diff options
author | Edward Thomson <ethomson@edwardthomson.com> | 2023-02-10 05:01:50 -0500 |
---|---|---|
committer | Edward Thomson <ethomson@edwardthomson.com> | 2023-02-10 05:01:50 -0500 |
commit | b379c401a9d886e6a5916d73fb070d4acb8c8c20 (patch) | |
tree | 32ababec08fb4f6fd1217f94bebb2215781f2ed0 | |
parent | e9fb5af7cb3f6cffc3432813bba6238c88c46533 (diff) | |
download | libgit2-b379c401a9d886e6a5916d73fb070d4acb8c8c20.tar.gz |
openssl: support OpenSSL 3 in dynamic mode
Try to load OpenSSL 3 libraries when compiled with OpenSSL-Dynamic
support.
Handle the deprecated symbol renaming of SSL_get_peer_certificate to
SSL_get1_peer_certificate -- try to load the old name and if it fails,
use the new one.
-rw-r--r-- | src/libgit2/streams/openssl_dynamic.c | 10 | ||||
-rw-r--r-- | src/util/hash/openssl.c | 7 |
2 files changed, 11 insertions, 6 deletions
diff --git a/src/libgit2/streams/openssl_dynamic.c b/src/libgit2/streams/openssl_dynamic.c index da16b6ed7..222c1099d 100644 --- a/src/libgit2/streams/openssl_dynamic.c +++ b/src/libgit2/streams/openssl_dynamic.c @@ -91,7 +91,7 @@ int (*sk_num)(const void *sk); void *(*sk_value)(const void *sk, int i); void (*sk_free)(void *sk); -void *openssl_handle; +static void *openssl_handle; GIT_INLINE(void *) openssl_sym(int *err, const char *name, bool required) { @@ -125,7 +125,8 @@ int git_openssl_stream_dynamic_init(void) (openssl_handle = dlopen("libssl.1.1.dylib", RTLD_NOW)) == NULL && (openssl_handle = dlopen("libssl.so.1.0.0", RTLD_NOW)) == NULL && (openssl_handle = dlopen("libssl.1.0.0.dylib", RTLD_NOW)) == NULL && - (openssl_handle = dlopen("libssl.so.10", RTLD_NOW)) == NULL) { + (openssl_handle = dlopen("libssl.so.10", RTLD_NOW)) == NULL && + (openssl_handle = dlopen("libssl.so.3", RTLD_NOW)) == NULL) { git_error_set(GIT_ERROR_SSL, "could not load ssl libraries"); return -1; } @@ -175,7 +176,6 @@ int git_openssl_stream_dynamic_init(void) SSL_connect = (int (*)(SSL *))openssl_sym(&err, "SSL_connect", true); SSL_ctrl = (long (*)(SSL *, int, long, void *))openssl_sym(&err, "SSL_ctrl", true); - SSL_get_peer_certificate = (X509 *(*)(const SSL *))openssl_sym(&err, "SSL_get_peer_certificate", true); SSL_library_init = (int (*)(void))openssl_sym(&err, "SSL_library_init", false); SSL_free = (void (*)(SSL *))openssl_sym(&err, "SSL_free", true); SSL_get_error = (int (*)(SSL *, int))openssl_sym(&err, "SSL_get_error", true); @@ -187,6 +187,10 @@ int git_openssl_stream_dynamic_init(void) SSL_shutdown = (int (*)(SSL *ssl))openssl_sym(&err, "SSL_shutdown", true); SSL_write = (int (*)(SSL *, const void *, int))openssl_sym(&err, "SSL_write", true); + if (!(SSL_get_peer_certificate = (X509 *(*)(const SSL *))openssl_sym(&err, "SSL_get_peer_certificate", false))) { + SSL_get_peer_certificate = (X509 *(*)(const SSL *))openssl_sym(&err, "SSL_get1_peer_certificate", true); + } + SSL_CTX_ctrl = (long (*)(SSL_CTX *, int, long, void *))openssl_sym(&err, "SSL_CTX_ctrl", true); SSL_CTX_free = (void (*)(SSL_CTX *))openssl_sym(&err, "SSL_CTX_free", true); SSL_CTX_new = (SSL_CTX *(*)(const SSL_METHOD *))openssl_sym(&err, "SSL_CTX_new", true); diff --git a/src/util/hash/openssl.c b/src/util/hash/openssl.c index 649358ca2..eaf91e74c 100644 --- a/src/util/hash/openssl.c +++ b/src/util/hash/openssl.c @@ -10,8 +10,8 @@ #ifdef GIT_OPENSSL_DYNAMIC # include <dlfcn.h> -int handle_count; -void *openssl_handle; +static int handle_count; +static void *openssl_handle; static int git_hash_openssl_global_shutdown(void) { @@ -30,7 +30,8 @@ static int git_hash_openssl_global_init(void) (openssl_handle = dlopen("libssl.1.1.dylib", RTLD_NOW)) == NULL && (openssl_handle = dlopen("libssl.so.1.0.0", RTLD_NOW)) == NULL && (openssl_handle = dlopen("libssl.1.0.0.dylib", RTLD_NOW)) == NULL && - (openssl_handle = dlopen("libssl.so.10", RTLD_NOW)) == NULL) { + (openssl_handle = dlopen("libssl.so.10", RTLD_NOW)) == NULL && + (openssl_handle = dlopen("libssl.so.3", RTLD_NOW)) == NULL) { git_error_set(GIT_ERROR_SSL, "could not load ssl libraries"); return -1; } |