dnsdist: Add OpenSSL >= 4.0.0 compatibility

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

diff --git a/pdns/libssl.cc b/pdns/libssl.cc
index 4d1c3242230a9e5e7ae82e3594efd786bb7fbd16..73c91c7507e7e7a0d702d7353ecdb371aa7885b2 100644 (file)
--- a/pdns/libssl.cc
+++ b/pdns/libssl.cc
@@ -1029,7 +1029,9 @@ static std::unique_ptr<SSL_CTX, decltype(&SSL_CTX_free)> getNewServerContext(con
   }
 
 #ifdef SSL_CTX_set_ecdh_auto
+#if !defined(OPENSSL_VERSION_MAJOR) || OPENSSL_VERSION_MAJOR < 4
   SSL_CTX_set_ecdh_auto(ctx.get(), 1);
+#endif /* OPENSSL_VERSION_MAJOR < 4 */
 #endif
 
   if (config.d_maxStoredSessions == 0) {

diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
index e6e95abe15795aa0e4b63591b45dfccb6eed5167..4ccad4f5dde22d9026121b9e7ec8503439386528 100644 (file)
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -214,7 +214,12 @@ public:
     else {
 #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && defined(HAVE_SSL_SET_HOSTFLAGS) // grrr libressl
       SSL_set_hostflags(d_conn.get(), X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
-      if (SSL_set1_host(d_conn.get(), d_hostname.c_str()) != 1) {
+#if !defined(OPENSSL_VERSION_MAJOR) || OPENSSL_VERSION_MAJOR < 4
+      auto ret = SSL_set1_host(d_conn.get(), d_hostname.c_str());
+#else
+      auto ret = SSL_set1_dnsname(d_conn.get(), d_hostname.c_str());
+#endif
+      if (ret != 1) {
         throw std::runtime_error("Error setting TLS hostname for certificate validation");
       }
 #elif (OPENSSL_VERSION_NUMBER >= 0x10002000L)
@@ -806,7 +811,9 @@ public:
 
     SSL_CTX_set_options(d_tlsCtx.get(), sslOptions);
 #if defined(SSL_CTX_set_ecdh_auto)
+#if !defined(OPENSSL_VERSION_MAJOR) || OPENSSL_VERSION_MAJOR < 4
     SSL_CTX_set_ecdh_auto(d_tlsCtx.get(), 1);
+#endif /* OPENSSL_VERSION_MAJOR < 4 */
 #endif
 
     if (!params.d_ciphers.empty()) {