The branch stable/13 has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=e20dba3a212d9e114c697b31ae9104e21a03a6d2
commit e20dba3a212d9e114c697b31ae9104e21a03a6d2 Author: Enji Cooper <[email protected]> AuthorDate: 2023-06-22 03:53:54 +0000 Commit: Dag-Erling Smørgrav <[email protected]> CommitDate: 2026-02-11 13:53:30 +0000 libfetch: remove all old OpenSSL support This change removes pre-OpenSSL 1.1 supporting code and removes/adjusted preprocessor conditionals which were tautilogically true as FreeBSD main has shipped with OpenSSL 1.1+ for some time. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D40711 (cherry picked from commit bc1027a7785166fde9c2a3b48e6e70d198377d4b) --- lib/libfetch/common.c | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index 3a7aba160206..723cba62bb57 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -948,24 +948,8 @@ fetch_ssl_verify_altname(STACK_OF(GENERAL_NAME) *altnames, const char *ns; for (i = 0; i < sk_GENERAL_NAME_num(altnames); ++i) { -#if OPENSSL_VERSION_NUMBER < 0x10000000L - /* - * This is a workaround, since the following line causes - * alignment issues in clang: - * name = sk_GENERAL_NAME_value(altnames, i); - * OpenSSL explicitly warns not to use those macros - * directly, but there isn't much choice (and there - * shouldn't be any ill side effects) - */ - name = (GENERAL_NAME *)SKM_sk_value(void, altnames, i); -#else name = sk_GENERAL_NAME_value(altnames, i); -#endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L - ns = (const char *)ASN1_STRING_data(name->d.ia5); -#else ns = (const char *)ASN1_STRING_get0_data(name->d.ia5); -#endif nslen = (size_t)ASN1_STRING_length(name->d.ia5); if (name->type == GEN_DNS && ip == NULL && @@ -1196,16 +1180,6 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) X509_NAME *name; char *str; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - /* Init the SSL library and context */ - if (!SSL_library_init()){ - fprintf(stderr, "SSL library init failed\n"); - return (-1); - } - - SSL_load_error_strings(); -#endif - conn->ssl_meth = SSLv23_client_method(); conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth); SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY); @@ -1223,7 +1197,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) } SSL_set_fd(conn->ssl, conn->sd); -#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) +#if !defined(OPENSSL_NO_TLSEXT) if (!SSL_set_tlsext_host_name(conn->ssl, __DECONST(struct url *, URL)->host)) { fprintf(stderr,
