From 2fed4c089598b38d86531087fc41782f27c23c26 Mon Sep 17 00:00:00 2001 From: Andre Heider Date: Tue, 21 Feb 2023 15:54:16 +0100 Subject: [PATCH] getdns: fix compilation with OPENSSL_NO_DEPRECATED SSL_get_peer_certificate() is deprecated, OpenSSL v3.0 added SSL_get0_peer_certificate() and SSL_get1_peer_certificate(). Use the latter since the return value is explicitely X509_free()ed here, see [0]. [0] https://www.openssl.org/docs/manmaster/man3/SSL_get_peer_certificate.html Signed-off-by: Andre Heider --- libs/getdns/Makefile | 2 +- .../patches/001-openssl-deprecated.patch | 20 +++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 libs/getdns/patches/001-openssl-deprecated.patch diff --git a/libs/getdns/Makefile b/libs/getdns/Makefile index 9a4b838bdc..f9825493bf 100644 --- a/libs/getdns/Makefile +++ b/libs/getdns/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=getdns PKG_VERSION:=1.7.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=BSD-3-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/libs/getdns/patches/001-openssl-deprecated.patch b/libs/getdns/patches/001-openssl-deprecated.patch new file mode 100644 index 0000000000..ed695ac0c9 --- /dev/null +++ b/libs/getdns/patches/001-openssl-deprecated.patch @@ -0,0 +1,20 @@ +--- a/src/openssl/tls.c ++++ b/src/openssl/tls.c +@@ -872,7 +872,7 @@ _getdns_tls_x509* _getdns_tls_connection + if (!conn || !conn->ssl) + return NULL; + +- return _getdns_tls_x509_new(mfs, SSL_get_peer_certificate(conn->ssl)); ++ return _getdns_tls_x509_new(mfs, SSL_get1_peer_certificate(conn->ssl)); + } + + getdns_return_t _getdns_tls_connection_is_session_reused(_getdns_tls_connection* conn) +@@ -990,7 +990,7 @@ getdns_return_t _getdns_tls_connection_c + #if defined(USE_DANESSL) + { + getdns_return_t res = GETDNS_RETURN_GOOD; +- X509* peer_cert = SSL_get_peer_certificate(conn->ssl); ++ X509* peer_cert = SSL_get1_peer_certificate(conn->ssl); + if (peer_cert) { + if (conn->auth_name[0] && + X509_check_host(peer_cert,