From: Howard Chu Date: Sun, 31 Jan 2016 03:29:28 +0000 (+0000) Subject: ITS#8353 more for OpenSSL 1.1 compat X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6bb6d5e3c6269589f5e64805bd849174d62bd3ea;p=openldap ITS#8353 more for OpenSSL 1.1 compat tmp_rsa callback has been removed from OpenSSL 1.1 Use new X509_NAME accessor function to retrieve DER bytes --- diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c index d9b30f3c49..e1b7d48e32 100644 --- a/libraries/libldap/tls_o.c +++ b/libraries/libldap/tls_o.c @@ -57,7 +57,9 @@ static void tlso_report_error( void ); static void tlso_info_cb( const SSL *ssl, int where, int ret ); static int tlso_verify_cb( int ok, X509_STORE_CTX *ctx ); static int tlso_verify_ok( int ok, X509_STORE_CTX *ctx ); +#if OPENSSL_VERSION_NUMBER < 0x10100000 static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length ); +#endif static int tlso_seed_PRNG( const char *randfile ); @@ -374,7 +376,9 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) SSL_CTX_set_verify( ctx, i, lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW ? tlso_verify_ok : tlso_verify_cb ); +#if OPENSSL_VERSION_NUMBER < 0x10100000 SSL_CTX_set_tmp_rsa_callback( ctx, tlso_tmp_rsa_cb ); +#endif #ifdef HAVE_OPENSSL_CRL if ( lo->ldo_tls_crlcheck ) { X509_STORE *x509_s = SSL_CTX_get_cert_store( ctx ); @@ -469,8 +473,17 @@ tlso_session_my_dn( tls_session *sess, struct berval *der_dn ) if (!x) return LDAP_INVALID_CREDENTIALS; xn = X509_get_subject_name(x); +#if OPENSSL_VERSION_NUMBER < 0x10100000 der_dn->bv_len = i2d_X509_NAME( xn, NULL ); der_dn->bv_val = xn->bytes->data; +#else + { + size_t len = 0; + der_dn->bv_val = NULL; + X509_NAME_get0_der( (const unsigned char **)&der_dn->bv_val, &len, xn ); + der_dn->bv_len = len; + } +#endif /* Don't X509_free, the session is still using it */ return 0; } @@ -496,8 +509,17 @@ tlso_session_peer_dn( tls_session *sess, struct berval *der_dn ) return LDAP_INVALID_CREDENTIALS; xn = X509_get_subject_name(x); +#if OPENSSL_VERSION_NUMBER < 0x10100000 der_dn->bv_len = i2d_X509_NAME( xn, NULL ); der_dn->bv_val = xn->bytes->data; +#else + { + size_t len = 0; + der_dn->bv_val = NULL; + X509_NAME_get0_der( (const unsigned char **)&der_dn->bv_val, &len, xn ); + der_dn->bv_len = len; + } +#endif X509_free(x); return 0; } @@ -1149,6 +1171,7 @@ tlso_report_error( void ) } } +#if OPENSSL_VERSION_NUMBER < 0x10100000 static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length ) { @@ -1179,6 +1202,7 @@ tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length ) } return tmp_rsa; } +#endif /* OPENSSL_VERSION_NUMBER < 1.1 */ static int tlso_seed_PRNG( const char *randfile )