mirror of
https://git.freebsd.org/ports.git
synced 2025-06-15 17:50:31 -04:00
115 lines
4.1 KiB
C
115 lines
4.1 KiB
C
--- ssl/sslapp.c.orig 2005-01-10 23:34:59 UTC
|
|
+++ ssl/sslapp.c
|
|
@@ -113,10 +113,14 @@ do_ssleay_init(int server)
|
|
|
|
if (SSL_CTX_need_tmp_RSA(ssl_ctx)) {
|
|
RSA *rsa;
|
|
+ BIGNUM *e;
|
|
|
|
if (ssl_debug_flag)
|
|
ssl_log_msgn(bio_err, "Generating temp (512 bit) RSA key...");
|
|
- rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);
|
|
+
|
|
+ e = BN_new();
|
|
+ BN_set_word(e, RSA_F4);
|
|
+ RSA_generate_key_ex(rsa, 512, e, NULL);
|
|
if (ssl_debug_flag)
|
|
ssl_log_msgn(bio_err, "Generation of temp (512 bit) RSA key done");
|
|
|
|
@@ -289,12 +293,13 @@ int
|
|
ssl_X509_STORE_lookup(X509_STORE *pStore, int nType,
|
|
X509_NAME *pName, X509_OBJECT *pObj)
|
|
{
|
|
- X509_STORE_CTX pStoreCtx;
|
|
+ X509_STORE_CTX *pStoreCtx;
|
|
int rc;
|
|
|
|
- X509_STORE_CTX_init(&pStoreCtx, pStore, NULL, NULL);
|
|
- rc = X509_STORE_get_by_subject(&pStoreCtx, nType, pName, pObj);
|
|
- X509_STORE_CTX_cleanup(&pStoreCtx);
|
|
+ pStoreCtx = X509_STORE_CTX_new();
|
|
+ X509_STORE_CTX_init(pStoreCtx, pStore, NULL, NULL);
|
|
+ rc = X509_STORE_get_by_subject(pStoreCtx, nType, pName, pObj);
|
|
+ X509_STORE_CTX_free(pStoreCtx);
|
|
return rc;
|
|
}
|
|
|
|
@@ -311,7 +316,7 @@ ssl_X509_STORE_lookup(X509_STORE *pStore, int nType,
|
|
int
|
|
verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
|
|
{
|
|
- X509_OBJECT obj;
|
|
+ X509_OBJECT *obj;
|
|
X509_NAME *subject;
|
|
X509_NAME *issuer;
|
|
X509 *xs;
|
|
@@ -368,16 +373,16 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
|
|
* Try to retrieve a CRL corresponding to the _subject_ of
|
|
* the current certificate in order to verify it's integrity.
|
|
*/
|
|
- memset((char *)&obj, 0, sizeof(obj));
|
|
- rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, subject, &obj);
|
|
- crl = obj.data.crl;
|
|
+ obj = X509_OBJECT_new();
|
|
+ rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, subject, obj);
|
|
+ crl = X509_OBJECT_get0_X509_CRL(obj);
|
|
if (rc > 0 && crl != NULL) {
|
|
/*
|
|
* Verify the signature on this CRL
|
|
*/
|
|
if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
|
|
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
|
|
- X509_OBJECT_free_contents(&obj);
|
|
+ X509_OBJECT_free(obj);
|
|
return 0;
|
|
}
|
|
|
|
@@ -387,24 +392,24 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
|
|
i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
|
|
if (i == 0) {
|
|
X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
|
|
- X509_OBJECT_free_contents(&obj);
|
|
+ X509_OBJECT_free(obj);
|
|
return 0;
|
|
}
|
|
if (i < 0) {
|
|
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
|
|
- X509_OBJECT_free_contents(&obj);
|
|
+ X509_OBJECT_free(obj);
|
|
return 0;
|
|
}
|
|
- X509_OBJECT_free_contents(&obj);
|
|
+ X509_OBJECT_free(obj);
|
|
}
|
|
|
|
/*
|
|
* Try to retrieve a CRL corresponding to the _issuer_ of
|
|
* the current certificate in order to check for revocation.
|
|
*/
|
|
- memset((char *)&obj, 0, sizeof(obj));
|
|
- rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, issuer, &obj);
|
|
- crl = obj.data.crl;
|
|
+ obj = X509_OBJECT_new();
|
|
+ rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, issuer, obj);
|
|
+ crl = X509_OBJECT_get0_X509_CRL(obj);
|
|
if (rc > 0 && crl != NULL) {
|
|
/*
|
|
* Check if the current certificate is revoked by this CRL
|
|
@@ -412,13 +417,14 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)
|
|
n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
|
|
for (i = 0; i < n; i++) {
|
|
revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
|
|
- if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(xs)) == 0) {
|
|
+ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
|
|
+ X509_get_serialNumber(xs)) == 0) {
|
|
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
|
|
- X509_OBJECT_free_contents(&obj);
|
|
+ X509_OBJECT_free(obj);
|
|
return 0;
|
|
}
|
|
}
|
|
- X509_OBJECT_free_contents(&obj);
|
|
+ X509_OBJECT_free(obj);
|
|
}
|
|
return ok;
|
|
}
|