getdns: fix compilation with OPENSSL_NO_DEPRECATED
SSL_get_peer_certificate() is deprecated, OpenSSL v3.0 added SSL_get0_peer_certificate() and SSL_get1_peer_certificate(). Use the latter since the return value is explicitely X509_free()ed here, see [0]. [0] https://www.openssl.org/docs/manmaster/man3/SSL_get_peer_certificate.html Signed-off-by: Andre Heider <a.heider@gmail.com>
This commit is contained in:
Andre Heider
Rosen Penev
parent
fe0dc6f48a
commit
2fed4c0895
2 changed files with 21 additions and 1 deletions
|
|
@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=getdns
|
PKG_NAME:=getdns
|
||||||
PKG_VERSION:=1.7.3
|
PKG_VERSION:=1.7.3
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=2
|
||||||
|
|
||||||
PKG_LICENSE:=BSD-3-Clause
|
PKG_LICENSE:=BSD-3-Clause
|
||||||
PKG_LICENSE_FILES:=LICENSE
|
PKG_LICENSE_FILES:=LICENSE
|
||||||
|
|
|
||||||
20
libs/getdns/patches/001-openssl-deprecated.patch
Normal file
20
libs/getdns/patches/001-openssl-deprecated.patch
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
--- a/src/openssl/tls.c
|
||||||
|
+++ b/src/openssl/tls.c
|
||||||
|
@@ -872,7 +872,7 @@ _getdns_tls_x509* _getdns_tls_connection
|
||||||
|
if (!conn || !conn->ssl)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
- return _getdns_tls_x509_new(mfs, SSL_get_peer_certificate(conn->ssl));
|
||||||
|
+ return _getdns_tls_x509_new(mfs, SSL_get1_peer_certificate(conn->ssl));
|
||||||
|
}
|
||||||
|
|
||||||
|
getdns_return_t _getdns_tls_connection_is_session_reused(_getdns_tls_connection* conn)
|
||||||
|
@@ -990,7 +990,7 @@ getdns_return_t _getdns_tls_connection_c
|
||||||
|
#if defined(USE_DANESSL)
|
||||||
|
{
|
||||||
|
getdns_return_t res = GETDNS_RETURN_GOOD;
|
||||||
|
- X509* peer_cert = SSL_get_peer_certificate(conn->ssl);
|
||||||
|
+ X509* peer_cert = SSL_get1_peer_certificate(conn->ssl);
|
||||||
|
if (peer_cert) {
|
||||||
|
if (conn->auth_name[0] &&
|
||||||
|
X509_check_host(peer_cert,
|
||||||
Loading…
Reference in a new issue