From a8aeae21117d986fb3f8094ff44fed5f3cc2a8e6 Mon Sep 17 00:00:00 2001
From: Laurent Cheylus <foxy@free.fr>
Date: Fri, 23 May 2025 15:15:48 +0200
Subject: [PATCH] net.openssl: replace SSL_get1_peer_certificate by
 SSL_get_peer_certificate for OpenBSD (#24556)

OpenBSD uses LibreSSL (OpenSSL fork) by default for libssl/libcrypto.
SSL_get1_peer_certificate is not supported by LibreSSL, replace it by
SSL_get_peer_certificate.
---
 vlib/net/openssl/openssl_openbsd.c.v | 5 +++++
 vlib/net/openssl/ssl_connection.c.v  | 7 ++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 vlib/net/openssl/openssl_openbsd.c.v

diff --git a/vlib/net/openssl/openssl_openbsd.c.v b/vlib/net/openssl/openssl_openbsd.c.v
new file mode 100644
index 0000000000..e0caf89097
--- /dev/null
+++ b/vlib/net/openssl/openssl_openbsd.c.v
@@ -0,0 +1,5 @@
+module openssl
+
+// SSL_get_peer1_certificate not defined in LibreSSL (OpenSSL fork) on OpenBSD,
+// use SSL_get_peer_certificate instead.
+fn C.SSL_get_peer_certificate(ssl &SSL) &C.X509
diff --git a/vlib/net/openssl/ssl_connection.c.v b/vlib/net/openssl/ssl_connection.c.v
index 13ca4769fd..c9be01f3bc 100644
--- a/vlib/net/openssl/ssl_connection.c.v
+++ b/vlib/net/openssl/ssl_connection.c.v
@@ -223,6 +223,7 @@ fn (mut s SSLConn) complete_connect() ! {
 	}
 
 	if s.config.validate {
+		mut pcert := &C.X509(unsafe { nil })
 		for {
 			mut res := C.SSL_do_handshake(voidptr(s.ssl))
 			if res == 1 {
@@ -239,7 +240,11 @@ fn (mut s SSLConn) complete_connect() ! {
 			}
 			return error('Could not validate SSL certificate. (${err_res}),err')
 		}
-		pcert := C.SSL_get1_peer_certificate(voidptr(s.ssl))
+		$if openbsd {
+			pcert = C.SSL_get_peer_certificate(voidptr(s.ssl))
+		} $else {
+			pcert = C.SSL_get1_peer_certificate(voidptr(s.ssl))
+		}
 		defer {
 			if pcert != 0 {
 				C.X509_free(pcert)