Use OpenSSL 3.1

.github/workflows/build-openssl.yml

@@ -24,13 +24,13 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: install packages
-      run: HOMEBREW_NO_INSTALL_CLEANUP=1 brew reinstall openssl@1.1
+      run: HOMEBREW_NO_INSTALL_CLEANUP=1 brew reinstall openssl@3.1
     - name: submodules
       run: git submodule update --init --recursive --depth 1
     - name: cmake
       run: cmake -B build -DUSE_GNUTLS=0 -WARNINGS_AS_ERRORS=1 -DENABLE_LOCAL_ADDRESS_TRANSLATION=1
       env:
-        OPENSSL_ROOT_DIR: /usr/local/opt/openssl@1.1
+        OPENSSL_ROOT_DIR: /usr/local/opt/openssl@3.1
     - name: make
       run: (cd build; make -j2)
     - name: test

CMakeLists.txt

@@ -378,6 +378,10 @@ else()
 		endif()
 	endif()
 	find_package(OpenSSL REQUIRED)
+	if(OPENSSL_VERSION GREATER_EQUAL 3.0)
+		message(STATUS "OpenSSL version high enough. Activate SSL LOAD VERFIY")
+		add_definitions(-DUSE_SSL_LOAD_VERIFY)
+	endif()
 	target_compile_definitions(datachannel PRIVATE USE_GNUTLS=0)
 	target_compile_definitions(datachannel-static PRIVATE USE_GNUTLS=0)
 	target_link_libraries(datachannel PRIVATE OpenSSL::SSL)

src/impl/verifiedtlstransport.cpp

@@ -45,9 +45,11 @@ VerifiedTlsTransport::VerifiedTlsTransport(
 		throw;
 	}
 #else
+	#ifdef USE_SSL_LOAD_VERIFY
 	if (cacert) {
 		SSL_CTX_load_verify_file(mCtx,  reinterpret_cast<const char *>(cacert->c_str()));
 	}
+	#endif
 	SSL_set_verify(mSsl, SSL_VERIFY_PEER, NULL);
 	SSL_set_verify_depth(mSsl, 4);
 #endif