kea: make building with Openssl deprecated APIs off

Some of the X.509 API got retired in 3.0.0 so we should check against the backward compatibility not being enabled. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2026-04-15 10:51:55 +00:00 · 2026-02-04 19:48:38 -07:00
parent ff2027ffa9
commit 41838cd620
3 changed files with 62 additions and 12 deletions
--- a/net/kea/Makefile
+++ b/net/kea/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=kea
 PKG_VERSION:=3.0.2
-PKG_RELEASE:=3
+PKG_RELEASE:=4

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://ftp.isc.org/isc/kea/$(PKG_VERSION)
--- a/net/kea/patches/010-openssl-deprecated.patch
+++ b/net/kea/patches/010-openssl-deprecated.patch
@@ -1,11 +0,0 @@
--- a/src/lib/cryptolink/openssl_link.cc
-+++ b/src/lib/cryptolink/openssl_link.cc
-@@ -77,7 +77,7 @@ CryptoLink::initialize(CryptoLink& c) {
- 
- std::string
- CryptoLink::getVersion() {
-    return (SSLeay_version(SSLEAY_VERSION));
-+    return (OpenSSL_version(OPENSSL_VERSION));
- }
- 
- } // namespace cryptolink
--- a/net/kea/patches/100-oopenssl-deprecated.patch
+++ b/net/kea/patches/100-oopenssl-deprecated.patch
@@ -0,0 +1,61 @@
+commit b664f981aff4b3a0622d63c0f955effc909a0c8f
+Author: Philip Prindeville <philipp@redfish-solutions.com>
+Date:   Thu Feb 5 14:47:50 2026 -0700
+
+    [#4338] Build with current Openssl API
+
+--- a/meson.build
+++ b/meson.build
+@@ -331,6 +331,12 @@ elif CRYPTO_DEP.name() == openssl.name()
+         required: true,
+     )
+     message('Using OpenSSL.')
+    if cpp.has_function('SSL_get1_peer_certificate', prefix: '#include <openssl/ssl.h>', dependencies: openssl)
+      conf_data.set('HAVE_NEW_SSL_API', 1)
+    endif
+    if cpp.has_function('OpenSSL_version', prefix: '#include <openssl/crypto.h>', dependencies: openssl)
+      conf_data.set('HAVE_OPENSSL_VERSION', 1)
+    endif
+ else
+     error('Dependency not found: neither Botan nor OpenSSL.')
+ endif
+--- a/src/lib/asiolink/openssl_tls.h
+++ b/src/lib/asiolink/openssl_tls.h
+@@ -171,7 +171,11 @@ public:
+     ///
+     /// @return The commonName part of the subjectName or the empty string.
+     virtual std::string getSubject() {
+#ifdef HAVE_NEW_SSL_API
+        ::X509* cert = ::SSL_get1_peer_certificate(this->native_handle());
+#else
+         ::X509* cert = ::SSL_get_peer_certificate(this->native_handle());
+#endif
+         if (!cert) {
+             return ("");
+         }
+@@ -205,7 +209,11 @@ public:
+     ///
+     /// @return The commonName part of the issuerName or the empty string.
+     virtual std::string getIssuer() {
+#ifdef HAVE_NEW_SSL_API
+        ::X509* cert = ::SSL_get1_peer_certificate(this->native_handle());
+#else
+         ::X509* cert = ::SSL_get_peer_certificate(this->native_handle());
+#endif
+         if (!cert) {
+             return ("");
+         }
+--- a/src/lib/cryptolink/openssl_link.cc
+++ b/src/lib/cryptolink/openssl_link.cc
+@@ -77,7 +77,11 @@ CryptoLink::initialize(CryptoLink& c) {
+ 
+ std::string
+ CryptoLink::getVersion() {
+#ifdef HAVE_OPENSSL_VERSION
+    return (OpenSSL_version(OPENSSL_VERSION));
+#else
+     return (SSLeay_version(SSLEAY_VERSION));
+#endif
+ }
+ 
+ } // namespace cryptolink