Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
libprocess is carrying custom hostname verification code, which uses deprecated OpenSSL API:
../../../3rdparty/libprocess/src/openssl.cpp: In function ‘Try<Nothing> process::network::openssl::verify(const SSL*, const Option<std::__cxx11::basic_string<char> >&, const Option<net::IP>&)’:
../../../3rdparty/libprocess/src/openssl.cpp:677:42: warning: ‘unsigned char* ASN1_STRING_data(ASN1_STRING*)’ is deprecated [-Wdeprecated-declarations]
current_name->d.dNSName));
^
In file included from /usr/include/openssl/opensslconf.h:42:0,
from /usr/include/openssl/bn.h:31,
from /usr/include/openssl/asn1.h:24,
from /usr/include/openssl/objects.h:916,
from /usr/include/openssl/evp.h:27,
from /usr/include/openssl/x509.h:23,
from /usr/include/openssl/ssl.h:50,
from ../../../3rdparty/libprocess/src/openssl.hpp:16,
from ../../../3rdparty/libprocess/src/openssl.cpp:13:
/usr/include/openssl/asn1.h:553:1: note: declared here
DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
^
We should replace this (optionally with a OpenSSL version check) with a call to X509_check_host which is available since OpenSSL 1.0.2.