From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 29 May 2026 15:00:52 +0000 (+0200)
Subject: dnsdist: Add OpenSSL >= 4.0.0 compatibility
X-Git-Tag: auth-5.2.0-alpha0^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b3c1f866abb55f9a6e5204af687408d2d2a7cac;p=thirdparty%2Fpdns.git

dnsdist: Add OpenSSL >= 4.0.0 compatibility

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
---

diff --git a/pdns/libssl.cc b/pdns/libssl.cc
index 4d1c324223..73c91c7507 100644
--- a/pdns/libssl.cc
+++ b/pdns/libssl.cc
@@ -1029,7 +1029,9 @@ static std::unique_ptr<SSL_CTX, decltype(&SSL_CTX_free)> getNewServerContext(con
   }
 
 #ifdef SSL_CTX_set_ecdh_auto
+#if !defined(OPENSSL_VERSION_MAJOR) || OPENSSL_VERSION_MAJOR < 4
   SSL_CTX_set_ecdh_auto(ctx.get(), 1);
+#endif /* OPENSSL_VERSION_MAJOR < 4 */
 #endif
 
   if (config.d_maxStoredSessions == 0) {
diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
index e6e95abe15..4ccad4f5dd 100644
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -214,7 +214,12 @@ public:
     else {
 #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && defined(HAVE_SSL_SET_HOSTFLAGS) // grrr libressl
       SSL_set_hostflags(d_conn.get(), X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
-      if (SSL_set1_host(d_conn.get(), d_hostname.c_str()) != 1) {
+#if !defined(OPENSSL_VERSION_MAJOR) || OPENSSL_VERSION_MAJOR < 4
+      auto ret = SSL_set1_host(d_conn.get(), d_hostname.c_str());
+#else
+      auto ret = SSL_set1_dnsname(d_conn.get(), d_hostname.c_str());
+#endif
+      if (ret != 1) {
         throw std::runtime_error("Error setting TLS hostname for certificate validation");
       }
 #elif (OPENSSL_VERSION_NUMBER >= 0x10002000L)
@@ -806,7 +811,9 @@ public:
 
     SSL_CTX_set_options(d_tlsCtx.get(), sslOptions);
 #if defined(SSL_CTX_set_ecdh_auto)
+#if !defined(OPENSSL_VERSION_MAJOR) || OPENSSL_VERSION_MAJOR < 4
     SSL_CTX_set_ecdh_auto(d_tlsCtx.get(), 1);
+#endif /* OPENSSL_VERSION_MAJOR < 4 */
 #endif
 
     if (!params.d_ciphers.empty()) {