Attachment 517328 Details for Bug 592508 – serf-1.3.9-openssl11-no-deprecated.patch

[patch] serf-1.3.9-openssl11-no-deprecated.patch

serf-1.3.9-openssl11-no-deprecated.patch (text/plain), 3.04 KB, created by Quentin Minster on 2018-02-01 01:02:15 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Quentin Minster

Created: 2018-02-01 01:02:15 UTC

Size: 3.04 KB

patch

obsolete

>diff --git a/buckets/ssl_buckets.c b/buckets/ssl_buckets.c
>index b01e535..596ab1c 100644
>--- a/buckets/ssl_buckets.c
>+++ b/buckets/ssl_buckets.c
>@@ -638,10 +638,18 @@ validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
>         failures |= SERF_SSL_CERT_UNKNOWN_FAILURE;
> 
>     /* Check certificate expiry dates. */
>+#ifdef USE_OPENSSL_1_1_API
>+    if (X509_cmp_current_time(X509_get0_notBefore(server_cert)) >= 0) {
>+#else
>     if (X509_cmp_current_time(X509_get_notBefore(server_cert)) >= 0) {
>+#endif
>         failures |= SERF_SSL_CERT_NOTYETVALID;
>     }
>+#ifdef USE_OPENSSL_1_1_API
>+    else if (X509_cmp_current_time(X509_get0_notAfter(server_cert)) <= 0) {
>+#else
>     else if (X509_cmp_current_time(X509_get_notAfter(server_cert)) <= 0) {
>+#endif
>         failures |= SERF_SSL_CERT_EXPIRED;
>     }
> 
>@@ -681,7 +689,11 @@ validate_server_certificate(int cert_valid, X509_STORE_CTX *store_ctx)
>         apr_pool_create(&subpool, ctx->pool);
> 
>         /* Borrow the chain to pass to the callback. */
>+#ifdef USE_OPENSSL_1_1_API
>+        chain = X509_STORE_CTX_get0_chain(store_ctx);
>+#else
>         chain = X509_STORE_CTX_get_chain(store_ctx);
>+#endif
> 
>         /* If the chain can't be retrieved, just pass the current
>            certificate. */
>@@ -1146,7 +1158,11 @@ static void init_ssl_libraries(void)
> #ifdef SSL_VERBOSE
>         /* Warn when compile-time and run-time version of OpenSSL differ in
>            major/minor version number. */
>+#ifdef USE_OPENSSL_1_1_API
>+        unsigned long libver = OpenSSL_version_num();
>+#else
>         long libver = SSLeay();
>+#endif
> 
>         if ((libver ^ OPENSSL_VERSION_NUMBER) & 0xFFF00000) {
>             serf__log(SSL_VERBOSE, __FILE__,
>@@ -1160,11 +1176,11 @@ static void init_ssl_libraries(void)
>         OPENSSL_malloc_init();
> #else
>         CRYPTO_malloc_init();
>-#endif
>         ERR_load_crypto_strings();
>         SSL_load_error_strings();
>         SSL_library_init();
>         OpenSSL_add_all_algorithms();
>+#endif
> 
> #if APR_HAS_THREADS && !defined(USE_OPENSSL_1_1_API)
>         numlocks = CRYPTO_num_locks();
>@@ -1798,18 +1814,26 @@ apr_hash_t *serf_ssl_cert_certificate(
>     /* set expiry dates */
>     bio = BIO_new(BIO_s_mem());
>     if (bio) {
>-        ASN1_TIME *notBefore, *notAfter;
>+        const ASN1_TIME *notBefore, *notAfter;
>         char buf[256];
> 
>         memset (buf, 0, sizeof (buf));
>+#ifdef USE_OPENSSL_1_1_API
>+        notBefore = X509_get0_notBefore(cert->ssl_cert);
>+#else
>         notBefore = X509_get_notBefore(cert->ssl_cert);
>+#endif
>         if (ASN1_TIME_print(bio, notBefore)) {
>             BIO_read(bio, buf, 255);
>             apr_hash_set(tgt, "notBefore", APR_HASH_KEY_STRING,
>                          apr_pstrdup(pool, buf));
>         }
>         memset (buf, 0, sizeof (buf));
>+#ifdef USE_OPENSSL_1_1_API
>+        notAfter = X509_get0_notAfter(cert->ssl_cert);
>+#else
>         notAfter = X509_get_notAfter(cert->ssl_cert);
>+#endif
>         if (ASN1_TIME_print(bio, notAfter)) {
>             BIO_read(bio, buf, 255);
>             apr_hash_set(tgt, "notAfter", APR_HASH_KEY_STRING,

Actions: View | Diff

Attachments on bug 592508: 444518 | 517328