Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 May 2020 23:18:48 +0000 (UTC)
From:      Rick Macklem <rmacklem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject:   svn commit: r361308 - in projects/nfs-over-tls/usr.sbin: rpctlscd rpctlssd
Message-ID:  <202005202318.04KNIm3i063560@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: rmacklem
Date: Wed May 20 23:18:47 2020
New Revision: 361308
URL: https://svnweb.freebsd.org/changeset/base/361308

Log:
  Fix the daemons so that they use the preferred calls for openssl3
  instead of SSL_CTX_load_verify_locations().
  
  This should not have any semantics change.

Modified:
  projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c
  projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c

Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c
==============================================================================
--- projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c	Wed May 20 22:25:46 2020	(r361307)
+++ projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c	Wed May 20 23:18:47 2020	(r361308)
@@ -538,9 +538,19 @@ rpctls_setupcl_ssl(bool cert)
 				return (NULL);
 			}
 		}
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+		ret = 1;
+		if (rpctls_verify_cafile != NULL)
+			ret = SSL_CTX_load_verify_file(ctx,
+			    rpctls_verify_cafile);
+		if (ret != 0 && rpctls_verify_capath != NULL)
+			ret = SSL_CTX_load_verify_dir(ctx,
+			    rpctls_verify_capath);
+#else
 		ret = SSL_CTX_load_verify_locations(ctx,
 		    rpctls_verify_cafile, rpctls_verify_capath);
-		if (ret != 1) {
+#endif
+		if (ret == 0) {
 			rpctlscd_verbose_out("rpctls_setupcl_ssl: "
 			    "Can't load verify locations\n");
 			SSL_CTX_free(ctx);

Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c
==============================================================================
--- projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c	Wed May 20 22:25:46 2020	(r361307)
+++ projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c	Wed May 20 23:18:47 2020	(r361308)
@@ -604,8 +604,18 @@ rpctls_setup_ssl(const char *certdir)
 					return (NULL);
 				}
 			}
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+			ret = 1;
+			if (rpctls_verify_cafile != NULL)
+				ret = SSL_CTX_load_verify_file(ctx,
+				    rpctls_verify_cafile);
+			if (ret != 0 && rpctls_verify_capath != NULL)
+				ret = SSL_CTX_load_verify_dir(ctx,
+				    rpctls_verify_capath);
+#else
 			ret = SSL_CTX_load_verify_locations(ctx,
 			    rpctls_verify_cafile, rpctls_verify_capath);
+#endif
 			if (ret == 0) {
 				rpctlssd_verbose_out("rpctls_setup_ssl: "
 				    "Can't load verify locations\n");

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005202318.04KNIm3i063560>