Skip to content

Commit d287197

Browse files
michalvaskomichalvasko
committed
build BUGFIX retain support for older OpenSSL
But display a warning. Fixes #338
1 parent 157de8a commit d287197

File tree

2 files changed

+11
-1
lines changed

2 files changed

+11
-1
lines changed

CMakeLists.txt

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -223,9 +223,12 @@ check_function_exists(pthread_rwlockattr_setkind_np HAVE_PTHREAD_RWLOCKATTR_SETK
223223
if(ENABLE_TLS OR ENABLE_DNSSEC OR ENABLE_SSH)
224224
find_package(OpenSSL REQUIRED)
225225
if(ENABLE_TLS)
226-
message(STATUS "OPENSSL found, required for TLS")
226+
message(STATUS "OpenSSL found, required for TLS")
227227
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DNC_ENABLED_TLS")
228228
endif()
229+
if(OPENSSL_VERSION VERSION_LESS 1.1.1)
230+
message(WARNING "OpenSSL version ${OPENSSL_VERSION} is no longer maintained, consider an update.")
231+
endif()
229232

230233
target_link_libraries(netconf2 ${OPENSSL_LIBRARIES})
231234
include_directories(${OPENSSL_INCLUDE_DIR})

src/session_client_tls.c

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -637,11 +637,13 @@ nc_connect_tls(const char *host, unsigned short port, struct ly_ctx *ctx)
637637
/* set the SSL_MODE_AUTO_RETRY flag to allow OpenSSL perform re-handshake automatically */
638638
SSL_set_mode(session->ti.tls, SSL_MODE_AUTO_RETRY);
639639

640+
#if OPENSSL_VERSION_NUMBER >= 0x10100000L // >= 1.1.0
640641
/* server identity (hostname) verification */
641642
if (!SSL_set1_host(session->ti.tls, host)) {
642643
ERR(NULL, "Failed to set expected server hostname.");
643644
goto fail;
644645
}
646+
#endif
645647

646648
/* connect and perform the handshake */
647649
nc_gettimespec_mono(&ts_timeout);
@@ -675,8 +677,13 @@ nc_connect_tls(const char *host, unsigned short port, struct ly_ctx *ctx)
675677
verify = SSL_get_verify_result(session->ti.tls);
676678
switch (verify) {
677679
case X509_V_OK:
680+
#if OPENSSL_VERSION_NUMBER >= 0x10100000L // >= 1.1.0
678681
peername = SSL_get0_peername(session->ti.tls);
679682
VRB(NULL, "Server certificate successfully verified (domain \"%s\").", peername ? peername : "<unknown>");
683+
#else
684+
(void)peername;
685+
VRB(NULL, "Server certificate successfully verified.");
686+
#endif
680687
break;
681688
default:
682689
WRN(NULL, "Server certificate verification problem (%s).", X509_verify_cert_error_string(verify));

0 commit comments

Comments
 (0)