-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support openssl 1.1.0 #32
Conversation
After looking at df45f3e I understand that a proper fix would be to override |
#else | ||
X509_OBJECT *obj = X509_OBJECT_new(); | ||
rv = X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_CRL_get_issuer(crl), obj); | ||
#endif | ||
if (rv <= 0) { | ||
set_error("getting the certificate of the crl-issuer failed"); | ||
return -1; | ||
} | ||
/* extract public key and verify signature */ | ||
issuer_cert = X509_OBJECT_get0_X509((&obj)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
X509_OBJECT_get0_X509()
seems to be introduced in 1.1.0 and not available in 1.0.2. Perhaps this could work.
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
issuer_cert = obj.data.x509
#else
issuer_cert = X509_OBJECT_get0_X509((&obj));
#endif
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
X509_OBJECT_get0_X509() is defined in https://github.com/OpenSC/pam_pkcs11/blob/master/src/common/pam-pkcs11-ossl-compat.h#L97 for OpenSSL < 1.1.0
rv = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x509), &obj); | ||
#else | ||
rv = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x509), obj); | ||
#endif | ||
if (rv <= 0) { | ||
set_error("no dedicated crl available"); | ||
return -1; | ||
} | ||
crl = X509_OBJECT_get0_X509_CRL((&obj)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
crl = obj.data.crl
#else
crl = X509_OBJECT_get0_X509_CRL((&obj));
#endif
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
X509_OBJECT_get0_X509() seems to be introduced in openssl1.1.0 and not available in openssl 1.0.2.
Support openssl 1.1.0
This adapts the code to OpenSSL 1.1.0 changes and fixes #29.