Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support openssl 1.1.0 #32

Merged
merged 1 commit into from
May 17, 2019
Merged

Support openssl 1.1.0 #32

merged 1 commit into from
May 17, 2019

Conversation

ilpianista
Copy link
Contributor

This adapts the code to OpenSSL 1.1.0 changes and fixes #29.

@ilpianista
Copy link
Contributor Author

After looking at df45f3e I understand that a proper fix would be to override X509_STORE_get_by_subject and add X509_OBJECT_new into pam-pkcs11-ossl-compat.h. Would you prefer it?

thyagarajan-balakrishnan
thyagarajan-balakrishnan reviewed Apr 29, 2019
View reviewed changes
src/common/cert_vfy.c
#else
X509_OBJECT *obj = X509_OBJECT_new();
rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_CRL_get_issuer(crl), obj);
#endif
if (rv <= 0) {
set_error("getting the certificate of the crl-issuer failed");
return -1;
}
/* extract public key and verify signature */
issuer_cert = X509_OBJECT_get0_X509((&obj));
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

X509_OBJECT_get0_X509() seems to be introduced in 1.1.0 and not available in 1.0.2. Perhaps this could work.

#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
  issuer_cert = obj.data.x509
#else
  issuer_cert = X509_OBJECT_get0_X509((&obj));
#endif

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

X509_OBJECT_get0_X509() is defined in https://github.com/OpenSC/pam_pkcs11/blob/master/src/common/pam-pkcs11-ossl-compat.h#L97 for OpenSSL < 1.1.0

thyagarajan-balakrishnan
thyagarajan-balakrishnan reviewed Apr 29, 2019
View reviewed changes
src/common/cert_vfy.c
rv = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x509), &obj);
#else
rv = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x509), obj);
#endif
if (rv <= 0) {
set_error("no dedicated crl available");
return -1;
}
crl = X509_OBJECT_get0_X509_CRL((&obj));
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here

#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
  crl = obj.data.crl
#else
  crl = X509_OBJECT_get0_X509_CRL((&obj));
#endif

thyagarajan-balakrishnan
thyagarajan-balakrishnan reviewed Apr 29, 2019
View reviewed changes
Copy link

@thyagarajan-balakrishnan thyagarajan-balakrishnan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

X509_OBJECT_get0_X509() seems to be introduced in openssl1.1.0 and not available in openssl 1.0.2.

@LudovicRousseau LudovicRousseau merged commit d256fd4 into OpenSC:master May 17, 2019
bowb pushed a commit to bowb/pam_pkcs11 that referenced this pull request Mar 6, 2023
@LudovicRousseau
Merge pull request OpenSC#32 from ilpianista/openssl-110
64ad8e2 
Support openssl 1.1.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LudovicRousseau LudovicRousseau LudovicRousseau left review comments

@thyagarajan-balakrishnan thyagarajan-balakrishnan thyagarajan-balakrishnan left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

unable to build pam_pkcs11
3 participants
@ilpianista @LudovicRousseau @thyagarajan-balakrishnan