libfetch: do not call deprecated OpenSSL functions

As of OpenSSL 1.1 SSL_library_init() and SSL_load_error_strings() are deprecated. There are replacement initialization functions but they do not need to be called: "As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required." Wrap both calls in an OPENSSL_VERSION_NUMBER block. PR: 271615 Reviewed by: Pierre Pronchery <pierre@freebsdfoundation.org> Event: Kitchener-Waterloo Hackathon 202305 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D40265
2024-07-23 03:06:48 +00:00 · 2023-05-25 11:24:48 -04:00 · 2023-05-25 11:24:48 -04:00 · 01aee8c92d
parent 555b62e1c8
commit 01aee8c92d
1 changed files with 2 additions and 0 deletions
--- a/lib/libfetch/common.c
+++ b/lib/libfetch/common.c
@ -1204,6 +1204,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
 	X509_NAME *name;
 	char *str;

+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	/* Init the SSL library and context */
 	if (!SSL_library_init()){
 		fprintf(stderr, "SSL library init failed\n");
@ -1211,6 +1212,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
 	}

 	SSL_load_error_strings();
+#endif

 	conn->ssl_meth = SSLv23_client_method();
 	conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth);