Lines 885-891
Link Here
|
885 |
int i; |
885 |
int i; |
886 |
gboolean rval = FALSE; |
886 |
gboolean rval = FALSE; |
887 |
X509_NAME *subject = X509_get_subject_name (cert); |
887 |
X509_NAME *subject = X509_get_subject_name (cert); |
888 |
X509_CINF *ci = cert->cert_info; |
888 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
|
|
889 |
const STACK_OF(X509_EXTENSION)* extensions = X509_get0_extensions(cert); |
890 |
#else |
891 |
const STACK_OF(X509_EXTENSION)* extensions = cert->cert_info->extensions; |
892 |
#endif |
889 |
static const long nid[] = { NID_commonName, NID_subject_alt_name, NID_undef }; |
893 |
static const long nid[] = { NID_commonName, NID_subject_alt_name, NID_undef }; |
890 |
/* first, see if the x509 name contains the info we want: */ |
894 |
/* first, see if the x509 name contains the info we want: */ |
Lines 906-921
Link Here
|
906 |
* and extract the subject_alt_name from the x509 v3 extensions: if that * |
910 |
* and extract the subject_alt_name from the x509 v3 extensions: if that * |
907 |
* extension is present, and a string, use that. If it is present, and * |
911 |
* extension is present, and a string, use that. If it is present, and * |
908 |
* a multi-value stack, trawl it for the "DNS" entry and use that */ |
912 |
* a multi-value stack, trawl it for the "DNS" entry and use that */ |
909 |
if (!rval && (ci->extensions != NULL)) |
913 |
if (!rval && (extensions != NULL)) |
910 |
for (i = 0; i < sk_X509_EXTENSION_num(ci->extensions) && !rval; i++) |
914 |
for (i = 0; i < sk_X509_EXTENSION_num(extensions) && !rval; i++) |
911 |
{ |
915 |
{ |
912 |
X509_EXTENSION *ext = sk_X509_EXTENSION_value (ci->extensions, i); |
916 |
X509_EXTENSION *ext = sk_X509_EXTENSION_value (extensions, i); |
913 |
ASN1_OBJECT *obj = X509_EXTENSION_get_object (ext); |
917 |
ASN1_OBJECT *obj = X509_EXTENSION_get_object (ext); |
914 |
X509V3_EXT_METHOD *convert = NULL; |
918 |
X509V3_EXT_METHOD *convert = NULL; |
915 |
long ni = OBJ_obj2nid (obj); |
919 |
long ni = OBJ_obj2nid (obj); |
916 |
const guchar *p; |
920 |
const guchar *p; |
917 |
char *value = NULL; |
921 |
char *value = NULL; |
|
|
922 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
923 |
const ASN1_OCTET_STRING* ext_value = X509_EXTENSION_get_data(ext); |
924 |
int len = ASN1_STRING_length(ext_value); |
925 |
#else |
918 |
int len = ext->value->length; |
926 |
int len = ext->value->length; |
|
|
927 |
#endif |
919 |
void *ext_str = NULL; |
928 |
void *ext_str = NULL; |
920 |
if (ni != NID_subject_alt_name) |
929 |
if (ni != NID_subject_alt_name) |
Lines 927-933
Link Here
|
927 |
if ((convert = (X509V3_EXT_METHOD *) X509V3_EXT_get (ext)) == NULL) |
936 |
if ((convert = (X509V3_EXT_METHOD *) X509V3_EXT_get (ext)) == NULL) |
928 |
continue; |
937 |
continue; |
|
|
938 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
939 |
p = ASN1_STRING_get0_data(ext_value); |
940 |
#else |
929 |
p = ext->value->data; |
941 |
p = ext->value->data; |
|
|
942 |
#endif |
930 |
ext_str = ((convert->it != NULL) ? |
943 |
ext_str = ((convert->it != NULL) ? |
931 |
ASN1_item_d2i (NULL, &p, len, ASN1_ITEM_ptr(convert->it)) : |
944 |
