repo: tlswrap
action: commit
revision: 
path_from: 
revision_from: 48c5ebacdc4d9657a36d0ee195d84fca3a8453f2:
path_to: 
revision_to: 

commit 48c5ebacdc4d9657a36d0ee195d84fca3a8453f2
Author: epoch 
Date:   Thu Sep 19 04:13:49 2024 +0000

    made a compile-time version check to decide on EVP_Q_digest vs MD5

diff --git a/tlswrap.c b/tlswrap.c

--- a/tlswrap.c
+++ b/tlswrap.c
@@ -12,6 +12,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 

 //#define FORCE_SNI //whether SNI is required to connect to this server.
@@ -317,8 +318,6 @@ void ja3_shit(struct ja3 *j) { // how do we get ssl version?
   if(j->point_formats_sz) { offset-- ; } s[offset]='\0'; offset++;
   // I tested the hashing code. it works compared to https://github.com/salesforce/ja3/tree/master/python

-  // MD5() is deprecated.
-  //unsigned char *p=MD5((unsigned char *)s,strlen(s),NULL);

   // these functions are deprecated too.
   /*MD5_CTX c;
@@ -329,10 +328,15 @@ void ja3_shit(struct ja3 *j) { // how do we get ssl version?

   // looked up what the non-deprecated way was supposed to be.
   // https://github.com/openssl/openssl/discussions/23493
+#if OPENSSL_VERSION_MAJOR == 3
   unsigned char p[16];
   if(!EVP_Q_digest( NULL, "MD5", NULL, s, strlen(s), p, NULL )) {
     syslog(LOG_DAEMON|LOG_ERR, "MD5 hashing failed: %s",strerror(errno));
   }
+#else
+  // MD5() is deprecated.
+  unsigned char *p=MD5((unsigned char *)s,strlen(s),NULL);
+#endif

   char q[33];
   for(i=0;i<16;i++) {

-----END OF PAGE-----