kea: make building with Openssl deprecated APIs off

Some of the X.509 API got retired in 3.0.0 so we should check
against the backward compatibility not being enabled.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

diff --git a/net/kea/Makefile b/net/kea/Makefile
index 7c00633ada8068ea7273f6123ec3749b836ea5df..bf712db93080acb77b419c9fcaaa0c28d7137a99 100644 (file)
--- a/net/kea/Makefile
+++ b/net/kea/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=kea
 PKG_VERSION:=3.0.2
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://ftp.isc.org/isc/kea/$(PKG_VERSION)

diff --git a/net/kea/patches/010-openssl-deprecated.patch b/net/kea/patches/010-openssl-deprecated.patch
deleted file mode 100644 (file)
index 6487b0a..0000000
--- a/net/kea/patches/010-openssl-deprecated.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/src/lib/cryptolink/openssl_link.cc
-+++ b/src/lib/cryptolink/openssl_link.cc
-@@ -77,7 +77,7 @@ CryptoLink::initialize(CryptoLink& c) {
- 
- std::string
- CryptoLink::getVersion() {
--    return (SSLeay_version(SSLEAY_VERSION));
-+    return (OpenSSL_version(OPENSSL_VERSION));
- }
- 
- } // namespace cryptolink

diff --git a/net/kea/patches/100-oopenssl-deprecated.patch b/net/kea/patches/100-oopenssl-deprecated.patch
new file mode 100644 (file)
index 0000000..b6e23f6
--- /dev/null
+++ b/net/kea/patches/100-oopenssl-deprecated.patch
@@ -0,0 +1,61 @@
+commit b664f981aff4b3a0622d63c0f955effc909a0c8f
+Author: Philip Prindeville <philipp@redfish-solutions.com>
+Date:   Thu Feb 5 14:47:50 2026 -0700
+
+    [#4338] Build with current Openssl API
+
+--- a/meson.build
++++ b/meson.build
+@@ -331,6 +331,12 @@ elif CRYPTO_DEP.name() == openssl.name()
+         required: true,
+     )
+     message('Using OpenSSL.')
++    if cpp.has_function('SSL_get1_peer_certificate', prefix: '#include <openssl/ssl.h>', dependencies: openssl)
++      conf_data.set('HAVE_NEW_SSL_API', 1)
++    endif
++    if cpp.has_function('OpenSSL_version', prefix: '#include <openssl/crypto.h>', dependencies: openssl)
++      conf_data.set('HAVE_OPENSSL_VERSION', 1)
++    endif
+ else
+     error('Dependency not found: neither Botan nor OpenSSL.')
+ endif
+--- a/src/lib/asiolink/openssl_tls.h
++++ b/src/lib/asiolink/openssl_tls.h
+@@ -171,7 +171,11 @@ public:
+     ///
+     /// @return The commonName part of the subjectName or the empty string.
+     virtual std::string getSubject() {
++#ifdef HAVE_NEW_SSL_API
++        ::X509* cert = ::SSL_get1_peer_certificate(this->native_handle());
++#else
+         ::X509* cert = ::SSL_get_peer_certificate(this->native_handle());
++#endif
+         if (!cert) {
+             return ("");
+         }
+@@ -205,7 +209,11 @@ public:
+     ///
+     /// @return The commonName part of the issuerName or the empty string.
+     virtual std::string getIssuer() {
++#ifdef HAVE_NEW_SSL_API
++        ::X509* cert = ::SSL_get1_peer_certificate(this->native_handle());
++#else
+         ::X509* cert = ::SSL_get_peer_certificate(this->native_handle());
++#endif
+         if (!cert) {
+             return ("");
+         }
+--- a/src/lib/cryptolink/openssl_link.cc
++++ b/src/lib/cryptolink/openssl_link.cc
+@@ -77,7 +77,11 @@ CryptoLink::initialize(CryptoLink& c) {
+ 
+ std::string
+ CryptoLink::getVersion() {
++#ifdef HAVE_OPENSSL_VERSION
++    return (OpenSSL_version(OPENSSL_VERSION));
++#else
+     return (SSLeay_version(SSLEAY_VERSION));
++#endif
+ }
+ 
+ } // namespace cryptolink