openssl: support OpenSSL 3 in dynamic mode

Try to load OpenSSL 3 libraries when compiled with OpenSSL-Dynamic support. Handle the deprecated symbol renaming of SSL_get_peer_certificate to SSL_get1_peer_certificate -- try to load the old name and if it fails, use the new one.

openssl: support OpenSSL 3 in dynamic mode
Try to load OpenSSL 3 libraries when compiled with OpenSSL-Dynamic support. Handle the deprecated symbol renaming of SSL_get_peer_certificate to SSL_get1_peer_certificate -- try to load the old name and if it fails, use the new one.
b379c401 · Edward Thomson · e9fb5af7 · b379c401 · b379c401
Commit b379c401 authored Feb 10, 2023 by Edward Thomson
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 6 deletions

src/libgit2/streams/openssl_dynamic.c
+7 -3

src/util/hash/openssl.c
+4 -3

No files found.
--- a/src/libgit2/streams/openssl_dynamic.c
+++ b/src/libgit2/streams/openssl_dynamic.c
@@ -91,7 +91,7 @@ int (*sk_num)(const void *sk);
 void *(*sk_value)(const void *sk, int i);
 void (*sk_free)(void *sk);

-void *openssl_handle;
+static void *openssl_handle;

 GIT_INLINE(void *) openssl_sym(int *err, const char *name, bool required)
 {
@@ -125,7 +125,8 @@ int git_openssl_stream_dynamic_init(void)
 	    (openssl_handle = dlopen("libssl.1.1.dylib", RTLD_NOW)) == NULL &&
 	    (openssl_handle = dlopen("libssl.so.1.0.0", RTLD_NOW)) == NULL &&
 	    (openssl_handle = dlopen("libssl.1.0.0.dylib", RTLD_NOW)) == NULL &&
-	    (openssl_handle = dlopen("libssl.so.10", RTLD_NOW)) == NULL) {
+	    (openssl_handle = dlopen("libssl.so.10", RTLD_NOW)) == NULL &&
+	    (openssl_handle = dlopen("libssl.so.3", RTLD_NOW)) == NULL) {
 		git_error_set(GIT_ERROR_SSL, "could not load ssl libraries");
 		return -1;
 	}
@@ -175,7 +176,6 @@ int git_openssl_stream_dynamic_init(void)

 	SSL_connect = (int (*)(SSL *))openssl_sym(&err, "SSL_connect", true);
 	SSL_ctrl = (long (*)(SSL *, int, long, void *))openssl_sym(&err, "SSL_ctrl", true);
-	SSL_get_peer_certificate = (X509 *(*)(const SSL *))openssl_sym(&err, "SSL_get_peer_certificate", true);
 	SSL_library_init = (int (*)(void))openssl_sym(&err, "SSL_library_init", false);
 	SSL_free = (void (*)(SSL *))openssl_sym(&err, "SSL_free", true);
 	SSL_get_error = (int (*)(SSL *, int))openssl_sym(&err, "SSL_get_error", true);
@@ -187,6 +187,10 @@ int git_openssl_stream_dynamic_init(void)
 	SSL_shutdown = (int (*)(SSL *ssl))openssl_sym(&err, "SSL_shutdown", true);
 	SSL_write = (int (*)(SSL *, const void *, int))openssl_sym(&err, "SSL_write", true);

+	if (!(SSL_get_peer_certificate = (X509 *(*)(const SSL *))openssl_sym(&err, "SSL_get_peer_certificate", false))) {
+		SSL_get_peer_certificate = (X509 *(*)(const SSL *))openssl_sym(&err, "SSL_get1_peer_certificate", true);
+	}
+
 	SSL_CTX_ctrl = (long (*)(SSL_CTX *, int, long, void *))openssl_sym(&err, "SSL_CTX_ctrl", true);
 	SSL_CTX_free = (void (*)(SSL_CTX *))openssl_sym(&err, "SSL_CTX_free", true);
 	SSL_CTX_new = (SSL_CTX *(*)(const SSL_METHOD *))openssl_sym(&err, "SSL_CTX_new", true);

--- a/src/util/hash/openssl.c
+++ b/src/util/hash/openssl.c
@@ -10,8 +10,8 @@
 #ifdef GIT_OPENSSL_DYNAMIC
 # include <dlfcn.h>

-int handle_count;
-void *openssl_handle;
+static int handle_count;
+static void *openssl_handle;

 static int git_hash_openssl_global_shutdown(void)
 {
@@ -30,7 +30,8 @@ static int git_hash_openssl_global_init(void)
 		    (openssl_handle = dlopen("libssl.1.1.dylib", RTLD_NOW)) == NULL &&
 		    (openssl_handle = dlopen("libssl.so.1.0.0", RTLD_NOW)) == NULL &&
 		    (openssl_handle = dlopen("libssl.1.0.0.dylib", RTLD_NOW)) == NULL &&
-		    (openssl_handle = dlopen("libssl.so.10", RTLD_NOW)) == NULL) {
+		    (openssl_handle = dlopen("libssl.so.10", RTLD_NOW)) == NULL &&
+		    (openssl_handle = dlopen("libssl.so.3", RTLD_NOW)) == NULL) {
 			git_error_set(GIT_ERROR_SSL, "could not load ssl libraries");
 			return -1;
 		}