Updated _SSL_socket to stop accessing SSL_CTX internals (ctx->method) on OpenSSL 1.1+/3, where SSL_CTX is opaque, and instead use SSL_is_server(ssl) to choose connect vs accept state on modern OpenSSL. Legacy pre-1.1 behavior is preserved behind version guards.

This directly addresses the reported build error at method = ctx->method; while keeping backward compatibility for older OpenSSL versions.
2026-03-10 07:50:19 +00:00 · 2026-02-19 11:22:36 -07:00
parent cbc6844987
commit c3c5731a58
1 changed files with 11 additions and 1 deletions
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -307,7 +307,10 @@ SSL *
 _SSL_socket (SSL_CTX *ctx, int sd)
 {
 	SSL *ssl;
+	
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	const SSL_METHOD *method;
+#endif

 	if (!(ssl = SSL_new (ctx)))
 		/* FATAL */
@@ -315,6 +318,12 @@ _SSL_socket (SSL_CTX *ctx, int sd)

 	SSL_set_fd (ssl, sd);

+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	if (SSL_is_server (ssl))
+		SSL_set_accept_state (ssl);
+	else
+		SSL_set_connect_state (ssl);
+#else
 #ifndef HAVE_SSL_CTX_GET_SSL_METHOD
 	method = ctx->method;
 #else
@@ -323,7 +332,8 @@ _SSL_socket (SSL_CTX *ctx, int sd)
 	if (method == SSLv23_client_method())
 		SSL_set_connect_state (ssl);
 	else
-	        SSL_set_accept_state(ssl);
+		SSL_set_accept_state (ssl);
+#endif

 	return (ssl);
 }