Replace reference to 'extra_certs' for BoringSSL/OpenSSL 1.0.2 and later #74
Description
ASIO no longer compiles when using the latest BoringSSL because ASIO accesses the extra_certs member directly in context::use_certificate_chain. To clear the certificate chain, OpenSSL 1.0.2 added a new API you can use: SSL_CTX_clear_chain_certs
Here is a patch for context.ipp:
diff --git a/asio/include/asio/ssl/impl/context.ipp b/asio/include/asio/ssl/impl/context.ipp
index 08705e7..77da84e 100644
--- a/asio/include/asio/ssl/impl/context.ipp
+++ b/asio/include/asio/ssl/impl/context.ipp
@@ -539,11 +539,15 @@ asio::error_code context::use_certificate_chain(
return ec;
}
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
+ ::SSL_CTX_clear_chain_certs(handle_);
+#else
if (handle_->extra_certs)
{
::sk_X509_pop_free(handle_->extra_certs, X509_free);
handle_->extra_certs = 0;
}
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L)
while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0,
handle_->default_passwd_callback,