diff --git a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c.sav b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c --- a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c.sav +++ b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c @@ -299,7 +299,9 @@ rpctls_syscall(RPCTLS_SYSC_CLSHUTDOWN, ""); SSL_CTX_free(rpctls_ctx); +#if OPENSSL_VERSION_NUMBER < 0x10100000L EVP_cleanup(); +#endif return (0); } @@ -480,9 +482,11 @@ size_t len, rlen; int ret; +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); +#endif ctx = SSL_CTX_new(TLS_client_method()); if (ctx == NULL) { @@ -490,7 +494,9 @@ "failed\n"); return (NULL); } +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_CTX_set_ecdh_auto(ctx, 1); +#endif if (rpctls_ciphers != NULL) { /* @@ -551,7 +557,7 @@ return (NULL); } } -#if OPENSSL_VERSION_NUMBER >= 0x30000000 +#if OPENSSL_VERSION_NUMBER >= 0x30000000L ret = 1; if (rpctls_verify_cafile != NULL) ret = SSL_CTX_load_verify_file(ctx, @@ -686,7 +692,11 @@ return (NULL); } +#if OPENSSL_VERSION_NUMBER > 0x30000000L + cert = SSL_get1_peer_certificate(ssl); +#else cert = SSL_get_peer_certificate(ssl); +#endif if (cert == NULL) { rpctls_verbose_out("rpctls_connect: get peer" " certificate failed\n"); diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c.sav b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c --- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c.sav +++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c @@ -416,7 +416,9 @@ rpctls_svc_run(); SSL_CTX_free(rpctls_ctx); +#if OPENSSL_VERSION_NUMBER < 0x10100000L EVP_cleanup(); +#endif return (0); } @@ -652,16 +654,20 @@ size_t len, rlen; int ret; +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); +#endif ctx = SSL_CTX_new(TLS_server_method()); if (ctx == NULL) { rpctls_verbose_out("rpctls_setup_ssl: SSL_CTX_new failed\n"); return (NULL); } +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_CTX_set_ecdh_auto(ctx, 1); +#endif if (rpctls_ciphers != NULL) { /* @@ -733,7 +739,7 @@ return (NULL); } } -#if OPENSSL_VERSION_NUMBER >= 0x30000000 +#if OPENSSL_VERSION_NUMBER >= 0x30000000L ret = 1; if (rpctls_verify_cafile != NULL) ret = SSL_CTX_load_verify_file(ctx, @@ -811,7 +817,11 @@ SSL_get_cipher(ssl)); } if (rpctls_do_mutual) { +#if OPENSSL_VERSION_NUMBER > 0x30000000L + cert = SSL_get1_peer_certificate(ssl); +#else cert = SSL_get_peer_certificate(ssl); +#endif if (cert != NULL) { if (!rpctls_verbose) { gethostret = rpctls_gethost(s, sad, hostnam,