[#4338] Build with current Openssl API

diff --git a/AUTHORS b/AUTHORS
index e46c44e4c36d01f311530197af7e7b01db82c51f..3b6a6a7f2bd350ed9e801bda0690d46a863eb78d 100644 (file)
--- a/AUTHORS
+++ b/AUTHORS
@@ -312,6 +312,7 @@ We have received the following contributions:
 
  - Philip Prindeville
    2024-09: Brought down the number of utilities keactrl depends on.
+   2026-03: Support compiling without deprecated OpenSSL API.
 
  - q66
    2025-01: Added support for building with Boost 1.87.

diff --git a/config.h.in b/config.h.in
index 9d086c128f2fa467f84e9f3e38cc22b1539a4d67..fba9ce743454ae3b203399515daf90752a65b192 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -111,3 +111,9 @@
 
 /* Compile with OpenSSL crypto */
 #mesondefine WITH_OPENSSL
+
+/* OpenSSL has the new X.509 certificate API */
+#mesondefine HAVE_NEW_SSL_API
+
+/* Use OpenSSL_version() instead of SSLeay_version() */
+#mesondefine HAVE_OPENSSL_VERSION

diff --git a/meson.build b/meson.build
index 3dee99fd0427a8639cb187998aa7428984d7a907..4c93d3a4e4b68e0cb15da40c2f55fc3205764f0e 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -340,6 +340,20 @@ elif CRYPTO_DEP.name() == openssl.name()
         required: true,
     )
     message('Using OpenSSL.')
+    if cpp.has_function(
+        'SSL_get1_peer_certificate',
+        prefix: '#include <openssl/ssl.h>',
+        dependencies: openssl,
+    )
+        conf_data.set('HAVE_NEW_SSL_API', true)
+    endif
+    if cpp.has_function(
+        'OpenSSL_version',
+        prefix: '#include <openssl/crypto.h>',
+        dependencies: openssl,
+    )
+        conf_data.set('HAVE_OPENSSL_VERSION', true)
+    endif
 else
     error('Dependency not found: neither Botan nor OpenSSL.')
 endif

diff --git a/src/lib/asiolink/openssl_tls.h b/src/lib/asiolink/openssl_tls.h
index 57c33236b816753016fd0597617794d89c631c40..2d132ea4a207c184445f6d3bc618f5abb0753e41 100644 (file)
--- a/src/lib/asiolink/openssl_tls.h
+++ b/src/lib/asiolink/openssl_tls.h
@@ -171,7 +171,11 @@ public:
     ///
     /// @return The commonName part of the subjectName or the empty string.
     virtual std::string getSubject() {
+#ifdef HAVE_NEW_SSL_API
+        ::X509* cert = ::SSL_get1_peer_certificate(this->native_handle());
+#else
         ::X509* cert = ::SSL_get_peer_certificate(this->native_handle());
+#endif
         if (!cert) {
             return ("");
         }
@@ -205,7 +209,11 @@ public:
     ///
     /// @return The commonName part of the issuerName or the empty string.
     virtual std::string getIssuer() {
+#ifdef HAVE_NEW_SSL_API
+        ::X509* cert = ::SSL_get1_peer_certificate(this->native_handle());
+#else
         ::X509* cert = ::SSL_get_peer_certificate(this->native_handle());
+#endif
         if (!cert) {
             return ("");
         }

diff --git a/src/lib/cryptolink/openssl_link.cc b/src/lib/cryptolink/openssl_link.cc
index 4bceb8fb27fa5ee1c89b2c1d08366dc2077f89fa..363d8273c486990daa3f47fa355b35edc663ed2f 100644 (file)
--- a/src/lib/cryptolink/openssl_link.cc
+++ b/src/lib/cryptolink/openssl_link.cc
@@ -77,7 +77,11 @@ CryptoLink::initialize(CryptoLink& c) {
 
 std::string
 CryptoLink::getVersion() {
+#ifdef HAVE_OPENSSL_VERSION
+    return (OpenSSL_version(OPENSSL_VERSION));
+#else
     return (SSLeay_version(SSLEAY_VERSION));
+#endif
 }
 
 } // namespace cryptolink