Lines 36-41
Link Here
|
36 |
#include <dirent.h> |
36 |
#include <dirent.h> |
37 |
#include <arpa/inet.h> |
37 |
#include <arpa/inet.h> |
38 |
|
38 |
|
|
|
39 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
40 |
#define X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_trusted_stack |
41 |
#endif |
42 |
|
39 |
static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context ); |
43 |
static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context ); |
40 |
static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ); |
44 |
static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ); |
41 |
|
45 |
|
Lines 1200-1206
Link Here
|
1200 |
goto cleanup; |
1204 |
goto cleanup; |
1201 |
X509_STORE_CTX_init(certctx, certstore, cert, |
1205 |
X509_STORE_CTX_init(certctx, certstore, cert, |
1202 |
id_cryptoctx->intermediateCAs); |
1206 |
id_cryptoctx->intermediateCAs); |
1203 |
X509_STORE_CTX_trusted_stack(certctx, id_cryptoctx->trustedCAs); |
1207 |
X509_STORE_CTX_set0_trusted_stack(certctx, id_cryptoctx->trustedCAs); |
1204 |
if (!X509_verify_cert(certctx)) { |
1208 |
if (!X509_verify_cert(certctx)) { |
1205 |
retval = oerr_cert(context, 0, certctx, |
1209 |
retval = oerr_cert(context, 0, certctx, |
1206 |
_("Failed to verify own certificate")); |
1210 |
_("Failed to verify own certificate")); |
Lines 1630-1636
Link Here
|
1630 |
|
1634 |
|
1631 |
/* add trusted CAs certificates for cert verification */ |
1635 |
/* add trusted CAs certificates for cert verification */ |
1632 |
if (idctx->trustedCAs != NULL) |
1636 |
if (idctx->trustedCAs != NULL) |
1633 |
X509_STORE_CTX_trusted_stack(cert_ctx, idctx->trustedCAs); |
1637 |
X509_STORE_CTX_set0_trusted_stack(cert_ctx, idctx->trustedCAs); |
1634 |
else { |
1638 |
else { |
1635 |
pkiDebug("unable to find any trusted CAs\n"); |
1639 |
pkiDebug("unable to find any trusted CAs\n"); |
1636 |
goto cleanup; |
1640 |
goto cleanup; |
Lines 3007-3015
Link Here
|
3007 |
int |
3011 |
int |
3008 |
pkinit_openssl_init() |
3012 |
pkinit_openssl_init() |
3009 |
{ |
3013 |
{ |
|
|
3014 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
3015 |
OPENSSL_init_crypto(0, NULL); |
3016 |
#else |
3010 |
/* Initialize OpenSSL. */ |
3017 |
/* Initialize OpenSSL. */ |
3011 |
ERR_load_crypto_strings(); |
3018 |
ERR_load_crypto_strings(); |
3012 |
OpenSSL_add_all_algorithms(); |
3019 |
OpenSSL_add_all_algorithms(); |
|
|
3020 |
#endif |
3013 |
return 0; |
3021 |
return 0; |
3014 |
} |
3022 |
} |
3015 |
|
3023 |
|