getdns: fix compilation with OPENSSL_NO_DEPRECATED

SSL_get_peer_certificate() is deprecated, OpenSSL v3.0 added
SSL_get0_peer_certificate() and SSL_get1_peer_certificate().

Use the latter since the return value is explicitely X509_free()ed
here, see [0].

[0] https://www.openssl.org/docs/manmaster/man3/SSL_get_peer_certificate.html

Signed-off-by: Andre Heider <a.heider@gmail.com>

2 files changed, 21 insertions, 1 deletions

diff --git a/libs/getdns/Makefile b/libs/getdns/Makefile
index 9a4b838bd..f9825493b 100644
--- a/libs/getdns/Makefile
+++ b/libs/getdns/Makefile
@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=getdns
 PKG_VERSION:=1.7.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
diff --git a/libs/getdns/patches/001-openssl-deprecated.patch b/libs/getdns/patches/001-openssl-deprecated.patch
new file mode 100644
index 000000000..ed695ac0c
--- /dev/null
+++ b/libs/getdns/patches/001-openssl-deprecated.patch
@@ -0,0 +1,20 @@
+--- a/src/openssl/tls.c
++++ b/src/openssl/tls.c
+@@ -872,7 +872,7 @@ _getdns_tls_x509* _getdns_tls_connection
+ 	if (!conn || !conn->ssl)
+ 		return NULL;
+ 
+-	return _getdns_tls_x509_new(mfs, SSL_get_peer_certificate(conn->ssl));
++	return _getdns_tls_x509_new(mfs, SSL_get1_peer_certificate(conn->ssl));
+ }
+ 
+ getdns_return_t _getdns_tls_connection_is_session_reused(_getdns_tls_connection* conn)
+@@ -990,7 +990,7 @@ getdns_return_t _getdns_tls_connection_c
+ #if defined(USE_DANESSL)
+ 	{
+ 		getdns_return_t res = GETDNS_RETURN_GOOD;
+-		X509* peer_cert = SSL_get_peer_certificate(conn->ssl);
++		X509* peer_cert = SSL_get1_peer_certificate(conn->ssl);
+ 		if (peer_cert) {
+ 			if (conn->auth_name[0] &&
+ 			    X509_check_host(peer_cert,