Page MenuHomeFreeBSD

Fix rpc.tlsservd and rpc.tlsclntd so they build for OpenSSL3
ClosedPublic

Authored by rmacklem on May 25 2023, 10:42 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 6, 5:47 AM
Unknown Object (File)
Wed, Nov 6, 5:34 AM
Unknown Object (File)
Wed, Nov 6, 5:28 AM
Unknown Object (File)
Wed, Nov 6, 4:36 AM
Unknown Object (File)
Wed, Nov 6, 2:45 AM
Unknown Object (File)
Sat, Oct 26, 4:44 PM
Unknown Object (File)
Oct 16 2024, 6:51 PM
Unknown Object (File)
Oct 8 2024, 7:31 AM

Details

Summary

Added #if OPENSSL_VERSION_NUMBER around deprecated
SSL_library_init() and SSL_load_error_strings(), so that the
code should build for OpenSSL3.n. The functions already
have some #if OPENSSL_VERSION_NUMBER >= 0x30000000
for this, but I did the above to be compatible with what is
being done in other places.

Test Plan

Builds with OpenSSL1.1.1. I do not have an OpenSSL3
setup at this time.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

I guess we did not observe a problem here in the OpenSSL 3 experiments because the deprecation checks only activate when OPENSSL_API_COMPAT is set.

This revision is now accepted and ready to land.May 30 2023, 6:04 PM

I installed openssl31 via ports and did builds
using that with OPENSSL_NO_DEPRECATED_...
and found a few more.

I also changed 0x30000000 to 0x30000000L
to be consistent, although I do not think it
matters.

This patch covers all the cases that were found
deprecated.

This revision now requires review to proceed.May 31 2023, 12:54 AM

Could just delete the < 0x10100000L cases, since we have no need to support past-EOL OpenSSL.

Could just delete the < 0x10100000L cases, since we have no need to support past-EOL OpenSSL.

Sure, if you are fine with it. I just did it this way since
you seemed to prefer that over jhb@'s suggestion
to delete it.

I, personally, prefer less #ifdef'ng in code.

Sure, if you are fine with it. I just did it this way since
you seemed to prefer that over jhb@'s suggestion
to delete it.

I, personally, prefer less #ifdef'ng in code.

I plan to go back and remove the pre-1.1 #ifdefs in the future (from code I've been working on), I just wasn't able to go over everything yet and didn't want to have a mix of some pre-1.1 #ifdef blocks left behind in files or functions I didn't touch.

ngie accepted this revision.EditedMay 31 2023, 2:48 AM

LGTM! I think @jhb’s suggestion about using static functions or macros with forward looking names would be a good potential investment, but that doesn’t need to be done here or now.

This revision is now accepted and ready to land.May 31 2023, 2:48 AM

This version gets rid of the pre-1.1.1 calls.
It also fixes a typo where I used > instead
of >= for the OPENSSL_VERSION_NUMBER.

This revision now requires review to proceed.May 31 2023, 3:41 AM
This revision is now accepted and ready to land.May 31 2023, 5:06 AM

The commit message/revision description needs updating, BTW.