diff --git a/libcaf_openssl/src/openssl/session.cpp b/libcaf_openssl/src/openssl/session.cpp index a5512a5264..1a2a1622c2 100644 --- a/libcaf_openssl/src/openssl/session.cpp +++ b/libcaf_openssl/src/openssl/session.cpp @@ -5,7 +5,10 @@ #include "caf/openssl/session.hpp" #include + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L #include +#endif CAF_PUSH_WARNINGS #include @@ -79,6 +82,7 @@ std::optional contents_from_indirect_envvar(const std::string& str) // If the input is a string like `env:SOME_VARIABLE` and the environment variable // `SOME_VARIABLE` exists, returns a string with the value of `SOME_VARIABLE`. std::optional tmpfile_from_string(const std::string& content) { + std::cout << "content:\n" << content << std::endl; auto filename = std::string{"/tmp/caf-openssl.XXXXXX"}; ::mkstemp(&filename[0]); std::ofstream ofs(filename); @@ -262,9 +266,10 @@ SSL_CTX* session::create_ssl_context() { // memory and the implementation of `SSL_CTX_use_certificate_chain_file` // is huge, so we write into a temporary file. if (auto filename = pem_file_from_envvar(cfg.openssl_certificate)) { + std::cout << *filename << std::endl; if (SSL_CTX_use_certificate_chain_file(ctx, filename->c_str()) != 1) - CAF_RAISE_ERROR("cannot load certificate from environt variable"); + CAF_RAISE_ERROR("cannot load certificate from environment variable"); } else if (!cfg.openssl_certificate.empty() && SSL_CTX_use_certificate_chain_file(ctx, cfg.openssl_certificate.c_str()) @@ -277,20 +282,20 @@ SSL_CTX* session::create_ssl_context() { SSL_CTX_set_default_passwd_cb_userdata(ctx, this); } if (auto var = pem_string_from_envvar(cfg.openssl_key)) { -#if OPENSSL_VERSION_NUMBER < 0x10101000L +#if OPENSSL_VERSION_NUMBER < 0x30000000L // BIO_new_mem_buf just creates a read-only view, so we don't need // to free it afterwards. - kbio = BIO_new_mem_buf(var->data(), -1); + auto* kbio = BIO_new_mem_buf(var->data(), -1); if (!kbio) - CAF_RAISE_ERROR(""); + CAF_RAISE_ERROR("failed to construct OpenSSL BIO"); // This function was deprecated in favor of the OSSL_DECODER API // introduced in OpenSSL 3.0, but that is not available on // Debian Bullseye. - rsa = PEM_read_bio_RSAPrivateKey(kbio, NULL, 0, NULL); + auto* rsa = PEM_read_bio_RSAPrivateKey(kbio, NULL, 0, NULL); if (rsa != NULL) - CAF_RAISE_CAF_RAISE_ERROR("invalid private key"); + CAF_RAISE_ERROR("invalid private key"); SSL_CTX_use_RSAPrivateKey(ctx, rsa); -#else /* OPENSSL_VERSION_NUMBER < 0x10101000L */ +#else /* OPENSSL_VERSION_NUMBER < 0x30000000L */ EVP_PKEY *pkey = nullptr; const char *format = "PEM"; // NULL for any format const char *structure = nullptr; // Any structure @@ -311,7 +316,7 @@ SSL_CTX* session::create_ssl_context() { // Use the private key. SSL_CTX_use_PrivateKey(ctx, pkey); OSSL_DECODER_CTX_free(dctx); -#endif /* OPENSSL_VERSION_NUMBER < 0x10101000L */ +#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */ } else if (!cfg.openssl_key.empty() && SSL_CTX_use_PrivateKey_file(ctx, cfg.openssl_key.c_str(),