Lib: remove use of OpenSSL functions deprecated in v1.1.0+

4 files changed, 70 insertions, 38 deletions

diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
index e9f71f2..40a01e8 100644
--- a/librabbitmq/amqp_openssl.c
+++ b/librabbitmq/amqp_openssl.c
@@ -583,7 +583,15 @@ static int setup_openssl(void) {
   CRYPTO_set_id_callback(ssl_threadid_callback);
   CRYPTO_set_locking_callback(ssl_locking_callback);
 
+#ifdef AMQP_OPENSSL_V110
+  if (CONF_modules_load_file(NULL, "rabbitmq-c", CONF_MFLAGS_DEFAULT_SECTION) <=
+      0) {
+    status = AMQP_STATUS_SSL_ERROR;
+    goto out;
+  }
+#else
   OPENSSL_config(NULL);
+#endif
   SSL_library_init();
   SSL_load_error_strings();
 
@@ -660,7 +668,9 @@ int amqp_uninitialize_ssl_library(void) {
   amqp_openssl_bio_destroy();
   openssl_bio_initialized = 0;
 
+#ifndef AMQP_OPENSSL_V110
   ERR_remove_state(0);
+#endif
   FIPS_mode_set(0);
 
   CRYPTO_set_locking_callback(NULL);
diff --git a/librabbitmq/amqp_openssl_bio.c b/librabbitmq/amqp_openssl_bio.c
index 91a46bb..3556d6f 100644
--- a/librabbitmq/amqp_openssl_bio.c
+++ b/librabbitmq/amqp_openssl_bio.c
@@ -44,10 +44,6 @@ static int amqp_ssl_bio_initialized = 0;
 
 #ifdef AMQP_USE_AMQP_BIO
 
-#if (OPENSSL_VERSION_NUMBER > 0x10100000L)
-#define AMQP_OPENSSL_V110
-#endif
-
 static BIO_METHOD *amqp_bio_method;
 
 static int amqp_openssl_bio_should_retry(int res) {
@@ -147,7 +143,10 @@ int amqp_openssl_bio_init(void) {
     return AMQP_STATUS_NO_MEMORY;
   }
 
-  BIO_METHOD *meth = BIO_s_socket();
+  // casting away const is necessary until
+  // https://github.com/openssl/openssl/pull/2181/, which is targeted for
+  // openssl 1.1.1
+  BIO_METHOD *meth = (BIO_METHOD *)BIO_s_socket();
   BIO_meth_set_create(amqp_bio_method, BIO_meth_get_create(meth));
   BIO_meth_set_destroy(amqp_bio_method, BIO_meth_get_destroy(meth));
   BIO_meth_set_ctrl(amqp_bio_method, BIO_meth_get_ctrl(meth));
@@ -184,7 +183,7 @@ void amqp_openssl_bio_destroy(void) {
   amqp_ssl_bio_initialized = 0;
 }
 
-BIO_METHOD *amqp_openssl_bio(void) {
+BIO_METHOD_PTR amqp_openssl_bio(void) {
   assert(amqp_ssl_bio_initialized);
 #ifdef AMQP_USE_AMQP_BIO
   return amqp_bio_method;
diff --git a/librabbitmq/amqp_openssl_bio.h b/librabbitmq/amqp_openssl_bio.h
index 9c99c78..ec09c5e 100644
--- a/librabbitmq/amqp_openssl_bio.h
+++ b/librabbitmq/amqp_openssl_bio.h
@@ -29,6 +29,16 @@ int amqp_openssl_bio_init(void);
 
 void amqp_openssl_bio_destroy(void);
 
-BIO_METHOD* amqp_openssl_bio(void);
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#define AMQP_OPENSSL_V110
+#endif
+
+#ifdef AMQP_OPENSSL_V110
+typedef const BIO_METHOD *BIO_METHOD_PTR;
+#else
+typedef BIO_METHOD *BIO_METHOD_PTR;
+#endif
+
+BIO_METHOD_PTR amqp_openssl_bio(void);
 
 #endif /* ifndef AMQP_OPENSSL_BIO */
diff --git a/librabbitmq/amqp_openssl_hostname_validation.c b/librabbitmq/amqp_openssl_hostname_validation.c
index ea61186..133d73c 100644
--- a/librabbitmq/amqp_openssl_hostname_validation.c
+++ b/librabbitmq/amqp_openssl_hostname_validation.c
@@ -31,25 +31,28 @@
 #include <openssl/x509v3.h>
 
 #include "amqp_hostcheck.h"
+#include "amqp_openssl_bio.h"
 #include "amqp_openssl_hostname_validation.h"
 
