|
Lines 638-647
validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
Link Here
|
| 638 |
failures |= SERF_SSL_CERT_UNKNOWN_FAILURE; |
638 |
failures |= SERF_SSL_CERT_UNKNOWN_FAILURE; |
| 639 |
|
639 |
|
| 640 |
/* Check certificate expiry dates. */ |
640 |
/* Check certificate expiry dates. */ |
|
|
641 |
#ifdef USE_OPENSSL_1_1_API |
| 642 |
if (X509_cmp_current_time(X509_get0_notBefore(server_cert)) >= 0) { |
| 643 |
#else |
| 641 |
if (X509_cmp_current_time(X509_get_notBefore(server_cert)) >= 0) { |
644 |
if (X509_cmp_current_time(X509_get_notBefore(server_cert)) >= 0) { |
|
|
645 |
#endif |
| 642 |
failures |= SERF_SSL_CERT_NOTYETVALID; |
646 |
failures |= SERF_SSL_CERT_NOTYETVALID; |
| 643 |
} |
647 |
} |
|
|
648 |
#ifdef USE_OPENSSL_1_1_API |
| 649 |
else if (X509_cmp_current_time(X509_get0_notAfter(server_cert)) <= 0) { |
| 650 |
#else |
| 644 |
else if (X509_cmp_current_time(X509_get_notAfter(server_cert)) <= 0) { |
651 |
else if (X509_cmp_current_time(X509_get_notAfter(server_cert)) <= 0) { |
|
|
652 |
#endif |
| 645 |
failures |= SERF_SSL_CERT_EXPIRED; |
653 |
failures |= SERF_SSL_CERT_EXPIRED; |
| 646 |
} |
654 |
} |
| 647 |
|
655 |
|
|
Lines 681-687
validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
Link Here
|
| 681 |
apr_pool_create(&subpool, ctx->pool); |
689 |
apr_pool_create(&subpool, ctx->pool); |
| 682 |
|
690 |
|
| 683 |
/* Borrow the chain to pass to the callback. */ |
691 |
/* Borrow the chain to pass to the callback. */ |
|
|
692 |
#ifdef USE_OPENSSL_1_1_API |
| 693 |
chain = X509_STORE_CTX_get0_chain(store_ctx); |
| 694 |
#else |
| 684 |
chain = X509_STORE_CTX_get_chain(store_ctx); |
695 |
chain = X509_STORE_CTX_get_chain(store_ctx); |
|
|
696 |
#endif |
| 685 |
|
697 |
|
| 686 |
/* If the chain can't be retrieved, just pass the current |
698 |
/* If the chain can't be retrieved, just pass the current |
| 687 |
certificate. */ |
699 |
certificate. */ |
|
Lines 1146-1152
static void init_ssl_libraries(void)
Link Here
|
| 1146 |
#ifdef SSL_VERBOSE |
1158 |
#ifdef SSL_VERBOSE |
| 1147 |
/* Warn when compile-time and run-time version of OpenSSL differ in |
1159 |
/* Warn when compile-time and run-time version of OpenSSL differ in |
| 1148 |
major/minor version number. */ |
1160 |
major/minor version number. */ |
|
|
1161 |
#ifdef USE_OPENSSL_1_1_API |
| 1162 |
unsigned long libver = OpenSSL_version_num(); |
| 1163 |
#else |
| 1149 |
long libver = SSLeay(); |
1164 |
long libver = SSLeay(); |
|
|
1165 |
#endif |
| 1150 |
|
1166 |
|
| 1151 |
if ((libver ^ OPENSSL_VERSION_NUMBER) & 0xFFF00000) { |
1167 |
if ((libver ^ OPENSSL_VERSION_NUMBER) & 0xFFF00000) { |
