svn commit: r361308 - in projects/nfs-over-tls/usr.sbin: rpctlscd rpctlssd

Rick Macklem rmacklem at FreeBSD.org
Wed May 20 23:18:48 UTC 2020 

Author: rmacklem
Date: Wed May 20 23:18:47 2020
New Revision: 361308
URL: https://svnweb.freebsd.org/changeset/base/361308

Log:
  Fix the daemons so that they use the preferred calls for openssl3
  instead of SSL_CTX_load_verify_locations().
  
  This should not have any semantics change.

Modified:
  projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c
  projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c

Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c
==============================================================================
--- projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c	Wed May 20 22:25:46 2020	(r361307)
+++ projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c	Wed May 20 23:18:47 2020	(r361308)
@@ -538,9 +538,19 @@ rpctls_setupcl_ssl(bool cert)
 				return (NULL);
 			}
 		}
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+		ret = 1;
+		if (rpctls_verify_cafile != NULL)
+			ret = SSL_CTX_load_verify_file(ctx,
+			    rpctls_verify_cafile);
+		if (ret != 0 && rpctls_verify_capath != NULL)
+			ret = SSL_CTX_load_verify_dir(ctx,
+			    rpctls_verify_capath);
+#else
 		ret = SSL_CTX_load_verify_locations(ctx,
 		    rpctls_verify_cafile, rpctls_verify_capath);
-		if (ret != 1) {
+#endif
+		if (ret == 0) {
 			rpctlscd_verbose_out("rpctls_setupcl_ssl: "
 			    "Can't load verify locations\n");
 			SSL_CTX_free(ctx);

Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c
==============================================================================
--- projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c	Wed May 20 22:25:46 2020	(r361307)
+++ projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c	Wed May 20 23:18:47 2020	(r361308)
@@ -604,8 +604,18 @@ rpctls_setup_ssl(const char *certdir)
 					return (NULL);
 				}
 			}
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+			ret = 1;
+			if (rpctls_verify_cafile != NULL)
+				ret = SSL_CTX_load_verify_file(ctx,
+				    rpctls_verify_cafile);
+			if (ret != 0 && rpctls_verify_capath != NULL)
+				ret = SSL_CTX_load_verify_dir(ctx,
+				    rpctls_verify_capath);
+#else
 			ret = SSL_CTX_load_verify_locations(ctx,
 			    rpctls_verify_cafile, rpctls_verify_capath);
+#endif
 			if (ret == 0) {
 				rpctlssd_verbose_out("rpctls_setup_ssl: "
 				    "Can't load verify locations\n");

More information about the svn-src-projects mailing list