Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace reference to 'extra_certs' for BoringSSL/OpenSSL 1.0.2 and later #74

Closed
byllyfish opened this issue Jul 11, 2015 · 1 comment
Closed

Comments

@byllyfish
Copy link

@byllyfish byllyfish commented Jul 11, 2015

ASIO no longer compiles when using the latest BoringSSL because ASIO accesses the extra_certs member directly in context::use_certificate_chain. To clear the certificate chain, OpenSSL 1.0.2 added a new API you can use: SSL_CTX_clear_chain_certs

Here is a patch for context.ipp:

diff --git a/asio/include/asio/ssl/impl/context.ipp b/asio/include/asio/ssl/impl/context.ipp
index 08705e7..77da84e 100644
--- a/asio/include/asio/ssl/impl/context.ipp
+++ b/asio/include/asio/ssl/impl/context.ipp
@@ -539,11 +539,15 @@ asio::error_code context::use_certificate_chain(
       return ec;
     }

+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
+    ::SSL_CTX_clear_chain_certs(handle_);
+#else
     if (handle_->extra_certs)
     {
       ::sk_X509_pop_free(handle_->extra_certs, X509_free);
       handle_->extra_certs = 0;
     }
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L)

     while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0,
           handle_->default_passwd_callback,
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.