net.openssl: replace SSL_get1_peer_certificate by SSL_get_peer_certificate for OpenBSD (#24556)

OpenBSD uses LibreSSL (OpenSSL fork) by default for libssl/libcrypto. SSL_get1_peer_certificate is not supported by LibreSSL, replace it by SSL_get_peer_certificate.
2025-08-03 09:47:15 -04:00 · 2025-05-23 15:15:48 +02:00 · 2025-05-23 15:15:48 +02:00 · a8aeae2111
commit a8aeae2111
parent ddb15646a7
2 changed files with 11 additions and 1 deletions
--- a/vlib/net/openssl/openssl_openbsd.c.v
+++ b/vlib/net/openssl/openssl_openbsd.c.v
@ -0,0 +1,5 @@
+module openssl
+
+// SSL_get_peer1_certificate not defined in LibreSSL (OpenSSL fork) on OpenBSD,
+// use SSL_get_peer_certificate instead.
+fn C.SSL_get_peer_certificate(ssl &SSL) &C.X509
--- a/vlib/net/openssl/ssl_connection.c.v
+++ b/vlib/net/openssl/ssl_connection.c.v
@ -223,6 +223,7 @@ fn (mut s SSLConn) complete_connect() ! {
 	}

 	if s.config.validate {
+		mut pcert := &C.X509(unsafe { nil })
 		for {
 			mut res := C.SSL_do_handshake(voidptr(s.ssl))
 			if res == 1 {
@ -239,7 +240,11 @@ fn (mut s SSLConn) complete_connect() ! {
 			}
 			return error('Could not validate SSL certificate. (${err_res}),err')
 		}
-		pcert := C.SSL_get1_peer_certificate(voidptr(s.ssl))
+		$if openbsd {
+			pcert = C.SSL_get_peer_certificate(voidptr(s.ssl))
+		} $else {
+			pcert = C.SSL_get1_peer_certificate(voidptr(s.ssl))
+		}
 		defer {
 			if pcert != 0 {
 				C.X509_free(pcert)