This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/main by this push:
new 36e24ddda Replace some deprecated code with OpenSSL 3.0+ equivalent
36e24ddda is described below
commit 36e24dddaea78aaa03e3402473d77aee6e685bda
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Dec 17 19:18:45 2025 +0000
Replace some deprecated code with OpenSSL 3.0+ equivalent
---
native/include/ssl_private.h | 2 +-
native/src/sslcontext.c | 8 ++++----
native/src/sslutils.c | 12 ++++++++----
3 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index 84647f560..7349c6f59 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -376,7 +376,7 @@ int SSL_password_callback(char *, int, int, void *);
void SSL_BIO_close(BIO *);
void SSL_BIO_doref(BIO *);
DH *SSL_get_dh_params(unsigned keylen);
-DH *SSL_dh_GetParamFromFile(const char *);
+EVP_PKEY *SSL_dh_GetParamFromFile(const char *);
#ifdef HAVE_ECC
EC_GROUP *SSL_ec_GetParamFromFile(const char *);
#endif
diff --git a/native/src/sslcontext.c b/native/src/sslcontext.c
index a81f467da..ceb0ea120 100644
--- a/native/src/sslcontext.c
+++ b/native/src/sslcontext.c
@@ -926,7 +926,7 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
setCertificate)(TCN_STDARGS, jlong ctx,
int nid;
EC_KEY *eckey = NULL;
#endif
- DH *dhparams;
+ EVP_PKEY *evp;
UNREFERENCED(o);
TCN_ASSERT(ctx != 0);
@@ -1001,9 +1001,9 @@ TCN_IMPLEMENT_CALL(jboolean, SSLContext,
setCertificate)(TCN_STDARGS, jlong ctx,
*/
/* XXX Does this also work for pkcs12 or only for PEM files?
* If only for PEM files move above to the PEM handling */
- if ((idx == 0) && (dhparams = SSL_dh_GetParamFromFile(cert_file))) {
- SSL_CTX_set_tmp_dh(c->ctx, dhparams);
- DH_free(dhparams);
+ if ((idx == 0) && (evp = SSL_dh_GetParamFromFile(cert_file))) {
+ SSL_CTX_set0_tmp_dh_pkey(c->ctx, evp);
+ EVP_PKEY_free(evp);
}
#ifdef HAVE_ECC
diff --git a/native/src/sslutils.c b/native/src/sslutils.c
index 1ee51329b..dac911f88 100644
--- a/native/src/sslutils.c
+++ b/native/src/sslutils.c
@@ -181,16 +181,20 @@ int SSL_password_callback(char *buf, int bufsiz, int
verify,
** Custom (EC)DH parameter support
** _________________________________________________________________
*/
-DH *SSL_dh_GetParamFromFile(const char *file)
+EVP_PKEY *SSL_dh_GetParamFromFile(const char *file)
{
- DH *dh = NULL;
+ EVP_PKEY *evp = NULL;
BIO *bio;
if ((bio = BIO_new_file(file, "r")) == NULL)
return NULL;
- dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+ evp = PEM_read_bio_Parameters_ex(bio, NULL, NULL, NULL);
BIO_free(bio);
- return dh;
+ if (!EVP_PKEY_is_a(evp, "DH")) {
+ EVP_PKEY_free(evp);
+ return NULL;
+ }
+ return evp;
}
#ifdef HAVE_ECC
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
