ustream-openssl: fix compilation with OPENSSL_NO_DEPRECATED

SSL_get_peer_certificate() is deprecated, OpenSSL v3.0 added
SSL_get0_peer_certificate() and SSL_get1_peer_certificate().

Use the latter since the return value is explicitely X509_free()ed
here, see [0].

WolfSSL doesn't implement the new variants.

[0] https://www.openssl.org/docs/manmaster/man3/SSL_get_peer_certificate.html

Signed-off-by: Andre Heider <a.heider@gmail.com>

diff --git a/ustream-openssl.c b/ustream-openssl.c
index b080081c172ffc14786ef61b8e5c1e197b4e3003..b357ebce150c5e5e250b162f8ad1ec94f8e656e3 100644 (file)
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -301,7 +301,11 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
                return;
        }
 
+#if defined(HAVE_WOLFSSL)
        cert = SSL_get_peer_certificate(ssl);
+#else
+       cert = SSL_get1_peer_certificate(ssl);
+#endif
        if (!cert)
                return;