diff options
-rw-r--r-- | mod/mod-build-result.cxx | 30 | ||||
-rw-r--r-- | mod/mod-build-result.hxx | 7 |
2 files changed, 34 insertions, 3 deletions
diff --git a/mod/mod-build-result.cxx b/mod/mod-build-result.cxx index 1c46fc1..1445a1d 100644 --- a/mod/mod-build-result.cxx +++ b/mod/mod-build-result.cxx @@ -12,6 +12,7 @@ #include <libbutl/process-io.hxx> #include <libbutl/manifest-parser.hxx> #include <libbutl/manifest-serializer.hxx> +#include <libbutl/semantic-version.hxx> #include <libbbot/manifest.hxx> @@ -39,7 +40,8 @@ brep::build_result:: build_result (const build_result& r) : database_module (r), build_config_module (r), - options_ (r.initialized_ ? r.options_ : nullptr) + options_ (r.initialized_ ? r.options_ : nullptr), + use_openssl_pkeyutl_ (r.initialized_ ? r.use_openssl_pkeyutl_ : false) { } @@ -62,6 +64,25 @@ init (scanner& s) build_config_module::init (*options_); } + try + { + optional<openssl_info> oi ( + openssl::info ([&trace, this] (const char* args[], size_t n) + { + l2 ([&]{trace << process_args {args, n};}); + }, + 2, + options_->openssl ())); + + use_openssl_pkeyutl_ = oi && + oi->name == "OpenSSL" && + oi->version >= semantic_version {3, 0, 0}; + } + catch (const system_error& e) + { + fail << "unable to obtain openssl version: " << e; + } + if (options_->root ().empty ()) options_->root (dir_path ("/")); } @@ -347,9 +368,12 @@ handle (request& rq, response&) path ("-"), fdstream_mode::text, 2, process_env (options_->openssl (), options_->openssl_envvar ()), - "rsautl", + use_openssl_pkeyutl_ ? "pkeyutl" : "rsautl", options_->openssl_option (), - "-verify", "-pubin", "-inkey", i->second); + use_openssl_pkeyutl_ ? "-verifyrecover" : "-verify", + "-pubin", + "-inkey", + i->second); for (const auto& c: *rqm.challenge) os.out.put (c); // Sets badbit on failure. diff --git a/mod/mod-build-result.hxx b/mod/mod-build-result.hxx index 71a60f9..1b32ad4 100644 --- a/mod/mod-build-result.hxx +++ b/mod/mod-build-result.hxx @@ -36,6 +36,13 @@ namespace brep private: shared_ptr<options::build_result> options_; + + // True if the openssl version is greater or equal to 3.0.0 and so pkeyutl + // needs to be used instead of rsautl. + // + // Note that openssl 3.0.0 deprecates rsautl in favor of pkeyutl. + // + bool use_openssl_pkeyutl_; }; } |