJs9FLZSg=; b=Rb/vkxiyzVrc5XMPNA7DYTTBHJ6yoCZkrvuJlHocGbBXQkK7pt+sPdFfouvoQOs8x2qUm4 7qSusD2vv0kvzrmwPeLDViyfoirkMslUqm2YBuqkfMwUliL/f4oUgQy+VqTOHuZC5Z7jMT 3jh/KjdGaZE2XOp6Sdwig7G+pN1M7++JrSGkGmduAgM87aYcOW1WeO5drr3ifh3J+5uu1t lDFoKVyxRd96aAL9lTARpVhBBWy7OgOuffIxgnfqtDwIr7ygLzJualRTf6R90jsTxS/2JY u0x2IT2YJdF8bz3nFKiQ53aDWNy9UAXnrdEPlnqhuYIAcBnWLXecrtdKX7uYvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1685652311; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=VNv1XsSQY/SCKE3v1U+yI3REeuLyPS/xNnZJs9FLZSg=; b=Obw872tGOQoH79qZ8enRTRzg57mNzDg7xOB4i3xh+KSUMUOeHfzYv8tiqlFi2paskgl+2p Q2MbSHD7fClfc1u7DMzWxGd2a92EW3zZaNU1Sohmu3QgwGn8pc9LpLoRc0uQxJiMEsCDEi 6yNf/eI2RW8BIkjkuIDnFQbOQhzWBQamPserHCZt2WZH72JIt3GmsqYlocZyhNISZ3HNDc 4S6qNhTHtmKraOy1j7rTq/IfcVBQp4mFmVFc2c61GGLaU4yKSh77E7rP6Bd1vKpbwNAGu0 4VbATEhnA47aTbrMXC1CzR5qsl3bdeGgrvcbwND24AFMqkKB1Mv5CjD2Xis3Wg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685652311; a=rsa-sha256; cv=none; b=tCrLEHKQ+PVJmBr8wIOP08VceX5FnzXOUriVZ8F6tumRVfKI4mfPWbVvw23+E4dsISQnVI vEzQAX8x7P+NJSruI3SUyKxXJkKkPclqyvf2YDPAEo4uKg5j5+CE8sXZgbxVSbfgEDYbTt tieA7P9X1Ugx/OLyh9UVX/rYf/e33rYgD7qfeDlA0cbFJbN95dMmXoTzwj3HKo1/FXmpQt K0L1BEzGQ11aJHrdmR/fsFFPmDKPfamzsQ8ZVzCrNn36Q3r7ZFL1GeehFDF67yEOGnOtDr K8w4DNXfwY4uifDsL9eAwYW1AgfB1lEPIcqAS0/xts7XeO1gN6J8rlG0z/Tm8g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QXJ6b2TdBzX5n; Thu, 1 Jun 2023 20:45:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 351KjBJJ029452; Thu, 1 Jun 2023 20:45:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 351KjBqm029451; Thu, 1 Jun 2023 20:45:11 GMT (envelope-from git) Date: Thu, 1 Jun 2023 20:45:11 GMT Message-Id: <202306012045.351KjBqm029451@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Rick Macklem Subject: git: 88ea962879be - main - rpc.tls[serv|clnt]d.c: Clean up code for OpenSSL3 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 88ea962879be7f989b263ad6d6686d72d888253a Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=88ea962879be7f989b263ad6d6686d72d888253a commit 88ea962879be7f989b263ad6d6686d72d888253a Author: Rick Macklem AuthorDate: 2023-06-01 20:43:00 +0000 Commit: Rick Macklem CommitDate: 2023-06-01 20:43:00 +0000 rpc.tls[serv|clnt]d.c: Clean up code for OpenSSL3 There were several function calls that are deprecated for OpenSSL1.1.1. These have been removed. There was also a function call deprecated for OpenSSL3 and that one has been #ifdef'd on OPENSSL_VERSION_NUMBER. Reviewed by: emaste, ngie Differential Revision: https://reviews.freebsd.org/D40275 --- usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c | 10 ++++------ usr.sbin/rpc.tlsservd/rpc.tlsservd.c | 10 ++++------ 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c index bdb6be6c0222..e6784576982a 100644 --- a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c +++ b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c @@ -299,7 +299,6 @@ main(int argc, char **argv) rpctls_syscall(RPCTLS_SYSC_CLSHUTDOWN, ""); SSL_CTX_free(rpctls_ctx); - EVP_cleanup(); return (0); } @@ -480,17 +479,12 @@ rpctls_setupcl_ssl(void) size_t len, rlen; int ret; - SSL_library_init(); - SSL_load_error_strings(); - OpenSSL_add_all_algorithms(); - ctx = SSL_CTX_new(TLS_client_method()); if (ctx == NULL) { rpctls_verbose_out("rpctls_setupcl_ssl: SSL_CTX_new " "failed\n"); return (NULL); } - SSL_CTX_set_ecdh_auto(ctx, 1); if (rpctls_ciphers != NULL) { /* @@ -686,7 +680,11 @@ rpctls_connect(SSL_CTX *ctx, int s, char *certname, u_int certlen, X509 **certp) return (NULL); } +#if OPENSSL_VERSION_NUMBER >= 0x30000000 + cert = SSL_get1_peer_certificate(ssl); +#else cert = SSL_get_peer_certificate(ssl); +#endif if (cert == NULL) { rpctls_verbose_out("rpctls_connect: get peer" " certificate failed\n"); diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c index 310b6fe6f449..275bc2b9389b 100644 --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c @@ -416,7 +416,6 @@ main(int argc, char **argv) rpctls_svc_run(); SSL_CTX_free(rpctls_ctx); - EVP_cleanup(); return (0); } @@ -652,16 +651,11 @@ rpctls_setup_ssl(const char *certdir) size_t len, rlen; int ret; - SSL_library_init(); - SSL_load_error_strings(); - OpenSSL_add_all_algorithms(); - ctx = SSL_CTX_new(TLS_server_method()); if (ctx == NULL) { rpctls_verbose_out("rpctls_setup_ssl: SSL_CTX_new failed\n"); return (NULL); } - SSL_CTX_set_ecdh_auto(ctx, 1); if (rpctls_ciphers != NULL) { /* @@ -811,7 +805,11 @@ rpctls_server(SSL_CTX *ctx, int s, uint32_t *flags, uint32_t *uidp, SSL_get_cipher(ssl)); } if (rpctls_do_mutual) { +#if OPENSSL_VERSION_NUMBER >= 0x30000000 + cert = SSL_get1_peer_certificate(ssl); +#else cert = SSL_get_peer_certificate(ssl); +#endif if (cert != NULL) { if (!rpctls_verbose) { gethostret = rpctls_gethost(s, sad, hostnam,