575e979c590a70e436e191eb91b26a23520d15e1
galt
  Wed Dec 11 01:49:20 2024 -0800
use functions available in openssl 1.1

diff --git src/lib/https.c src/lib/https.c
index c9c2c59..6f8822b 100644
--- src/lib/https.c
+++ src/lib/https.c
@@ -662,38 +662,38 @@
         // Currently this does not fix any of our known issues with users servers certs.
 	// X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), X509_V_FLAG_PARTIAL_CHAIN);
 
 	// verify_callback gets called once per certificate returned by the server.
 	SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
 
 	/*
 	 * Let the verify_callback catch the verify_depth error so that we get
 	 * an appropriate error in the logfile.
 	 */
 	SSL_CTX_set_verify_depth(ctx, atoi(https_cert_check_depth) + 1);
 
 	// VITAL FOR PROPER VERIFICATION OF CERTS
         if (fileExists("/etc/pki/tls/cert.pem"))
 	    {
-	    if (!SSL_CTX_load_verify_file(ctx, "/etc/pki/tls/cert.pem"))
+	    if (!SSL_CTX_load_verify_locations(ctx, "/etc/pki/tls/cert.pem", NULL))
 		{
 		warn("SSL set load_verify_file /etc/pki/tls/cert.pem failed");
 		}
 	    }
         else if (fileExists("/etc/ssl/certs"))
 	    {
-	    if (!SSL_CTX_load_verify_dir(ctx, "/etc/ssl/certs"))
+	    if (!SSL_CTX_load_verify_locations(ctx, NULL, "/etc/ssl/certs"))
 		{
 		warn("SSL set load_verify_dir /etc/ssl/certs failed");
 		}
 	    }
         else if (!SSL_CTX_set_default_verify_paths(ctx)) 
 	    {
 	    warn("SSL set default verify paths failed");
 	    }
 
 	// add the hostName to the structure and set it here, making it available during callback.
 	myData.hostName = hostName;
 	doSetMyData = TRUE;
 
 	} 
     }