From: Aram Sargsyan <aram@isc.org>
Date: Wed, 6 Oct 2021 14:18:49 +0000 (+0000)
Subject: Use OpenSSL version macro instead of function check
X-Git-Tag: v9.17.20~19^2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=965bdd98940ba8d338344e949b344342ccdca2be;p=thirdparty%2Fbind9.git

Use OpenSSL version macro instead of function check

Unless being configured with the `no-deprecated` option, OpenSSL 3.0.0
still has the deprecated APIs present and will throw warnings during
compilation, when using them.

Make sure that the old APIs are being used only with the older versions
of OpenSSL.
---

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index b9ed2506ec9..c1d2b4c4fd7 100644
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -480,7 +480,7 @@ isc_tlsctx_load_dhparams(isc_tlsctx_t *ctx, const char *dhparams_file) {
 	REQUIRE(dhparams_file != NULL);
 	REQUIRE(*dhparams_file != '\0');
 
-#ifdef SSL_CTX_set_tmp_dh
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 	/* OpenSSL < 3.0 */
 	DH *dh = NULL;
 	FILE *paramfile;
@@ -509,7 +509,7 @@ isc_tlsctx_load_dhparams(isc_tlsctx_t *ctx, const char *dhparams_file) {
 
 	DH_free(dh);
 #else
-	/* OpenSSL >= 3.0: SSL_CTX_set_tmp_dh() is deprecated in OpenSSL 3.0 */
+	/* OpenSSL >= 3.0: low level DH APIs are deprecated in OpenSSL 3.0 */
 	EVP_PKEY *dh = NULL;
 	BIO *bio = NULL;
 
@@ -534,7 +534,7 @@ isc_tlsctx_load_dhparams(isc_tlsctx_t *ctx, const char *dhparams_file) {
 	 * SSL context at this point. */
 
 	BIO_free(bio);
-#endif
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
 
 	return (true);
 }