From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Thu, 31 Mar 2022 01:09:27 +0000 (-0400)
Subject: Use more modern BIO_METHOD APIs to work on current OpenSSL.
X-Git-Tag: v2.4.2~29^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5fa982a1d5d715e58a2e5b1cc99ad8f31501bd11;p=thirdparty%2Fcups.git

Use more modern BIO_METHOD APIs to work on current OpenSSL.
---

diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c
index 06ed23e572..524789f956 100644
--- a/cups/tls-openssl.c
+++ b/cups/tls-openssl.c
@@ -42,21 +42,10 @@ static void		http_x509_add_san(X509 *cert, const char *name);
  * Local globals...
  */
 
-static BIO_METHOD	http_bio_methods =
-			{
-			  BIO_TYPE_SOCKET,
-			  "http",
-			  http_bio_write,
-			  http_bio_read,
-			  http_bio_puts,
-			  NULL, /* http_bio_gets, */
-			  http_bio_ctrl,
-			  http_bio_new,
-			  http_bio_free,
-			  NULL,
-			};
 static int		tls_auto_create = 0;
 					/* Auto-create self-signed certs? */
+static BIO_METHOD	*tls_bio_method = NULL;
+					/* OpenSSL BIO method */
 static char		*tls_common_name = NULL;
 					/* Default common name */
 //static X509_CRL		*tls_crl = NULL;/* Certificate revocation list */
@@ -1081,7 +1070,20 @@ _httpTLSStart(http_t *http)		// I - Connection to server
   SSL_CTX_set_cipher_list(context, cipherlist);
 
   // Setup a TLS session
-  bio = BIO_new(&http_bio_methods);
+  _cupsMutexLock(&tls_mutex);
+  if (!tls_bio_method)
+  {
+    tls_bio_method = BIO_meth_new(BIO_get_new_index(), "http");
+    BIO_meth_set_ctrl(tls_bio_method, http_bio_ctrl);
+    BIO_meth_set_create(tls_bio_method, http_bio_new);
+    BIO_meth_set_destroy(tls_bio_method, http_bio_free);
+    BIO_meth_set_read(tls_bio_method, http_bio_read);
+    BIO_meth_set_puts(tls_bio_method, http_bio_puts);
+    BIO_meth_set_write(tls_bio_method, http_bio_write);
+  }
+  _cupsMutexUnlock(&tls_mutex);
+
+  bio = BIO_new(tls_bio_method);
   BIO_ctrl(bio, BIO_C_SET_FILE_PTR, 0, (char *)http);
 
   http->tls = SSL_new(context);
diff --git a/cups/tlscheck.c b/cups/tlscheck.c
index 5e49467b94..807e044b1d 100644
--- a/cups/tlscheck.c
+++ b/cups/tlscheck.c
@@ -211,9 +211,11 @@ main(int  argc,				/* I - Number of command-line arguments */
         tlsVersion = 12;
         break;
 
+#  ifdef TLS1_3_VERSION
     case TLS1_3_VERSION :
         tlsVersion = 13;
         break;
+#  endif // TLS1_3_VERSION
   }
 
   snprintf(cipherStr, sizeof(cipherStr), "%s_%dbits", SSL_get_cipher_name(http->tls), SSL_get_cipher_bits(http->tls, &cipherBits));