mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-07 00:50:50 +00:00
libfetch: remove all old OpenSSL support
This change removes pre-OpenSSL 1.1 supporting code and removes/adjusted preprocessor conditionals which were tautilogically true as FreeBSD main has shipped with OpenSSL 1.1+ for some time. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D40711
This commit is contained in:
parent
e8efee297c
commit
bc1027a778
|
@ -950,24 +950,8 @@ fetch_ssl_verify_altname(STACK_OF(GENERAL_NAME) *altnames,
|
|||
const char *ns;
|
||||
|
||||
for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) {
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10000000L
|
||||
/*
|
||||
* This is a workaround, since the following line causes
|
||||
* alignment issues in clang:
|
||||
* name = sk_GENERAL_NAME_value(altnames, i);
|
||||
* OpenSSL explicitly warns not to use those macros
|
||||
* directly, but there isn't much choice (and there
|
||||
* shouldn't be any ill side effects)
|
||||
*/
|
||||
name = (GENERAL_NAME *)SKM_sk_value(void, altnames, i);
|
||||
#else
|
||||
name = sk_GENERAL_NAME_value(altnames, i);
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
ns = (const char *)ASN1_STRING_data(name->d.ia5);
|
||||
#else
|
||||
ns = (const char *)ASN1_STRING_get0_data(name->d.ia5);
|
||||
#endif
|
||||
nslen = (size_t)ASN1_STRING_length(name->d.ia5);
|
||||
|
||||
if (name->type == GEN_DNS && ip == NULL &&
|
||||
|
@ -1204,16 +1188,6 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
|
|||
X509_NAME *name;
|
||||
char *str;
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
/* Init the SSL library and context */
|
||||
if (!SSL_library_init()){
|
||||
fprintf(stderr, "SSL library init failed\n");
|
||||
return (-1);
|
||||
}
|
||||
|
||||
SSL_load_error_strings();
|
||||
#endif
|
||||
|
||||
conn->ssl_meth = SSLv23_client_method();
|
||||
conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth);
|
||||
SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY);
|
||||
|
@ -1231,7 +1205,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
|
|||
}
|
||||
SSL_set_fd(conn->ssl, conn->sd);
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
|
||||
#if !defined(OPENSSL_NO_TLSEXT)
|
||||
if (!SSL_set_tlsext_host_name(conn->ssl,
|
||||
__DECONST(struct url *, URL)->host)) {
|
||||
fprintf(stderr,
|
||||
|
|
Loading…
Reference in a new issue