git: bc1027a77851 - main - libfetch: remove all old OpenSSL support
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 24 Jun 2023 01:45:19 UTC
The branch main has been updated by ngie: URL: https://cgit.FreeBSD.org/src/commit/?id=bc1027a7785166fde9c2a3b48e6e70d198377d4b commit bc1027a7785166fde9c2a3b48e6e70d198377d4b Author: Enji Cooper <ngie@FreeBSD.org> AuthorDate: 2023-06-22 03:53:54 +0000 Commit: Enji Cooper <ngie@FreeBSD.org> CommitDate: 2023-06-24 08:45:02 +0000 libfetch: remove all old OpenSSL support This change removes pre-OpenSSL 1.1 supporting code and removes/adjusted preprocessor conditionals which were tautilogically true as FreeBSD main has shipped with OpenSSL 1.1+ for some time. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D40711 --- lib/libfetch/common.c | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index f2122d7f45c9..8f3f1c5db30f 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -950,24 +950,8 @@ fetch_ssl_verify_altname(STACK_OF(GENERAL_NAME) *altnames, const char *ns; for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) { -#if OPENSSL_VERSION_NUMBER < 0x10000000L - /* - * This is a workaround, since the following line causes - * alignment issues in clang: - * name = sk_GENERAL_NAME_value(altnames, i); - * OpenSSL explicitly warns not to use those macros - * directly, but there isn't much choice (and there - * shouldn't be any ill side effects) - */ - name = (GENERAL_NAME *)SKM_sk_value(void, altnames, i); -#else name = sk_GENERAL_NAME_value(altnames, i); -#endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L - ns = (const char *)ASN1_STRING_data(name->d.ia5); -#else ns = (const char *)ASN1_STRING_get0_data(name->d.ia5); -#endif nslen = (size_t)ASN1_STRING_length(name->d.ia5); if (name->type == GEN_DNS && ip == NULL && @@ -1204,16 +1188,6 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) X509_NAME *name; char *str; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - /* Init the SSL library and context */ - if (!SSL_library_init()){ - fprintf(stderr, "SSL library init failed\n"); - return (-1); - } - - SSL_load_error_strings(); -#endif - conn->ssl_meth = SSLv23_client_method(); conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth); SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY); @@ -1231,7 +1205,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) } SSL_set_fd(conn->ssl, conn->sd); -#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) +#if !defined(OPENSSL_NO_TLSEXT) if (!SSL_set_tlsext_host_name(conn->ssl, __DECONST(struct url *, URL)->host)) { fprintf(stderr,