ASN1_item_d2i (NULL, &p, len, ASN1_ITEM_ptr(convert->it)) : |
932 |
convert->d2i (NULL, &p, len) ); |
945 |
convert->d2i (NULL, &p, len) ); |
Lines 1119-1131
Link Here
|
1119 |
X509_STORE *store = SSL_CTX_get_cert_store(session->ctx); |
1132 |
X509_STORE *store = SSL_CTX_get_cert_store(session->ctx); |
1120 |
X509 *cert = SSL_get_peer_certificate (session->ssl); |
1133 |
X509 *cert = SSL_get_peer_certificate (session->ssl); |
1121 |
STACK_OF(X509) *chain = SSL_get_peer_cert_chain (session->ssl); |
1134 |
STACK_OF(X509) *chain = SSL_get_peer_cert_chain (session->ssl); |
|
|
1135 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
1136 |
X509_VERIFY_PARAM* param = X509_STORE_get0_param(store); |
1137 |
long old_flags = X509_VERIFY_PARAM_get_flags(param); |
1138 |
#else |
1122 |
long old_flags = store->param->flags; |
1139 |
long old_flags = store->param->flags; |
|
|
1140 |
#endif |
1123 |
long new_flags = old_flags; |
1141 |
long new_flags = old_flags; |
1124 |
DEBUG("No CRL available, but not in strict mode - re-verifying"); |
1142 |
DEBUG("No CRL available, but not in strict mode - re-verifying"); |
1125 |
new_flags &= ~(X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); |
1143 |
new_flags &= ~(X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); |
|
|
1144 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
1145 |
X509_VERIFY_PARAM_set_flags(param, new_flags); |
1146 |
#else |
1126 |
store->param->flags = new_flags; |
1147 |
store->param->flags = new_flags; |
|
|
1148 |
#endif |
1127 |
X509_STORE_CTX_init (xctx, store, cert, chain); |
1149 |
X509_STORE_CTX_init (xctx, store, cert, chain); |
1128 |
X509_STORE_CTX_set_flags (xctx, new_flags); |
1150 |
X509_STORE_CTX_set_flags (xctx, new_flags); |
Lines 1135-1141
Link Here
|
1135 |
status = _cert_status (session, new_code, level, ssl_code); |
1157 |
status = _cert_status (session, new_code, level, ssl_code); |
1136 |
} |
1158 |
} |
|
|
1159 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
1160 |
X509_VERIFY_PARAM_set_flags(param, old_flags); |
1161 |
#else |
1137 |
store->param->flags = old_flags; |
1162 |
store->param->flags = old_flags; |
|
|
1163 |
#endif |
1138 |
X509_STORE_CTX_free (xctx); |
1164 |
X509_STORE_CTX_free (xctx); |
1139 |
X509_free (cert); |
1165 |
X509_free (cert); |
Lines 1674-1685
Link Here
|
1674 |
if G_UNLIKELY (g_once_init_enter (&initialised)) |
1700 |
if G_UNLIKELY (g_once_init_enter (&initialised)) |
1675 |
{ |
1701 |
{ |
|
|
1702 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
1703 |
DEBUG ("initialising SSL library and error strings"); |
1704 |
#else |
1676 |
gint malloc_init_succeeded; |
1705 |
gint malloc_init_succeeded; |
1677 |
|
|
|
1678 |
DEBUG ("initialising SSL library and error strings"); |
1706 |
DEBUG ("initialising SSL library and error strings"); |
1679 |
|
|
|
1680 |
malloc_init_succeeded = CRYPTO_malloc_init (); |
1707 |
malloc_init_succeeded = CRYPTO_malloc_init (); |
1681 |
g_warn_if_fail (malloc_init_succeeded); |
1708 |
g_warn_if_fail (malloc_init_succeeded); |
|
|
1709 |
#endif |
1682 |
SSL_library_init (); |
1710 |
SSL_library_init (); |
1683 |
SSL_load_error_strings (); |
1711 |
SSL_load_error_strings (); |