From 5142eea2eb380f5430a590088a3c7d5d51b970a2 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 28 May 2024 10:18:44 +0200 Subject: [PATCH] `SSL_get_peer_certificate()` is deprecated since OpenSSL 3.0 Unfortunately OpenSSL didn't implement a warning for deprecated macros, so this wasn't discovered until now. Discovered in [0]. OpenSSL patch to improve the situation proposed in [1]. [0] https://github.com/strophe/libstrophe/discussions/244 [1] https://github.com/openssl/openssl/pull/24296 Signed-off-by: Steffen Jaeckel --- src/tls_openssl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/tls_openssl.c b/src/tls_openssl.c index 7f8c27b..641ca6c 100644 --- a/src/tls_openssl.c +++ b/src/tls_openssl.c @@ -51,8 +51,10 @@ #if OPENSSL_VERSION_NUMBER < 0x30000000L #define STROPHE_ERR_func_error_string(e) ERR_func_error_string(e) +#define STROPHE_SSL_get1_peer_certificate(s) SSL_get_peer_certificate(s) #else #define STROPHE_ERR_func_error_string(e) "" +#define STROPHE_SSL_get1_peer_certificate(s) SSL_get1_peer_certificate(s) #endif #if OPENSSL_VERSION_NUMBER < 0x10100000L @@ -762,7 +764,7 @@ void tls_free(tls_t *tls) xmpp_tlscert_t *tls_peer_cert(xmpp_conn_t *conn) { if (conn && conn->tls && conn->tls->ssl) { - X509 *cert = SSL_get_peer_certificate(conn->tls->ssl); + X509 *cert = STROPHE_SSL_get1_peer_certificate(conn->tls->ssl); if (cert) { xmpp_tlscert_t *tlscert = _x509_to_tlscert(conn->ctx, cert); X509_free(cert); @@ -1034,7 +1036,7 @@ static void _tls_dump_cert_info(tls_t *tls) X509 *cert; char *name; - cert = SSL_get_peer_certificate(tls->ssl); + cert = STROPHE_SSL_get1_peer_certificate(tls->ssl); if (cert == NULL) strophe_debug(tls->ctx, "tls", "Certificate was not presented by peer"); else {