From 8535f66672ec9d1eebf5835d3e53238973a80478 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Mon, 17 Jan 2022 16:13:09 +0100
Subject: [PATCH] dnsdist: Fix build with OpenSSL 3.0.0

---
 pdns/credentials.cc | 10 ++++++++--
 pdns/libssl.cc      |  4 ++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/pdns/credentials.cc b/pdns/credentials.cc
index b3a09e5c81..d058a948ac 100644
--- a/pdns/credentials.cc
+++ b/pdns/credentials.cc
@@ -31,6 +31,7 @@
 #ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
+#include <openssl/opensslv.h>
 #include <openssl/rand.h>
 #endif
 
@@ -105,8 +106,13 @@ static std::string hashPasswordInternal(const std::string& password, const std::
     throw std::runtime_error("Error intializing the scrypt context to hash the supplied password");
   }
 
-  // OpenSSL 3.0 changed the string arg to const unsigned char*, other versions use const char *, so cast to const void * to satisfy both
-  if (EVP_PKEY_CTX_set1_pbe_pass(pctx.get(), reinterpret_cast<const void*>(password.data()), password.size()) <= 0) {
+  // OpenSSL 3.0 changed the string arg to const unsigned char*, other versions use const char *
+#if OPENSSL_VERSION_MAJOR >= 3
+  auto passwordData = reinterpret_cast<const char*>(password.data());
+#else
+  auto passwordData = reinterpret_cast<const unsigned char*>(password.data());
+#endif
+  if (EVP_PKEY_CTX_set1_pbe_pass(pctx.get(), passwordData, password.size()) <= 0) {
     throw std::runtime_error("Error adding the password to the scrypt context to hash the supplied password");
   }
 
diff --git a/pdns/libssl.cc b/pdns/libssl.cc
index 1b7d476c4b..f2ee87073f 100644
--- a/pdns/libssl.cc
+++ b/pdns/libssl.cc
@@ -17,9 +17,9 @@
 #endif
 #include <openssl/err.h>
 #include <openssl/ocsp.h>
+#include <openssl/pkcs12.h>
 #include <openssl/rand.h>
 #include <openssl/ssl.h>
-#include <openssl/pkcs12.h>
 #include <fcntl.h>
 
 #ifdef HAVE_LIBSODIUM
@@ -812,7 +812,7 @@ std::unique_ptr<SSL_CTX, void(*)(SSL_CTX*)> libssl_init_server_context(const TLS
       }
       auto key = std::unique_ptr<EVP_PKEY, void(*)(EVP_PKEY*)>(keyptr, EVP_PKEY_free);
       auto cert = std::unique_ptr<X509, void(*)(X509*)>(certptr, X509_free);
-      auto ca = std::unique_ptr<STACK_OF(X509), void(*)(STACK_OF(X509)*)>(captr, sk_X509_free);
+      auto ca = std::unique_ptr<STACK_OF(X509), void(*)(STACK_OF(X509)*)>(captr, [](STACK_OF(X509)* st){ sk_X509_free(st); });
 
       if (SSL_CTX_use_cert_and_key(ctx.get(), cert.get(), key.get(), ca.get(), 1) != 1) {
         ERR_print_errors_fp(stderr);
-- 
2.47.2