From 940319c8f86c026bb8830ceb8dc45a2e08447960 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sat, 13 Mar 2021 21:01:23 +0100 Subject: socket.c: SSL_use_PrivateKey_file <- SSL_use_RSAPrivateKey_file, the latter is deprecated in OpenSSL 3, and the user might use some other key than RSA. --- NEWS | 5 ++++- socket.c | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 34991c3f..39a5e97e 100644 --- a/NEWS +++ b/NEWS @@ -94,7 +94,10 @@ fetchmail-6.4.18 (not yet released): * fetchmailconf: do not require fetchmail for -V. do not require Tk (Tkinter) for -d option. This is to fail more gracefully on incomplete installs. * TLS code: remove OPENSSL_NO_DEPRECATED macros to avoid portability issues - with OpenSSL v3. + with OpenSSL v3 - these are for development purposes, not production. +* TLS futureproofing: use SSL_use_PrivateKey_file instead of + SSL_use_RSAPrivateKey_file, the latter will be deprecated with OpenSSL v3, + and the user's key file might be something else than RSA. -------------------------------------------------------------------------------- fetchmail-6.4.17 (released 2021-03-07, 29998 LoC): diff --git a/socket.c b/socket.c index a6d2fc53..326dc9cb 100644 --- a/socket.c +++ b/socket.c @@ -1232,7 +1232,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, const char *myproto, int certck *remotename = xstrdup(buffer); } SSL_use_certificate_file(_ssl_context[sock], mycert, SSL_FILETYPE_PEM); - SSL_use_RSAPrivateKey_file(_ssl_context[sock], mykey, SSL_FILETYPE_PEM); + SSL_use_PrivateKey_file(_ssl_context[sock], mykey, SSL_FILETYPE_PEM); } if (SSL_set_fd(_ssl_context[sock], sock) == 0 -- cgit v1.2.3