conanfile.py

@@ -14,7 +14,7 @@ class SyncspiritRecipe(ConanFile):
         self.requires("libqrencode/4.1.1")
         self.requires("lz4/1.10.0")
         self.requires("nlohmann_json/3.12.0")
-        self.requires("openssl/3.4.1")
+        self.requires("openssl/3.5.2")
         self.requires("protopuf/3.0.0")
         self.requires("pugixml/1.15")
         self.requires("rotor/0.34")

src/transport/impl.hpp

@@ -146,7 +146,7 @@ template <> struct base_impl_t<ssl_socket_t> {
             ctx.set_default_verify_paths(ec);
 #endif
             if (ec) {
-                utils::get_logger("transport.tls")->warn("cannot set ssl default verify paths: {}", ec.message());
+                log->warn("cannot set ssl default verify paths: {}", ec.message());
             }
         }
 
@@ -202,6 +202,7 @@ template <> struct base_impl_t<ssl_socket_t> {
             sock.set_verify_depth(1);
         }
 
+        log->trace("will use verify callback: {}", (me? "yes" : "no"));
         if (me) {
             sock.set_verify_callback([&](bool, ssl::verify_context &peer_ctx) -> bool {
                 auto native = peer_ctx.native_handle();

src/utils/tls.cpp

@@ -142,8 +142,8 @@ outcome::result<key_pair_t> generate_pair(const char *issuer_name) noexcept {
 
     std::random_device rd;
     std::mt19937 generator(rd());
-    constexpr const auto max_sn = std::numeric_limits<std::uint64_t>::max() >> 1;
-    std::uniform_int_distribution<std::uint64_t> distr(1, max_sn);
+    constexpr const auto max_sn = std::numeric_limits<std::int32_t>::max();
+    std::uniform_int_distribution<std::int32_t> distr(1, max_sn);
     int version = 2;
     long serial = static_cast<long>(distr(generator));
     long start_epoch = 0;        /* now */