Date: Thu, 25 May 2023 09:49:42 -0700 From: John Baldwin <jhb@FreeBSD.org> To: Ed Maste <emaste@FreeBSD.org>, src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 01aee8c92d93 - main - libfetch: do not call deprecated OpenSSL functions Message-ID: <cc8665ad-0a4b-565b-38fa-3b932dbb6784@FreeBSD.org> In-Reply-To: <202305251622.34PGM6mN060353@gitrepo.freebsd.org> References: <202305251622.34PGM6mN060353@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/25/23 9:22 AM, Ed Maste wrote: > The branch main has been updated by emaste: > > URL: https://cgit.FreeBSD.org/src/commit/?id=01aee8c92d936470c44821736e0d9e11ed7ce812 > > commit 01aee8c92d936470c44821736e0d9e11ed7ce812 > Author: Ed Maste <emaste@FreeBSD.org> > AuthorDate: 2023-05-25 15:24:48 +0000 > Commit: Ed Maste <emaste@FreeBSD.org> > CommitDate: 2023-05-25 16:20:15 +0000 > > libfetch: do not call deprecated OpenSSL functions > > As of OpenSSL 1.1 SSL_library_init() and SSL_load_error_strings() are > deprecated. There are replacement initialization functions but they do > not need to be called: "As of version 1.1.0 OpenSSL will automatically > allocate all resources that it needs so no explicit initialisation is > required." > > Wrap both calls in an OPENSSL_VERSION_NUMBER block. > > PR: 271615 > Reviewed by: Pierre Pronchery <pierre@freebsdfoundation.org> > Event: Kitchener-Waterloo Hackathon 202305 > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D40265 > --- > lib/libfetch/common.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c > index 7bf487b0db1d..f2122d7f45c9 100644 > --- a/lib/libfetch/common.c > +++ b/lib/libfetch/common.c > @@ -1204,6 +1204,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) > X509_NAME *name; > char *str; > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > /* Init the SSL library and context */ > if (!SSL_library_init()){ > fprintf(stderr, "SSL library init failed\n"); > @@ -1211,6 +1212,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) > } > > SSL_load_error_strings(); > +#endif Should we just remove this code outright? I don't think there's any value in supporting pre-1.1 OpenSSL versions? -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cc8665ad-0a4b-565b-38fa-3b932dbb6784>