+#include <string.h>
+
 #define HOSTNAME_MAX_SIZE 255
 
 /**
-* Tries to find a match for hostname in the certificate's Common Name field.
-*
-* Returns AMQP_HVR_MATCH_FOUND if a match was found.
-* Returns AMQP_HVR_MATCH_NOT_FOUND if no matches were found.
-* Returns AMQP_HVR_MALFORMED_CERTIFICATE if the Common Name had a NUL character
-* embedded in it.
-* Returns AMQP_HVR_ERROR if the Common Name could not be extracted.
-*/
+ * Tries to find a match for hostname in the certificate's Common Name field.
+ *
+ * Returns AMQP_HVR_MATCH_FOUND if a match was found.
+ * Returns AMQP_HVR_MATCH_NOT_FOUND if no matches were found.
+ * Returns AMQP_HVR_MALFORMED_CERTIFICATE if the Common Name had a NUL character
+ * embedded in it.
+ * Returns AMQP_HVR_ERROR if the Common Name could not be extracted.
+ */
 static amqp_hostname_validation_result amqp_matches_common_name(
     const char *hostname, const X509 *server_cert) {
   int common_name_loc = -1;
   X509_NAME_ENTRY *common_name_entry = NULL;
   ASN1_STRING *common_name_asn1 = NULL;
-  char *common_name_str = NULL;
+  const char *common_name_str = NULL;
 
   // Find the position of the CN field in the Subject field of the certificate
   common_name_loc = X509_NAME_get_index_by_NID(
@@ -70,7 +73,12 @@ static amqp_hostname_validation_result amqp_matches_common_name(
   if (common_name_asn1 == NULL) {
     return AMQP_HVR_ERROR;
   }
+
+#ifdef AMQP_OPENSSL_V110
+  common_name_str = (const char *)ASN1_STRING_get0_data(common_name_asn1);
+#else
   common_name_str = (char *)ASN1_STRING_data(common_name_asn1);
+#endif
 
   // Make sure there isn't an embedded NUL character in the CN
   if ((size_t)ASN1_STRING_length(common_name_asn1) != strlen(common_name_str)) {
@@ -86,16 +94,16 @@ static amqp_hostname_validation_result amqp_matches_common_name(
 }
 
 /**
-* Tries to find a match for hostname in the certificate's Subject Alternative
-* Name extension.
-*
-* Returns AMQP_HVR_MATCH_FOUND if a match was found.
-* Returns AMQP_HVR_MATCH_NOT_FOUND if no matches were found.
-* Returns AMQP_HVR_MALFORMED_CERTIFICATE if any of the hostnames had a NUL
-* character embedded in it.
-* Returns AMQP_HVR_NO_SAN_PRESENT if the SAN extension was not present in the
-* certificate.
-*/
+ * Tries to find a match for hostname in the certificate's Subject Alternative
+ * Name extension.
+ *
+ * Returns AMQP_HVR_MATCH_FOUND if a match was found.
+ * Returns AMQP_HVR_MATCH_NOT_FOUND if no matches were found.
+ * Returns AMQP_HVR_MALFORMED_CERTIFICATE if any of the hostnames had a NUL
+ * character embedded in it.
+ * Returns AMQP_HVR_NO_SAN_PRESENT if the SAN extension was not present in the
+ * certificate.
+ */
 static amqp_hostname_validation_result amqp_matches_subject_alternative_name(
     const char *hostname, const X509 *server_cert) {
   amqp_hostname_validation_result result = AMQP_HVR_MATCH_NOT_FOUND;
@@ -117,7 +125,12 @@ static amqp_hostname_validation_result amqp_matches_subject_alternative_name(
 
     if (current_name->type == GEN_DNS) {
       // Current name is a DNS name, let's check it
-      char *dns_name = (char *)ASN1_STRING_data(current_name->d.dNSName);
+      const char *dns_name = (const char *)
+#ifdef AMQP_OPENSSL_V110
+          ASN1_STRING_get0_data(current_name->d.dNSName);
+#else
+          ASN1_STRING_data(current_name->d.dNSName);
+#endif
 
       // Make sure there isn't an embedded NUL character in the DNS name
       if ((size_t)ASN1_STRING_length(current_name->d.dNSName) !=
@@ -138,17 +151,17 @@ static amqp_hostname_validation_result amqp_matches_subject_alternative_name(
 }
 
 /**
-* Validates the server's identity by looking for the expected hostname in the
-* server's certificate. As described in RFC 6125, it first tries to find a match
-* in the Subject Alternative Name extension. If the extension is not present in
-* the certificate, it checks the Common Name instead.
-*
-* Returns AMQP_HVR_MATCH_FOUND if a match was found.
-* Returns AMQP_HVR_MATCH_NOT_FOUND if no matches were found.
-* Returns AMQP_HVR_MALFORMED_CERTIFICATE if any of the hostnames had a NUL
-* character embedded in it.
-* Returns AMQP_HVR_ERROR if there was an error.
-*/
+ * Validates the server's identity by looking for the expected hostname in the
+ * server's certificate. As described in RFC 6125, it first tries to find a
+ * match in the Subject Alternative Name extension. If the extension is not
+ * present in the certificate, it checks the Common Name instead.
+ *
+ * Returns AMQP_HVR_MATCH_FOUND if a match was found.
+ * Returns AMQP_HVR_MATCH_NOT_FOUND if no matches were found.
+ * Returns AMQP_HVR_MALFORMED_CERTIFICATE if any of the hostnames had a NUL
+ * character embedded in it.
+ * Returns AMQP_HVR_ERROR if there was an error.
+ */
 amqp_hostname_validation_result amqp_ssl_validate_hostname(
     const char *hostname, const X509 *server_cert) {
   amqp_hostname_validation_result result;