From bc1027a7785166fde9c2a3b48e6e70d198377d4b Mon Sep 17 00:00:00 2001
From: Enji Cooper <ngie@FreeBSD.org>
Date: Wed, 21 Jun 2023 20:53:54 -0700
Subject: [PATCH] libfetch: remove all old OpenSSL support

This change removes pre-OpenSSL 1.1 supporting code and removes/adjusted
preprocessor conditionals which were tautilogically true as FreeBSD main
has shipped with OpenSSL 1.1+ for some time.

Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D40711
---
 lib/libfetch/common.c | 28 +---------------------------
 1 file changed, 1 insertion(+), 27 deletions(-)

diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c
index f2122d7f45c9..8f3f1c5db30f 100644
--- a/lib/libfetch/common.c
+++ b/lib/libfetch/common.c
@@ -950,24 +950,8 @@ fetch_ssl_verify_altname(STACK_OF(GENERAL_NAME) *altnames,
 	const char *ns;
 
 	for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) {
-#if OPENSSL_VERSION_NUMBER < 0x10000000L
-		/*
-		 * This is a workaround, since the following line causes
-		 * alignment issues in clang:
-		 * name = sk_GENERAL_NAME_value(altnames, i);
-		 * OpenSSL explicitly warns not to use those macros
-		 * directly, but there isn't much choice (and there
-		 * shouldn't be any ill side effects)
-		 */
-		name = (GENERAL_NAME *)SKM_sk_value(void, altnames, i);
-#else
 		name = sk_GENERAL_NAME_value(altnames, i);
-#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-		ns = (const char *)ASN1_STRING_data(name->d.ia5);
-#else
 		ns = (const char *)ASN1_STRING_get0_data(name->d.ia5);
-#endif
 		nslen = (size_t)ASN1_STRING_length(name->d.ia5);
 
 		if (name->type == GEN_DNS && ip == NULL &&
@@ -1204,16 +1188,6 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
 	X509_NAME *name;
 	char *str;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-	/* Init the SSL library and context */
-	if (!SSL_library_init()){
-		fprintf(stderr, "SSL library init failed\n");
-		return (-1);
-	}
-
-	SSL_load_error_strings();
-#endif
-
 	conn->ssl_meth = SSLv23_client_method();
 	conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth);
 	SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY);
@@ -1231,7 +1205,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
 	}
 	SSL_set_fd(conn->ssl, conn->sd);
 
-#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
+#if !defined(OPENSSL_NO_TLSEXT)
 	if (!SSL_set_tlsext_host_name(conn->ssl,
 	    __DECONST(struct url *, URL)->host)) {
 		fprintf(stderr,