lib32-libevent/trunk/libevent-2.1.12-openssl-compat.patch

   1 commit 7f4684c0d362fefee8697ceed3f4f8642ed147ce
   2 Author: William Marlow <william.marlow@ibm.com>
   3 Date:   Sat Jun 18 21:43:31 2022 +0100
   4
   5     Initial OpenSSL 3.0 support
   6
   7     * Don't use deprecated functions when building against OpenSSL 3.0.
   8     * Recognise that OpenSSL 3.0 can signal a dirty shutdown as a protocol.
   9       error in addition to the expected IO error produced by OpenSSL 1.1.1
  10     * Update regress_mbedtls.c for compatibility with OpenSSL 3
  11
  12     (cherry picked from commit 29c420c418aeb497e5e8b7abd45dee39194ca5fc)
  13
  14      Conflicts:
  15             bufferevent_openssl.c
  16             sample/becat.c
  17             test/regress_mbedtls.c
  18
  19 diff --git a/bufferevent_openssl.c b/bufferevent_openssl.c
  20 index b51b834b..520e2d6f 100644
  21 --- a/bufferevent_openssl.c
  22 +++ b/bufferevent_openssl.c
  23 @@ -514,7 +514,9 @@ conn_closed(struct bufferevent_openssl *bev_ssl, int when, int errcode, int ret)
  24                 put_error(bev_ssl, errcode);
  25                 break;
  26         case SSL_ERROR_SSL:
  27 -               /* Protocol error. */
  28 +               /* Protocol error; possibly a dirty shutdown. */
  29 +               if (ret == 0 && SSL_is_init_finished(bev_ssl->ssl) == 0)
  30 +                       dirty_shutdown = 1;
  31                 put_error(bev_ssl, errcode);
  32                 break;
  33         case SSL_ERROR_WANT_X509_LOOKUP:
  34 diff --git a/sample/le-proxy.c b/sample/le-proxy.c
  35 index 13e0e2ae..e9af3c68 100644
  36 --- a/sample/le-proxy.c
  37 +++ b/sample/le-proxy.c
  38 @@ -112,10 +112,15 @@ eventcb(struct bufferevent *bev, short what, void *ctx)
  39                                     ERR_reason_error_string(err);
  40                                 const char *lib = (const char*)
  41                                     ERR_lib_error_string(err);
  42 +#if OPENSSL_VERSION_MAJOR >= 3
  43 +                               fprintf(stderr,
  44 +                                       "%s in %s\n", msg, lib);
  45 +#else
  46                                 const char *func = (const char*)
  47                                     ERR_func_error_string(err);
  48                                 fprintf(stderr,
  49                                     "%s in %s %s\n", msg, lib, func);
  50 +#endif
  51                         }
  52                         if (errno)
  53                                 perror("connection error");
  54 diff --git a/test/regress_ssl.c b/test/regress_ssl.c
  55 index 37dc334d..490be9b2 100644
  56 --- a/test/regress_ssl.c
  57 +++ b/test/regress_ssl.c
  58 @@ -374,7 +374,16 @@ eventcb(struct bufferevent *bev, short what, void *ctx)
  59                 ++n_connected;
  60                 ssl = bufferevent_openssl_get_ssl(bev);
  61                 tt_assert(ssl);
  62 +#if OPENSSL_VERSION_MAJOR >= 3
  63 +               /* SSL_get1_peer_certificate() means we want
  64 +                * to increase the reference count on the cert
  65 +                * and so we will need to free it ourselves later
  66 +                * when we're done with it. The non-reference count
  67 +                * increasing version is not available in OpenSSL 1.1.1. */
  68 +               peer_cert = SSL_get1_peer_certificate(ssl);
  69 +#else
  70                 peer_cert = SSL_get_peer_certificate(ssl);
  71 +#endif
  72                 if (type & REGRESS_OPENSSL_SERVER) {
  73                         tt_assert(peer_cert == NULL);
  74                 } else {