|
Lines 36-41
Link Here
|
| 36 |
#include <dirent.h> |
36 |
#include <dirent.h> |
| 37 |
#include <arpa/inet.h> |
37 |
#include <arpa/inet.h> |
| 38 |
|
38 |
|
|
|
39 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
| 40 |
#define X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_trusted_stack |
| 41 |
#endif |
| 42 |
|
| 39 |
static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context ); |
43 |
static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context ); |
| 40 |
static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ); |
44 |
static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ); |
| 41 |
|
45 |
|
|
Lines 1200-1206
Link Here
|
| 1200 |
goto cleanup; |
1204 |
goto cleanup; |
| 1201 |
X509_STORE_CTX_init(certctx, certstore, cert, |
1205 |
X509_STORE_CTX_init(certctx, certstore, cert, |
| 1202 |
id_cryptoctx->intermediateCAs); |
1206 |
id_cryptoctx->intermediateCAs); |
| 1203 |
X509_STORE_CTX_trusted_stack(certctx, id_cryptoctx->trustedCAs); |
1207 |
X509_STORE_CTX_set0_trusted_stack(certctx, id_cryptoctx->trustedCAs); |
| 1204 |
if (!X509_verify_cert(certctx)) { |
1208 |
if (!X509_verify_cert(certctx)) { |
| 1205 |
retval = oerr_cert(context, 0, certctx, |
1209 |
retval = oerr_cert(context, 0, certctx, |
| 1206 |
_("Failed to verify own certificate")); |
1210 |
_("Failed to verify own certificate")); |
|
Lines 1630-1636
Link Here
|
| 1630 |
|
1634 |
|
| 1631 |
/* add trusted CAs certificates for cert verification */ |
1635 |
/* add trusted CAs certificates for cert verification */ |
| 1632 |
if (idctx->trustedCAs != NULL) |
1636 |
if (idctx->trustedCAs != NULL) |
| 1633 |
X509_STORE_CTX_trusted_stack(cert_ctx, idctx->trustedCAs); |
1637 |
X509_STORE_CTX_set0_trusted_stack(cert_ctx, idctx->trustedCAs); |
| 1634 |
else { |
1638 |
else { |
| 1635 |
pkiDebug("unable to find any trusted CAs\n"); |
1639 |
pkiDebug("unable to find any trusted CAs\n"); |
| 1636 |
goto cleanup; |
1640 |
goto cleanup; |
|
Lines 3007-3015
Link Here
|
| 3007 |
int |
3011 |
int |
| 3008 |
pkinit_openssl_init() |
3012 |
pkinit_openssl_init() |
| 3009 |
{ |
3013 |
{ |
|
|
3014 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
| 3015 |
OPENSSL_init_crypto(0, NULL); |
| 3016 |
#else |
| 3010 |
/* Initialize OpenSSL. */ |
3017 |
/* Initialize OpenSSL. */ |
| 3011 |
ERR_load_crypto_strings(); |
3018 |
ERR_load_crypto_strings(); |
| 3012 |
OpenSSL_add_all_algorithms(); |
3019 |
OpenSSL_add_all_algorithms(); |
|
|
3020 |
#endif |
| 3013 |
return 0; |
3021 |
return 0; |
| 3014 |
} |
3022 |
} |
| 3015 |
|
3023 |
|
