svn commit: r361308 - in projects/nfs-over-tls/usr.sbin: rpctlscd rpctlssd
Rick Macklem
rmacklem at FreeBSD.org
Wed May 20 23:18:48 UTC 2020
Author: rmacklem
Date: Wed May 20 23:18:47 2020
New Revision: 361308
URL: https://svnweb.freebsd.org/changeset/base/361308
Log:
Fix the daemons so that they use the preferred calls for openssl3
instead of SSL_CTX_load_verify_locations().
This should not have any semantics change.
Modified:
projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c
projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c
Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c
==============================================================================
--- projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Wed May 20 22:25:46 2020 (r361307)
+++ projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Wed May 20 23:18:47 2020 (r361308)
@@ -538,9 +538,19 @@ rpctls_setupcl_ssl(bool cert)
return (NULL);
}
}
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+ ret = 1;
+ if (rpctls_verify_cafile != NULL)
+ ret = SSL_CTX_load_verify_file(ctx,
+ rpctls_verify_cafile);
+ if (ret != 0 && rpctls_verify_capath != NULL)
+ ret = SSL_CTX_load_verify_dir(ctx,
+ rpctls_verify_capath);
+#else
ret = SSL_CTX_load_verify_locations(ctx,
rpctls_verify_cafile, rpctls_verify_capath);
- if (ret != 1) {
+#endif
+ if (ret == 0) {
rpctlscd_verbose_out("rpctls_setupcl_ssl: "
"Can't load verify locations\n");
SSL_CTX_free(ctx);
Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c
==============================================================================
--- projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Wed May 20 22:25:46 2020 (r361307)
+++ projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Wed May 20 23:18:47 2020 (r361308)
@@ -604,8 +604,18 @@ rpctls_setup_ssl(const char *certdir)
return (NULL);
}
}
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+ ret = 1;
+ if (rpctls_verify_cafile != NULL)
+ ret = SSL_CTX_load_verify_file(ctx,
+ rpctls_verify_cafile);
+ if (ret != 0 && rpctls_verify_capath != NULL)
+ ret = SSL_CTX_load_verify_dir(ctx,
+ rpctls_verify_capath);
+#else
ret = SSL_CTX_load_verify_locations(ctx,
rpctls_verify_cafile, rpctls_verify_capath);
+#endif
if (ret == 0) {
rpctlssd_verbose_out("rpctls_setup_ssl: "
"Can't load verify locations\n");
More information about the svn-src-projects
mailing list