openssl: stop using deprecated functions

src/main/openssl.c

@@ -23,7 +23,7 @@
 static pthread_mutex_t *lockv;
 
 
-static unsigned long threadid_handler(void)
+static inline unsigned long threadid(void)
 {
 #if defined (DARWIN) || defined (FREEBSD) || defined (OPENBSD)
 	return (unsigned long)(void *)pthread_self();
@@ -33,6 +33,19 @@ static unsigned long threadid_handler(void)
 }
 
 
+#if OPENSSL_VERSION_NUMBER >= 0x10000000
+static void threadid_handler(CRYPTO_THREADID *id)
+{
+	CRYPTO_THREADID_set_numeric(id, threadid());
+}
+#else
+static unsigned long threadid_handler(void)
+{
+	return threadid();
+}
+#endif
+
+
 static void locking_handler(int mode, int type, const char *file, int line)
 {
 	(void)file;
@@ -112,7 +125,12 @@ int openssl_init(void)
 		}
 	}
 
+#if OPENSSL_VERSION_NUMBER >= 0x10000000
+	CRYPTO_THREADID_set_callback(threadid_handler);
+#else
 	CRYPTO_set_id_callback(threadid_handler);
+#endif
+
 	CRYPTO_set_locking_callback(locking_handler);
 #endif
 

src/tls/openssl/tls.c

@@ -7,6 +7,8 @@
 #define OPENSSL_NO_KRB5 1
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
 #include <re_types.h>
 #include <re_fmt.h>
 #include <re_mem.h>
@@ -207,16 +209,25 @@ int tls_set_selfsigned(struct tls *tls, const char *cn)
 	X509_NAME *subj = NULL;
 	EVP_PKEY *key = NULL;
 	X509 *cert = NULL;
+	BIGNUM *bn = NULL;
 	RSA *rsa = NULL;
 	int r, err = ENOMEM;
 
 	if (!tls || !cn)
 		return EINVAL;
 
-	rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL);
+	rsa = RSA_new();
 	if (!rsa)
 		goto out;
 
+	bn = BN_new();
+	if (!bn)
+		goto out;
+
+	BN_set_word(bn, RSA_F4);
+	if (!RSA_generate_key_ex(rsa, 1024, bn, NULL))
+		goto out;
+
 	key = EVP_PKEY_new();
 	if (!key)
 		goto out;
@@ -286,6 +297,9 @@ int tls_set_selfsigned(struct tls *tls, const char *cn)
 	if (rsa)
 		RSA_free(rsa);
 
+	if (bn)
+		BN_free(bn);
+
 	if (err)
 		ERR_clear_error();