socket.c: SSL_use_PrivateKey_file <- SSL_use_RSAPrivateKey_file,

the latter is deprecated in OpenSSL 3, and the user might use some
other key than RSA.

2 files changed, 5 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 34991c3f..39a5e97e 100644
--- a/NEWS
+++ b/NEWS
@@ -94,7 +94,10 @@ fetchmail-6.4.18 (not yet released):
 * fetchmailconf: do not require fetchmail for -V. do not require Tk (Tkinter)
   for -d option. This is to fail more gracefully on incomplete installs.
 * TLS code: remove OPENSSL_NO_DEPRECATED macros to avoid portability issues
-  with OpenSSL v3.
+  with OpenSSL v3 - these are for development purposes, not production.
+* TLS futureproofing: use SSL_use_PrivateKey_file instead of 
+  SSL_use_RSAPrivateKey_file, the latter will be deprecated with OpenSSL v3,
+  and the user's key file might be something else than RSA.
 
 --------------------------------------------------------------------------------
 fetchmail-6.4.17 (released 2021-03-07, 29998 LoC):
diff --git a/socket.c b/socket.c
index a6d2fc53..326dc9cb 100644
--- a/socket.c
+++ b/socket.c
@@ -1232,7 +1232,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck
 			*remotename = xstrdup(buffer);
 		}
 		SSL_use_certificate_file(_ssl_context[sock], mycert, SSL_FILETYPE_PEM);
-		SSL_use_RSAPrivateKey_file(_ssl_context[sock], mykey, SSL_FILETYPE_PEM);
+		SSL_use_PrivateKey_file(_ssl_context[sock], mykey, SSL_FILETYPE_PEM);
 	}
 
 	if (SSL_set_fd(_ssl_context[sock], sock) == 0