From 46f0f1c0f492c45c1b1bbcfd4a0cc63eb56480ea Mon Sep 17 00:00:00 2001 From: Daniel-Constantin Mierla Date: Thu, 15 Sep 2016 16:30:30 +0200 Subject: [PATCH] auth_identity: switched to use pointer of X509_STORE_CTX - starting with libssl 1.1.0 the size of X509_STORE_CTX is not known at compile time, throwing error: error: storage size of 'ca_ctx' isn't known X509_STORE_CTX ca_ctx; - reported by Victor Seva, GH #685 --- modules/auth_identity/auth_crypt.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/modules/auth_identity/auth_crypt.c b/modules/auth_identity/auth_crypt.c index 2aa6a0a5332..c6a0fd11602 100644 --- a/modules/auth_identity/auth_crypt.c +++ b/modules/auth_identity/auth_crypt.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include "../../mem/mem.h" @@ -113,7 +114,7 @@ int check_x509_subj(X509 *pcert, str* sdom) if (actname->type == GEN_DNS || actname->type == GEN_URI) { /* we've found one */ - altptr = (char *)ASN1_STRING_data(actname->d.ia5); + altptr = (char *)ASN1_STRING_get0_data(actname->d.ia5); if (actname->type == GEN_URI) { if (parse_uri(altptr, strlen(altptr), &suri) != 0) { continue; @@ -161,22 +162,30 @@ int check_x509_subj(X509 *pcert, str* sdom) int verify_x509(X509 *pcert, X509_STORE *pcacerts) { - X509_STORE_CTX ca_ctx; + X509_STORE_CTX *ca_ctx = NULL; char *strerr; + ca_ctx = X509_STORE_CTX_new(); + if(ca_ctx==NULL) { + LM_ERR("cannot get a x509 context\n"); + return -1; + } - if (X509_STORE_CTX_init(&ca_ctx, pcacerts, pcert, NULL) != 1) { + if (X509_STORE_CTX_init(ca_ctx, pcacerts, pcert, NULL) != 1) { LOG(L_ERR, "AUTH_IDENTITY:verify_x509: Unable to init X509 store ctx\n"); + X509_STORE_CTX_free(ca_ctx); return -1; } - if (X509_verify_cert(&ca_ctx) != 1) { - strerr = (char *) X509_verify_cert_error_string(ca_ctx.error); + if (X509_verify_cert(ca_ctx) != 1) { + strerr = (char *)X509_verify_cert_error_string(X509_STORE_CTX_get_error(ca_ctx)); LOG(L_ERR, "AUTH_IDENTITY VERIFIER: Certificate verification error: %s\n", strerr); - X509_STORE_CTX_cleanup(&ca_ctx); + X509_STORE_CTX_cleanup(ca_ctx); + X509_STORE_CTX_free(ca_ctx); return -2; } - X509_STORE_CTX_cleanup(&ca_ctx); + X509_STORE_CTX_cleanup(ca_ctx); + X509_STORE_CTX_free(ca_ctx); LOG(AUTH_DBG_LEVEL, "AUTH_IDENTITY VERIFIER: Certificate is valid\n");