Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/libs/getdns/patches/001-openssl-deprecated.patch
Andre Heider 2fed4c0895 getdns: fix compilation with OPENSSL_NO_DEPRECATED 
SSL_get_peer_certificate() is deprecated, OpenSSL v3.0 added
SSL_get0_peer_certificate() and SSL_get1_peer_certificate().

Use the latter since the return value is explicitely X509_free()ed
here, see [0].

[0] https://www.openssl.org/docs/manmaster/man3/SSL_get_peer_certificate.html

Signed-off-by: Andre Heider <a.heider@gmail.com>
2023-05-01 13:36:00 +03:00

20 lines
732 B
Diff
Raw Blame History

--- a/src/openssl/tls.c
+++ b/src/openssl/tls.c
@@ -872,7 +872,7 @@ _getdns_tls_x509* _getdns_tls_connection
if (!conn || !conn->ssl)
return NULL;
- return _getdns_tls_x509_new(mfs, SSL_get_peer_certificate(conn->ssl));
+ return _getdns_tls_x509_new(mfs, SSL_get1_peer_certificate(conn->ssl));
}
getdns_return_t _getdns_tls_connection_is_session_reused(_getdns_tls_connection* conn)
@@ -990,7 +990,7 @@ getdns_return_t _getdns_tls_connection_c
#if defined(USE_DANESSL)
{
getdns_return_t res = GETDNS_RETURN_GOOD;
- X509* peer_cert = SSL_get_peer_certificate(conn->ssl);
+ X509* peer_cert = SSL_get1_peer_certificate(conn->ssl);
if (peer_cert) {
if (conn->auth_name[0] &&
X509_check_host(peer_cert,
Reference in a new issue View git blame Copy permalink