Lines 638-647
validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
Link Here
|
638 |
failures |= SERF_SSL_CERT_UNKNOWN_FAILURE; |
638 |
failures |= SERF_SSL_CERT_UNKNOWN_FAILURE; |
639 |
|
639 |
|
640 |
/* Check certificate expiry dates. */ |
640 |
/* Check certificate expiry dates. */ |
|
|
641 |
#ifdef USE_OPENSSL_1_1_API |
642 |
if (X509_cmp_current_time(X509_get0_notBefore(server_cert)) >= 0) { |
643 |
#else |
641 |
if (X509_cmp_current_time(X509_get_notBefore(server_cert)) >= 0) { |
644 |
if (X509_cmp_current_time(X509_get_notBefore(server_cert)) >= 0) { |
|
|
645 |
#endif |
642 |
failures |= SERF_SSL_CERT_NOTYETVALID; |
646 |
failures |= SERF_SSL_CERT_NOTYETVALID; |
643 |
} |
647 |
} |
|
|
648 |
#ifdef USE_OPENSSL_1_1_API |
649 |
else if (X509_cmp_current_time(X509_get0_notAfter(server_cert)) <= 0) { |
650 |
#else |
644 |
else if (X509_cmp_current_time(X509_get_notAfter(server_cert)) <= 0) { |
651 |
else if (X509_cmp_current_time(X509_get_notAfter(server_cert)) <= 0) { |
|
|
652 |
#endif |
645 |
failures |= SERF_SSL_CERT_EXPIRED; |
653 |
failures |= SERF_SSL_CERT_EXPIRED; |
646 |
} |
654 |
} |
647 |
|
655 |
|
Lines 681-687
validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
Link Here
|
681 |
apr_pool_create(&subpool, ctx->pool); |
689 |
apr_pool_create(&subpool, ctx->pool); |
682 |
|
690 |
|
683 |
/* Borrow the chain to pass to the callback. */ |
691 |
/* Borrow the chain to pass to the callback. */ |
|
|
692 |
#ifdef USE_OPENSSL_1_1_API |
693 |
chain = X509_STORE_CTX_get0_chain(store_ctx); |
694 |
#else |
684 |
chain = X509_STORE_CTX_get_chain(store_ctx); |
695 |
chain = X509_STORE_CTX_get_chain(store_ctx); |
|
|
696 |
#endif |
685 |
|
697 |
|
686 |
/* If the chain can't be retrieved, just pass the current |
698 |
/* If the chain can't be retrieved, just pass the current |
687 |
certificate. */ |
699 |
certificate. */ |
Lines 1146-1152
static void init_ssl_libraries(void)
Link Here
|
1146 |
#ifdef SSL_VERBOSE |
1158 |
#ifdef SSL_VERBOSE |
1147 |
/* Warn when compile-time and run-time version of OpenSSL differ in |
1159 |
/* Warn when compile-time and run-time version of OpenSSL differ in |
1148 |
major/minor version number. */ |
1160 |
major/minor version number. */ |
|
|
1161 |
#ifdef USE_OPENSSL_1_1_API |
1162 |
unsigned long libver = OpenSSL_version_num(); |
1163 |
#else |
1149 |
long libver = SSLeay(); |
1164 |
long libver = SSLeay(); |
|
|
1165 |
#endif |
1150 |
|
1166 |
|
1151 |
if ((libver ^ OPENSSL_VERSION_NUMBER) & 0xFFF00000) { |
1167 |
if ((libver ^ OPENSSL_VERSION_NUMBER) & 0xFFF00000) { |
1152 |
serf__log(SSL_VERBOSE, __FILE__, |
1168 |
serf__log(SSL_VERBOSE, __FILE__, |
Lines 1160-1170
static void init_ssl_libraries(void)
Link Here
|
1160 |
OPENSSL_malloc_init(); |
1176 |
OPENSSL_malloc_init(); |
1161 |
#else |
1177 |
#else |
1162 |
CRYPTO_malloc_init(); |
1178 |
CRYPTO_malloc_init(); |
1163 |
#endif |
|
|
1164 |
ERR_load_crypto_strings(); |
1179 |
ERR_load_crypto_strings(); |
1165 |
SSL_load_error_strings(); |
1180 |
SSL_load_error_strings(); |
1166 |
SSL_library_init(); |
1181 |
SSL_library_init(); |
1167 |
OpenSSL_add_all_algorithms(); |
1182 |
OpenSSL_add_all_algorithms(); |
|
|
1183 |
#endif |
1168 |
|
1184 |
|
1169 |
#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API) |
1185 |
#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API) |
1170 |
numlocks = CRYPTO_num_locks(); |
1186 |
numlocks = CRYPTO_num_locks(); |
Lines 1798-1815
apr_hash_t *serf_ssl_cert_certificate(
Link Here
|
1798 |
/* set expiry dates */ |
1814 |
/* set expiry dates */ |
1799 |
bio = BIO_new(BIO_s_mem()); |
1815 |
bio = BIO_new(BIO_s_mem()); |
1800 |
if (bio) { |
1816 |
if (bio) { |
1801 |
ASN1_TIME *notBefore, *notAfter; |
1817 |
const ASN1_TIME *notBefore, *notAfter; |
1802 |
char buf[256]; |
1818 |
char buf[256]; |
1803 |
|
1819 |
|
1804 |
memset (buf, 0, sizeof (buf)); |
1820 |
memset (buf, 0, sizeof (buf)); |
|
|
1821 |
#ifdef USE_OPENSSL_1_1_API |
1822 |
notBefore = X509_get0_notBefore(cert->ssl_cert); |
1823 |
#else |
1805 |
notBefore = X509_get_notBefore(cert->ssl_cert); |
1824 |
notBefore = X509_get_notBefore(cert->ssl_cert); |
|
|
1825 |
#endif |
1806 |
if (ASN1_TIME_print(bio, notBefore)) { |
1826 |
if (ASN1_TIME_print(bio, notBefore)) { |
1807 |
BIO_read(bio, buf, 255); |
1827 |
BIO_read(bio, buf, 255); |
1808 |
apr_hash_set(tgt, "notBefore", APR_HASH_KEY_STRING, |
1828 |
apr_hash_set(tgt, "notBefore", APR_HASH_KEY_STRING, |
1809 |
apr_pstrdup(pool, buf)); |
1829 |
apr_pstrdup(pool, buf)); |
1810 |
} |
1830 |
} |
1811 |
memset (buf, 0, sizeof (buf)); |
1831 |
memset (buf, 0, sizeof (buf)); |
|
|
1832 |
#ifdef USE_OPENSSL_1_1_API |
1833 |
notAfter = X509_get0_notAfter(cert->ssl_cert); |
1834 |
#else |
1812 |
notAfter = X509_get_notAfter(cert->ssl_cert); |
1835 |
notAfter = X509_get_notAfter(cert->ssl_cert); |
|
|
1836 |
#endif |
1813 |
if (ASN1_TIME_print(bio, notAfter)) { |
1837 |
if (ASN1_TIME_print(bio, notAfter)) { |
1814 |
BIO_read(bio, buf, 255); |
1838 |
BIO_read(bio, buf, 255); |
1815 |
apr_hash_set(tgt, "notAfter", APR_HASH_KEY_STRING, |
1839 |
apr_hash_set(tgt, "notAfter", APR_HASH_KEY_STRING, |