From 965bdd98940ba8d338344e949b344342ccdca2be Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Wed, 6 Oct 2021 14:18:49 +0000 Subject: [PATCH] Use OpenSSL version macro instead of function check Unless being configured with the `no-deprecated` option, OpenSSL 3.0.0 still has the deprecated APIs present and will throw warnings during compilation, when using them. Make sure that the old APIs are being used only with the older versions of OpenSSL. --- lib/isc/tls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/isc/tls.c b/lib/isc/tls.c index b9ed2506ec..c1d2b4c4fd 100644 --- a/lib/isc/tls.c +++ b/lib/isc/tls.c @@ -480,7 +480,7 @@ isc_tlsctx_load_dhparams(isc_tlsctx_t *ctx, const char *dhparams_file) { REQUIRE(dhparams_file != NULL); REQUIRE(*dhparams_file != '\0'); -#ifdef SSL_CTX_set_tmp_dh +#if OPENSSL_VERSION_NUMBER < 0x30000000L /* OpenSSL < 3.0 */ DH *dh = NULL; FILE *paramfile; @@ -509,7 +509,7 @@ isc_tlsctx_load_dhparams(isc_tlsctx_t *ctx, const char *dhparams_file) { DH_free(dh); #else - /* OpenSSL >= 3.0: SSL_CTX_set_tmp_dh() is deprecated in OpenSSL 3.0 */ + /* OpenSSL >= 3.0: low level DH APIs are deprecated in OpenSSL 3.0 */ EVP_PKEY *dh = NULL; BIO *bio = NULL; @@ -534,7 +534,7 @@ isc_tlsctx_load_dhparams(isc_tlsctx_t *ctx, const char *dhparams_file) { * SSL context at this point. */ BIO_free(bio); -#endif +#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */ return (true); }