From 54fe81fc60ce84d5740041c43ce9bcc1e8bb6693 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodarima@gmail.com>
Date: Thu, 4 Apr 2024 23:57:51 +0200
Subject: Use SSL_get1_peer_certificate() in OpenSSL 3

The function SSL_get_peer_certificate() is deprecated in 3.0.0, but
still defined as a compatibility macro.

Fixes: https://github.com/dillo-browser/dillo/issues/118
---
 src/IO/tls_openssl.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/IO/tls_openssl.c')

diff --git a/src/IO/tls_openssl.c b/src/IO/tls_openssl.c
index 5090683c..ceb06f93 100644
--- a/src/IO/tls_openssl.c
+++ b/src/IO/tls_openssl.c
@@ -821,7 +821,12 @@ static int Tls_examine_certificate(SSL *ssl, Server_t *srv)
    int choice = -1, ret = -1;
    char *title = dStrconcat("Dillo TLS security warning: ",srv->hostname,NULL);
 
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
    remote_cert = SSL_get_peer_certificate(ssl);
+#else
+   /* SSL_get_peer_certificate() was deprecated in 3.0.0. */
+   remote_cert = SSL_get1_peer_certificate(ssl);
+#endif
    if (remote_cert == NULL){
       /* Inform user that remote system cannot be trusted */
       choice = a_Dialog_choice(title,
-- 
cgit v1.2.3