From 7996ea28795d2470d68e2f0df4b33ced74d3d362 Mon Sep 17 00:00:00 2001
From: Leorize <leorize+oss@disroot.org>
Date: Thu, 6 Jun 2024 23:34:02 -0500
Subject: [PATCH] openssl: add 1.1.1 support

---
 .github/workflows/ci.yml     | 23 +++++++++++++++++++++--
 lib/pure/net.nim             |  6 +++++-
 lib/wrappers/openssl/ssl.nim |  8 ++++++--
 3 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6d3f31af1a3..8498b991084 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -140,6 +140,7 @@ jobs:
         uses: johnwason/vcpkg-action@v6
         with:
           pkgs: >-
+            openssl
             pcre
             sqlite3
           triplet: x64-mingw-dynamic-release
@@ -243,12 +244,30 @@ jobs:
       - name: Add DLLs to PATH (Windows)
         if: runner.os == 'Windows'
         run: |
-          $binPath = Join-Path $PWD "vcpkg" "installed" "x64-mingw-dynamic-release" "bin"
+          $prefix = Join-Path $PWD "vcpkg" "installed" "x64-mingw-dynamic-release"
+
+          $binPath = Join-Path $prefix "bin"
           $binPath | Out-File -Append $env:GITHUB_PATH
+
+          $pcPath = (Join-Path $prefix "lib" "pkgconfig"), (Join-Path $prefix "share" "pkgconfig"), $env:PKG_CONFIG_PATH
+          "PKG_CONFIG_PATH=$($pcPath -join ";")" | Out-File -Append $env:GITHUB_ENV
         shell: pwsh
 
       - name: Run tester
-        run: ./koch.py test --batch:'${{ matrix.batch }}_${{ matrix.total_batch }}' --tryFailing all
+        run: |
+          extraArgs=()
+          if command -v pkg-config 2>&1 >/dev/null; then
+            extraArgs+=(
+              "-d:nimLibcryptoLinkFlags:$(pkg-config --libs libcrypto)"
+              "-d:nimLibsslLinkFlags:$(pkg-config --libs libssl)"
+            )
+
+            sslVer=$(pkg-config --modversion libssl)
+            if [[ $sslVer == 1.1.1* ]]; then
+              extraArgs+=("-d:nimOpenssl111")
+            fi
+          fi
+          ./koch.py test --batch:'${{ matrix.batch }}_${{ matrix.total_batch }}' --tryFailing all "${extraArgs[@]}"
 
       - name: Print all test errors
         if: failure()
diff --git a/lib/pure/net.nim b/lib/pure/net.nim
index a8d504d7b54..20b2a263e21 100644
--- a/lib/pure/net.nim
+++ b/lib/pure/net.nim
@@ -772,7 +772,11 @@ when defineSsl:
     ## When name starts with a dot it will be matched by a certificate valid for any subdomain
     when not defined(nimDisableCertificateValidation) and not defined(windows):
       assert socket.isSsl
-      let certificate = socket.sslHandle.SSL_get0_peer_certificate()
+      when not defined(nimOpenssl111):
+        let certificate = socket.sslHandle.SSL_get0_peer_certificate()
+      else:
+        let certificate = socket.sslHandle.SSL_get_peer_certificate()
+        defer: X509_free(certificate)
       if certificate.isNil:
         raiseSSLError("No SSL certificate found.")
 
diff --git a/lib/wrappers/openssl/ssl.nim b/lib/wrappers/openssl/ssl.nim
index 7c5b19b0592..368467fa0af 100644
--- a/lib/wrappers/openssl/ssl.nim
+++ b/lib/wrappers/openssl/ssl.nim
@@ -220,9 +220,13 @@ proc SSL_get_psk_identity*(ssl: ptr SSL): cstring {.importc, cdecl.}
 proc SSL_get_psk_identity_hint*(ssl: ptr SSL): cstring {.importc, cdecl.}
 proc SSL_get_verify_result*(ssl: ptr SSL): clong {.importc, cdecl.}
 
-proc SSL_get0_peer_certificate*(ssl: ptr SSL): ptr X509 {.importc, cdecl.}
 proc SSL_get0_verified_chain*(ssl: ptr SSL): ptr STACK_OF[X509] {.importc, cdecl.}
-proc SSL_get1_peer_certificate*(ssl: ptr SSL): ptr X509 {.importc, cdecl.}
+
+when not defined(nimOpenssl111):
+  proc SSL_get0_peer_certificate*(ssl: ptr SSL): ptr X509 {.importc, cdecl.}
+  proc SSL_get1_peer_certificate*(ssl: ptr SSL): ptr X509 {.importc, cdecl.}
+else:
+  proc SSL_get_peer_certificate*(ssl: ptr SSL): ptr X509 {.importc, cdecl.}
 
 proc SSL_accept*(ssl: ptr SSL): cint {.importc, cdecl.}
 proc SSL_connect*(ssl: ptr SSL): cint {.importc, cdecl.}