Date: Wed, 20 May 2020 23:18:48 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r361308 - in projects/nfs-over-tls/usr.sbin: rpctlscd rpctlssd Message-ID: <202005202318.04KNIm3i063560@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Wed May 20 23:18:47 2020 New Revision: 361308 URL: https://svnweb.freebsd.org/changeset/base/361308 Log: Fix the daemons so that they use the preferred calls for openssl3 instead of SSL_CTX_load_verify_locations(). This should not have any semantics change. Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Modified: projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Wed May 20 22:25:46 2020 (r361307) +++ projects/nfs-over-tls/usr.sbin/rpctlscd/rpctlscd.c Wed May 20 23:18:47 2020 (r361308) @@ -538,9 +538,19 @@ rpctls_setupcl_ssl(bool cert) return (NULL); } } +#if OPENSSL_VERSION_NUMBER >= 0x30000000 + ret = 1; + if (rpctls_verify_cafile != NULL) + ret = SSL_CTX_load_verify_file(ctx, + rpctls_verify_cafile); + if (ret != 0 && rpctls_verify_capath != NULL) + ret = SSL_CTX_load_verify_dir(ctx, + rpctls_verify_capath); +#else ret = SSL_CTX_load_verify_locations(ctx, rpctls_verify_cafile, rpctls_verify_capath); - if (ret != 1) { +#endif + if (ret == 0) { rpctlscd_verbose_out("rpctls_setupcl_ssl: " "Can't load verify locations\n"); SSL_CTX_free(ctx); Modified: projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c ============================================================================== --- projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Wed May 20 22:25:46 2020 (r361307) +++ projects/nfs-over-tls/usr.sbin/rpctlssd/rpctlssd.c Wed May 20 23:18:47 2020 (r361308) @@ -604,8 +604,18 @@ rpctls_setup_ssl(const char *certdir) return (NULL); } } +#if OPENSSL_VERSION_NUMBER >= 0x30000000 + ret = 1; + if (rpctls_verify_cafile != NULL) + ret = SSL_CTX_load_verify_file(ctx, + rpctls_verify_cafile); + if (ret != 0 && rpctls_verify_capath != NULL) + ret = SSL_CTX_load_verify_dir(ctx, + rpctls_verify_capath); +#else ret = SSL_CTX_load_verify_locations(ctx, rpctls_verify_cafile, rpctls_verify_capath); +#endif if (ret == 0) { rpctlssd_verbose_out("rpctls_setup_ssl: " "Can't load verify locations\n");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005202318.04KNIm3i063560>