getdns: fix compilation with OPENSSL_NO_DEPRECATED

SSL_get_peer_certificate() is deprecated, OpenSSL v3.0 added
SSL_get0_peer_certificate() and SSL_get1_peer_certificate().

Use the latter since the return value is explicitely X509_free()ed
here, see [0].

[0] https://www.openssl.org/docs/manmaster/man3/SSL_get_peer_certificate.html

Signed-off-by: Andre Heider <redacted>

diff --git a/libs/getdns/Makefile b/libs/getdns/Makefile
index 9a4b838bdc26a6670da667305a1bba698fb93891..f9825493bf492210663d604c049e320044c6ee55 100644 (file)
--- a/libs/getdns/Makefile
+++ b/libs/getdns/Makefile
@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=getdns
 PKG_VERSION:=1.7.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE

diff --git a/libs/getdns/patches/001-openssl-deprecated.patch b/libs/getdns/patches/001-openssl-deprecated.patch
new file mode 100644 (file)
index 0000000..ed695ac
--- /dev/null
+++ b/libs/getdns/patches/001-openssl-deprecated.patch
@@ -0,0 +1,20 @@
+--- a/src/openssl/tls.c
++++ b/src/openssl/tls.c
+@@ -872,7 +872,7 @@ _getdns_tls_x509* _getdns_tls_connection
+       if (!conn || !conn->ssl)
+               return NULL;
+ 
+-      return _getdns_tls_x509_new(mfs, SSL_get_peer_certificate(conn->ssl));
++      return _getdns_tls_x509_new(mfs, SSL_get1_peer_certificate(conn->ssl));
+ }
+ 
+ getdns_return_t _getdns_tls_connection_is_session_reused(_getdns_tls_connection* conn)
+@@ -990,7 +990,7 @@ getdns_return_t _getdns_tls_connection_c
+ #if defined(USE_DANESSL)
+       {
+               getdns_return_t res = GETDNS_RETURN_GOOD;
+-              X509* peer_cert = SSL_get_peer_certificate(conn->ssl);
++              X509* peer_cert = SSL_get1_peer_certificate(conn->ssl);
+               if (peer_cert) {
+                       if (conn->auth_name[0] &&
+                           X509_check_host(peer_cert,