Page MenuHomeFreeBSD

libfetch: do not call deprecated OpenSSL functions
ClosedPublic

Authored by emaste on May 25 2023, 3:30 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Oct 22, 5:01 PM
Unknown Object (File)
Oct 7 2024, 7:37 AM
Unknown Object (File)
Oct 4 2024, 3:36 AM
Unknown Object (File)
Oct 3 2024, 6:20 AM
Unknown Object (File)
Oct 3 2024, 4:31 AM
Unknown Object (File)
Sep 20 2024, 4:48 PM
Unknown Object (File)
Sep 18 2024, 6:26 AM
Unknown Object (File)
Aug 14 2024, 3:34 PM
Subscribers

Details

Summary
As of OpenSSL 1.1 SSL_library_init() and SSL_load_error_strings() are
deprecated.  There are replacement initialization functions but they do
not need to be called: "As of version 1.1.0 OpenSSL will automatically
allocate all resources that it needs so no explicit initialisation is
required."

Wrap both calls in an OPENSSL_VERSION_NUMBER block.

Event:          Kitchener-Waterloo Hackathon 202305
Sponsored by:   The FreeBSD Foundation

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

emaste created this revision.

LGTM; and this also builds fine with OpenSSL 3.0.8 in src.

This revision is now accepted and ready to land.May 25 2023, 3:49 PM

For reference, in current OpenSSL 1.1:

# if OPENSSL_API_COMPAT < 0x10100000L
#  define SSL_library_init() OPENSSL_init_ssl(0, NULL)
# endif

and

# if OPENSSL_API_COMPAT < 0x10100000L
#  define SSL_load_error_strings() \
    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
# endif
lib/libfetch/common.c
1207–1215

Does it make sense punting this no-op code forward instead of deleting it, given that supported versions of FreeBSD (12.x, 13.x) have OpenSSL 1.1.1?

1217

This is the newer/non-deprecated name.