Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 25 May 2023 16:22:06 GMT
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 01aee8c92d93 - main - libfetch: do not call deprecated OpenSSL functions
Message-ID:  <202305251622.34PGM6mN060353@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=01aee8c92d936470c44821736e0d9e11ed7ce812

commit 01aee8c92d936470c44821736e0d9e11ed7ce812
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-05-25 15:24:48 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-05-25 16:20:15 +0000

    libfetch: do not call deprecated OpenSSL functions
    
    As of OpenSSL 1.1 SSL_library_init() and SSL_load_error_strings() are
    deprecated.  There are replacement initialization functions but they do
    not need to be called: "As of version 1.1.0 OpenSSL will automatically
    allocate all resources that it needs so no explicit initialisation is
    required."
    
    Wrap both calls in an OPENSSL_VERSION_NUMBER block.
    
    PR:             271615
    Reviewed by:    Pierre Pronchery <pierre@freebsdfoundation.org>
    Event:          Kitchener-Waterloo Hackathon 202305
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D40265
---
 lib/libfetch/common.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c
index 7bf487b0db1d..f2122d7f45c9 100644
--- a/lib/libfetch/common.c
+++ b/lib/libfetch/common.c
@@ -1204,6 +1204,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
 	X509_NAME *name;
 	char *str;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	/* Init the SSL library and context */
 	if (!SSL_library_init()){
 		fprintf(stderr, "SSL library init failed\n");
@@ -1211,6 +1212,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
 	}
 
 	SSL_load_error_strings();
+#endif
 
 	conn->ssl_meth = SSLv23_client_method();
 	conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202305251622.34PGM6mN060353>