Don't use a deprecated function if built/linked with OpenSSL v3

SSL_get_peer_certificate was deprecated in OpenSSL v3 and can be 'compiled-out' using OPENSSL_API_COMPAT. Use SSL_get1_peer_certificate instead. Pick-to: 6.2 Task-number: QTBUG-94596 Change-Id: Iedb2e06e673e981cab79d4bf0147ac6f5f90089a Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2021-07-12 12:38:14 +0200
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2021-07-13 10:39:55 +0200
commit: ae6590e360fbb04d93940b2651f70df44a28943e (patch)
tree: 33c37e938bea89819ac3b1be9a38f0ad8591f907 /src/plugins/tls
parent: 363df5cd709762c3c014132c1670fdd715233620 (diff)
2 files changed, 20 insertions, 1 deletions
diff --git a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
index 3b683bcc3c..d4a7c27825 100644
--- a/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
+++ b/src/plugins/tls/openssl/qsslsocket_openssl_symbols.cpp
@@ -374,7 +374,13 @@ DEFINEFUNC(const SSL_CIPHER *, SSL_get_current_cipher, SSL *a, a, return nullptr
 DEFINEFUNC(int, SSL_version, const SSL *a, a, return 0, return)
 DEFINEFUNC2(int, SSL_get_error, SSL *a, a, int b, b, return -1, return)
 DEFINEFUNC(STACK_OF(X509) *, SSL_get_peer_cert_chain, SSL *a, a, return nullptr, return)
+
+#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
+DEFINEFUNC(X509 *, SSL_get1_peer_certificate, SSL *a, a, return nullptr, return)
+#else
 DEFINEFUNC(X509 *, SSL_get_peer_certificate, SSL *a, a, return nullptr, return)
+#endif // OPENSSL_VERSION_MAJOR >= 3
+
 DEFINEFUNC(long, SSL_get_verify_result, const SSL *a, a, return -1, return)
 DEFINEFUNC(SSL *, SSL_new, SSL_CTX *a, a, return nullptr, return)
 DEFINEFUNC(SSL_CTX *, SSL_get_SSL_CTX, SSL *a, a, return nullptr, return)
@@ -1085,7 +1091,13 @@ bool q_resolveOpenSslSymbols()
     RESOLVEFUNC(SSL_version)
     RESOLVEFUNC(SSL_get_error)
     RESOLVEFUNC(SSL_get_peer_cert_chain)
+
+#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
+    RESOLVEFUNC(SSL_get1_peer_certificate)
+#else
     RESOLVEFUNC(SSL_get_peer_certificate)
+#endif // OPENSSL_VERSION_MAJOR >= 3
+
     RESOLVEFUNC(SSL_get_verify_result)
     RESOLVEFUNC(SSL_new)
     RESOLVEFUNC(SSL_get_SSL_CTX)
diff --git a/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h b/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
index 088cff499e..065e804fa0 100644
--- a/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
+++ b/src/plugins/tls/openssl/qsslsocket_openssl_symbols_p.h
@@ -512,7 +512,6 @@ const SSL_CIPHER *q_SSL_get_current_cipher(SSL *a);
 int q_SSL_version(const SSL *a);
 int q_SSL_get_error(SSL *a, int b);
 STACK_OF(X509) *q_SSL_get_peer_cert_chain(SSL *a);
-X509 *q_SSL_get_peer_certificate(SSL *a);
 long q_SSL_get_verify_result(const SSL *a);
 SSL *q_SSL_new(SSL_CTX *a);
 SSL_CTX *q_SSL_get_SSL_CTX(SSL *a);
@@ -751,6 +750,14 @@ const char *q_SSL_alert_desc_string_long(int value);
 int q_SSL_CTX_get_security_level(const SSL_CTX *ctx);
 void q_SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
 
+// Here we have the ones that make difference between OpenSSL pre/post v3:
+#if defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3
+X509 *q_SSL_get1_peer_certificate(SSL *a);
+#define q_SSL_get_peer_certificate q_SSL_get1_peer_certificate
+#else
+X509 *q_SSL_get_peer_certificate(SSL *a);
+#endif // OPENSSL_VERSION_MAJOR >= 3
+
 QT_END_NAMESPACE
 
 #endif
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2021-07-12 12:38:14 +0200
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2021-07-13 10:39:55 +0200
commit	ae6590e360fbb04d93940b2651f70df44a28943e (patch)
tree	33c37e938bea89819ac3b1be9a38f0ad8591f907 /src/plugins/tls
parent	363df5cd709762c3c014132c1670fdd715233620 (diff)