From: Marcel Raad <Marcel.Raad@teamviewer.com>
Date: Sun, 10 Oct 2021 09:51:37 +0000 (+0200)
Subject: openssl: remove usage of deprecated `SSL_get_peer_certificate`
X-Git-Tag: curl-7_81_0~149
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1e80f56d0bf9e19213816d99a23b521e7b53cd5f;p=thirdparty%2Fcurl.git

openssl: remove usage of deprecated `SSL_get_peer_certificate`

The function name was changed to `SSL_get1_peer_certificate` in OpenSSL
3.0.

Closes https://github.com/curl/curl/pull/7893
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index a1baef9c3f..947c14f5cd 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -171,6 +171,10 @@
 #define OPENSSL_load_builtin_modules(x)
 #endif
 
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
+#define SSL_get1_peer_certificate SSL_get_peer_certificate
+#endif
+
 /*
  * Whether SSL_CTX_set_keylog_callback is available.
  * OpenSSL: supported since 1.1.1 https://github.com/openssl/openssl/pull/2287
@@ -1937,7 +1941,7 @@ static CURLcode verifystatus(struct Curl_easy *data,
   }
 
   /* Compute the certificate's ID */
-  cert = SSL_get_peer_certificate(backend->handle);
+  cert = SSL_get1_peer_certificate(backend->handle);
   if(!cert) {
     failf(data, "Error getting peer certificate");
     result = CURLE_SSL_INVALIDCERTSTATUS;
@@ -3840,7 +3844,7 @@ static CURLcode servercert(struct Curl_easy *data,
     /* we've been asked to gather certificate info! */
     (void)get_cert_chain(data, connssl);
 
-  backend->server_cert = SSL_get_peer_certificate(backend->handle);
+  backend->server_cert = SSL_get1_peer_certificate(backend->handle);
   if(!backend->server_cert) {
     BIO_free(mem);
     if(!strict)