aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKaren Arutyunov <karen@codesynthesis.com>2021-11-18 20:20:41 +0300
committerKaren Arutyunov <karen@codesynthesis.com>2021-11-19 11:20:19 +0300
commit178e691dbb3e314858e94c369e5d6e7cbee7da4b (patch)
tree9c035e77b3cb9c3032ca6b8b05d4eeeee0d002c6
parent311019b4787e8640c407083ba0412d72f3836216 (diff)
Use pkeyutl command instead of rsautl starting openssl version 3.0.0
-rw-r--r--mod/mod-build-result.cxx30
-rw-r--r--mod/mod-build-result.hxx7
2 files changed, 34 insertions, 3 deletions
diff --git a/mod/mod-build-result.cxx b/mod/mod-build-result.cxx
index 1c46fc1..1445a1d 100644
--- a/mod/mod-build-result.cxx
+++ b/mod/mod-build-result.cxx
@@ -12,6 +12,7 @@
#include <libbutl/process-io.hxx>
#include <libbutl/manifest-parser.hxx>
#include <libbutl/manifest-serializer.hxx>
+#include <libbutl/semantic-version.hxx>
#include <libbbot/manifest.hxx>
@@ -39,7 +40,8 @@ brep::build_result::
build_result (const build_result& r)
: database_module (r),
build_config_module (r),
- options_ (r.initialized_ ? r.options_ : nullptr)
+ options_ (r.initialized_ ? r.options_ : nullptr),
+ use_openssl_pkeyutl_ (r.initialized_ ? r.use_openssl_pkeyutl_ : false)
{
}
@@ -62,6 +64,25 @@ init (scanner& s)
build_config_module::init (*options_);
}
+ try
+ {
+ optional<openssl_info> oi (
+ openssl::info ([&trace, this] (const char* args[], size_t n)
+ {
+ l2 ([&]{trace << process_args {args, n};});
+ },
+ 2,
+ options_->openssl ()));
+
+ use_openssl_pkeyutl_ = oi &&
+ oi->name == "OpenSSL" &&
+ oi->version >= semantic_version {3, 0, 0};
+ }
+ catch (const system_error& e)
+ {
+ fail << "unable to obtain openssl version: " << e;
+ }
+
if (options_->root ().empty ())
options_->root (dir_path ("/"));
}
@@ -347,9 +368,12 @@ handle (request& rq, response&)
path ("-"), fdstream_mode::text, 2,
process_env (options_->openssl (),
options_->openssl_envvar ()),
- "rsautl",
+ use_openssl_pkeyutl_ ? "pkeyutl" : "rsautl",
options_->openssl_option (),
- "-verify", "-pubin", "-inkey", i->second);
+ use_openssl_pkeyutl_ ? "-verifyrecover" : "-verify",
+ "-pubin",
+ "-inkey",
+ i->second);
for (const auto& c: *rqm.challenge)
os.out.put (c); // Sets badbit on failure.
diff --git a/mod/mod-build-result.hxx b/mod/mod-build-result.hxx
index 71a60f9..1b32ad4 100644
--- a/mod/mod-build-result.hxx
+++ b/mod/mod-build-result.hxx
@@ -36,6 +36,13 @@ namespace brep
private:
shared_ptr<options::build_result> options_;
+
+ // True if the openssl version is greater or equal to 3.0.0 and so pkeyutl
+ // needs to be used instead of rsautl.
+ //
+ // Note that openssl 3.0.0 deprecates rsautl in favor of pkeyutl.
+ //
+ bool use_openssl_pkeyutl_;
};
}