ustream-openssl: fix compilation with OPENSSL_NO_DEPRECATED master
authorAndre Heider <a.heider@gmail.com>
Tue, 21 Feb 2023 11:44:16 +0000 (12:44 +0100)
committerPetr Štetiar <ynezz@true.cz>
Sun, 28 Jul 2024 08:06:21 +0000 (08:06 +0000)
SSL_get_peer_certificate() is deprecated, OpenSSL v3.0 added
SSL_get0_peer_certificate() and SSL_get1_peer_certificate().

Use the latter since the return value is explicitely X509_free()ed
here, see [0].

WolfSSL doesn't implement the new variants.

[0] https://www.openssl.org/docs/manmaster/man3/SSL_get_peer_certificate.html

Signed-off-by: Andre Heider <a.heider@gmail.com>
ustream-openssl.c

index b080081c172ffc14786ef61b8e5c1e197b4e3003..b357ebce150c5e5e250b162f8ad1ec94f8e656e3 100644 (file)
@@ -301,7 +301,11 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
                return;
        }
 
+#if defined(HAVE_WOLFSSL)
        cert = SSL_get_peer_certificate(ssl);
+#else
+       cert = SSL_get1_peer_certificate(ssl);
+#endif
        if (!cert)
                return;