| 1152 |
serf__log(SSL_VERBOSE, __FILE__, |
1168 |
serf__log(SSL_VERBOSE, __FILE__, |
|
Lines 1160-1170
static void init_ssl_libraries(void)
Link Here
|
| 1160 |
OPENSSL_malloc_init(); |
1176 |
OPENSSL_malloc_init(); |
| 1161 |
#else |
1177 |
#else |
| 1162 |
CRYPTO_malloc_init(); |
1178 |
CRYPTO_malloc_init(); |
| 1163 |
#endif |
|
|
| 1164 |
ERR_load_crypto_strings(); |
1179 |
ERR_load_crypto_strings(); |
| 1165 |
SSL_load_error_strings(); |
1180 |
SSL_load_error_strings(); |
| 1166 |
SSL_library_init(); |
1181 |
SSL_library_init(); |
| 1167 |
OpenSSL_add_all_algorithms(); |
1182 |
OpenSSL_add_all_algorithms(); |
|
|
1183 |
#endif |
| 1168 |
|
1184 |
|
| 1169 |
#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API) |
1185 |
#if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API) |
| 1170 |
numlocks = CRYPTO_num_locks(); |
1186 |
numlocks = CRYPTO_num_locks(); |
|
Lines 1798-1815
apr_hash_t *serf_ssl_cert_certificate(
Link Here
|
| 1798 |
/* set expiry dates */ |
1814 |
/* set expiry dates */ |
| 1799 |
bio = BIO_new(BIO_s_mem()); |
1815 |
bio = BIO_new(BIO_s_mem()); |
| 1800 |
if (bio) { |
1816 |
if (bio) { |
| 1801 |
ASN1_TIME *notBefore, *notAfter; |
1817 |
const ASN1_TIME *notBefore, *notAfter; |
| 1802 |
char buf[256]; |
1818 |
char buf[256]; |
| 1803 |
|
1819 |
|
| 1804 |
memset (buf, 0, sizeof (buf)); |
1820 |
memset (buf, 0, sizeof (buf)); |
|
|
1821 |
#ifdef USE_OPENSSL_1_1_API |
| 1822 |
notBefore = X509_get0_notBefore(cert->ssl_cert); |
| 1823 |
#else |
| 1805 |
notBefore = X509_get_notBefore(cert->ssl_cert); |
1824 |
notBefore = X509_get_notBefore(cert->ssl_cert); |
|
|
1825 |
#endif |
| 1806 |
if (ASN1_TIME_print(bio, notBefore)) { |
1826 |
if (ASN1_TIME_print(bio, notBefore)) { |
| 1807 |
BIO_read(bio, buf, 255); |
1827 |
BIO_read(bio, buf, 255); |
| 1808 |
apr_hash_set(tgt, "notBefore", APR_HASH_KEY_STRING, |
1828 |
apr_hash_set(tgt, "notBefore", APR_HASH_KEY_STRING, |
| 1809 |
apr_pstrdup(pool, buf)); |
1829 |
apr_pstrdup(pool, buf)); |
| 1810 |
} |
1830 |
} |
| 1811 |
memset (buf, 0, sizeof (buf)); |
1831 |
memset (buf, 0, sizeof (buf)); |
|
|
1832 |
#ifdef USE_OPENSSL_1_1_API |
| 1833 |
notAfter = X509_get0_notAfter(cert->ssl_cert); |
| 1834 |
#else |
| 1812 |
notAfter = X509_get_notAfter(cert->ssl_cert); |
1835 |
notAfter = X509_get_notAfter(cert->ssl_cert); |
|
|
1836 |
#endif |
| 1813 |
if (ASN1_TIME_print(bio, notAfter)) { |
1837 |
if (ASN1_TIME_print(bio, notAfter)) { |
| 1814 |
BIO_read(bio, buf, 255); |
1838 |
BIO_read(bio, buf, 255); |
| 1815 |
apr_hash_set(tgt, "notAfter", APR_HASH_KEY_STRING, |
1839 |
apr_hash_set(tgt, "notAfter", APR_HASH_KEY_STRING, |
