diff options
| author | Karen Arutyunov <karen@codesynthesis.com> | 2021-11-18 19:20:50 +0300 |
|---|---|---|
| committer | Karen Arutyunov <karen@codesynthesis.com> | 2021-11-19 12:25:00 +0300 |
| commit | c1e917fecc428c04abe16bd6ea675b2d10fe4669 (patch) | |
| tree | f9612a975408c8d3589a90e73a7addf160a84103 | |
| parent | a4a471f63607d3795756c90b62d00aa419c5d3d7 (diff) | |
Use pkeyutl command instead of rsautl starting openssl version 3.0.0
| -rw-r--r-- | bbot/agent/agent.cxx | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/bbot/agent/agent.cxx b/bbot/agent/agent.cxx index cfd1e7d..982f67c 100644 --- a/bbot/agent/agent.cxx +++ b/bbot/agent/agent.cxx @@ -28,6 +28,7 @@ #include <libbutl/sha256.hxx> #include <libbutl/openssl.hxx> #include <libbutl/filesystem.hxx> // dir_iterator, try_rmfile(), readsymlink() +#include <libbutl/semantic-version.hxx> #include <libbbot/manifest.hxx> @@ -1316,6 +1317,29 @@ try ilogin = machine_vnc (true /* public */); } + // Use the pkeyutl openssl command for signing the task response challenge + // if openssl version is greater or equal to 3.0.0 and the rsautl command + // otherwise. + // + // Note that openssl 3.0.0 deprecates rsautl in favor of pkeyutl. + // + const char* sign_cmd; + + try + { + optional<openssl_info> oi (openssl::info (trace, 2, ops.openssl ())); + + sign_cmd = oi && + oi->name == "OpenSSL" && + oi->version >= semantic_version {3, 0, 0} + ? "pkeyutl" + : "rsautl"; + } + catch (const system_error& e) + { + fail << "unable to obtain openssl version: " << e << endf; + } + for (unsigned int sleep (0);; ::sleep (sleep), sleep = 0) { bootstrapped_machines ms (enumerate_machines (ops.machines ())); @@ -1555,7 +1579,7 @@ try openssl os (trace, fdstream_mode::text, path ("-"), 2, - ops.openssl (), "rsautl", + ops.openssl (), sign_cmd, ops.openssl_option (), "-sign", "-inkey", ops.auth_key ()); os.out << *tr.challenge; |