From 99bd3d2b167ccdffb6de072d02c380cb37b23e33 Mon Sep 17 00:00:00 2001
From: Andre Heider <a.heider@gmail.com>
Date: Tue, 21 Feb 2023 12:44:16 +0100
Subject: [PATCH] ustream-openssl: fix compilation with OPENSSL_NO_DEPRECATED

SSL_get_peer_certificate() is deprecated, OpenSSL v3.0 added
SSL_get0_peer_certificate() and SSL_get1_peer_certificate().

Use the latter since the return value is explicitely X509_free()ed
here, see [0].

WolfSSL doesn't implement the new variants.

[0] https://www.openssl.org/docs/manmaster/man3/SSL_get_peer_certificate.html

Signed-off-by: Andre Heider <a.heider@gmail.com>
---
 ustream-openssl.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ustream-openssl.c b/ustream-openssl.c
index b080081..b357ebc 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -301,7 +301,11 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
 		return;
 	}
 
+#if defined(HAVE_WOLFSSL)
 	cert = SSL_get_peer_certificate(ssl);
+#else
+	cert = SSL_get1_peer_certificate(ssl);
+#endif
 	if (!cert)
 		return;
 
-- 
2.30.2