From 01b467b0ebd0853c7817cb7e11d13be6708888c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Gomez?= Date: Tue, 30 Jan 2024 23:14:25 +0900 Subject: [PATCH] Fix deprecation notices for OpenSSL 3 and failure to build on GCC12 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tested with libssl 3.0.10-1ubuntu2.1 (Ubuntu 23.10) and 1.1.1f-1ubuntu2.20 (Ubuntu 20.04). Signed-off-by: Loïc Gomez --- src/connection.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/connection.c b/src/connection.c index 0a138eb..a127174 100644 --- a/src/connection.c +++ b/src/connection.c @@ -1171,6 +1171,7 @@ static connection_t *connection_init(int anti_flood, int ssl, time_t timeout, static int ctx_set_dh(SSL_CTX *ctx) { /* Return ephemeral DH parameters. */ +#if OPENSSL_VERSION_NUMBER < 0x30000000L /* 3.0.0 */ DH *dh = NULL; FILE *f; long ret; @@ -1203,7 +1204,31 @@ static int ctx_set_dh(SSL_CTX *ctx) ERR_error_string(ERR_get_error(), NULL)); return 0; } +#else + BIO *pbio = BIO_new_file(conf_client_dh_file, "r"); + if (!pbio) { + mylog(LOG_ERROR, "Unable to open DH parameters, BIO_new_file(%s): %s", + conf_client_dh_file, ERR_error_string(ERR_get_error(), NULL)); + return 0; + } + EVP_PKEY *param = PEM_read_bio_Parameters(pbio, NULL); + BIO_free(pbio); + if (!param) { + mylog(LOG_ERROR, "TLS DH Error: PEM_read_bio_Parameters(%s): %s", + conf_client_dh_file, ERR_error_string(ERR_get_error(), NULL)); + return 0; + } + + if (SSL_CTX_set0_tmp_dh_pkey(ctx, param) != 1) { + EVP_PKEY_free(param); + mylog(LOG_ERROR, "TLS DH Error: SSL_CTX_set0_tmp_dh_pkey(%s): %s", + conf_client_dh_file, ERR_error_string(ERR_get_error(), NULL)); + return 0; + } +#endif + mylog(LOG_DEBUG, "TLS: succesfully set up DH params %s", + conf_client_dh_file); return 1; } #endif