[glib-networking: 13/129] openssl/gtlscertificate: adapt to OpenSSL 1.1.0+



commit 260ccc630c3aecbf7376840387c604c5d4f3f47a
Author: Igor Gnatenko <ignatenko src gnome org>
Date:   Fri Oct 21 17:19:13 2016 +0200

    openssl/gtlscertificate: adapt to OpenSSL 1.1.0+
    
    Since 1.1.0 X509_STORE_CTX is opaque structure.
    
    Signed-off-by: Igor Gnatenko <ignatenko src gnome org>

 tls/openssl/gtlscertificate-openssl.c  | 30 ++++++++++++++++--------------
 tls/openssl/gtlsfiledatabase-openssl.c | 28 +++++++++++++++-------------
 2 files changed, 31 insertions(+), 27 deletions(-)
---
diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c
index d51c9f5..cff0122 100644
--- a/tls/openssl/gtlscertificate-openssl.c
+++ b/tls/openssl/gtlscertificate-openssl.c
@@ -307,15 +307,16 @@ g_tls_certificate_openssl_verify (GTlsCertificate     *cert,
   if (trusted_ca)
     {
       X509_STORE *store;
-      X509_STORE_CTX csc;
+      X509_STORE_CTX *csc;
       STACK_OF(X509) *trusted;
 
       store = X509_STORE_new ();
+      csc = X509_STORE_CTX_new ();
 
-      if (!X509_STORE_CTX_init (&csc, store, x, untrusted))
+      if (!X509_STORE_CTX_init (csc, store, x, untrusted))
         {
           sk_X509_free (untrusted);
-          X509_STORE_CTX_cleanup (&csc);
+          X509_STORE_CTX_cleanup (csc);
           X509_STORE_free (store);
           return G_TLS_CERTIFICATE_GENERIC_ERROR;
         }
@@ -328,12 +329,12 @@ g_tls_certificate_openssl_verify (GTlsCertificate     *cert,
           sk_X509_push (trusted, priv->cert);
         }
 
-      X509_STORE_CTX_trusted_stack (&csc, trusted);
-      if (X509_verify_cert (&csc) <= 0)
-        gtls_flags |= g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (&csc));
+      X509_STORE_CTX_trusted_stack (csc, trusted);
+      if (X509_verify_cert (csc) <= 0)
+        gtls_flags |= g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (csc));
 
       sk_X509_free (trusted);
-      X509_STORE_CTX_cleanup (&csc);
+      X509_STORE_CTX_cleanup (csc);
       X509_STORE_free (store);
     }
 
@@ -605,7 +606,7 @@ is_issuer (GTlsCertificateOpenssl *cert,
   X509 *x;
   X509 *issuer_x;
   X509_STORE *store;
-  X509_STORE_CTX csc;
+  X509_STORE_CTX *csc;
   STACK_OF(X509) *trusted;
   gboolean ret = FALSE;
   gint err;
@@ -614,20 +615,21 @@ is_issuer (GTlsCertificateOpenssl *cert,
   issuer_x = g_tls_certificate_openssl_get_cert (issuer);
 
   store = X509_STORE_new ();
+  csc = X509_STORE_CTX_new ();
 
-  if (!X509_STORE_CTX_init (&csc, store, x, NULL))
+  if (!X509_STORE_CTX_init (csc, store, x, NULL))
     goto end;
 
   trusted = sk_X509_new_null ();
   sk_X509_push (trusted, issuer_x);
 
-  X509_STORE_CTX_trusted_stack (&csc, trusted);
-  X509_STORE_CTX_set_flags (&csc, X509_V_FLAG_CB_ISSUER_CHECK);
+  X509_STORE_CTX_trusted_stack (csc, trusted);
+  X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CB_ISSUER_CHECK);
 
   /* FIXME: is this the right way to do it? */
-  if (X509_verify_cert (&csc) <= 0)
+  if (X509_verify_cert (csc) <= 0)
     {
-      err = X509_STORE_CTX_get_error (&csc);
+      err = X509_STORE_CTX_get_error (csc);
       if (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
         ret = TRUE;
     }
@@ -637,7 +639,7 @@ is_issuer (GTlsCertificateOpenssl *cert,
   sk_X509_free (trusted);
 
 end:
-  X509_STORE_CTX_cleanup (&csc);
+  X509_STORE_CTX_cleanup (csc);
   X509_STORE_free (store);
 
   return ret;
diff --git a/tls/openssl/gtlsfiledatabase-openssl.c b/tls/openssl/gtlsfiledatabase-openssl.c
index 8f906b4..83aa66c 100644
--- a/tls/openssl/gtlsfiledatabase-openssl.c
+++ b/tls/openssl/gtlsfiledatabase-openssl.c
@@ -516,27 +516,28 @@ is_self_signed (GTlsCertificateOpenssl *certificate)
 {
   X509 *cert;
   X509_STORE *store;
-  X509_STORE_CTX csc;
+  X509_STORE_CTX *csc;
   STACK_OF(X509) *trusted;
   gboolean ret = FALSE;
 
   store = X509_STORE_new ();
+  csc = X509_STORE_CTX_new ();
   cert = g_tls_certificate_openssl_get_cert (certificate);
 
-  if (!X509_STORE_CTX_init(&csc, store, cert, NULL))
+  if (!X509_STORE_CTX_init(csc, store, cert, NULL))
     goto end;
 
   trusted = sk_X509_new_null ();
   sk_X509_push (trusted, cert);
 
-  X509_STORE_CTX_trusted_stack (&csc, trusted);
-  X509_STORE_CTX_set_flags (&csc, X509_V_FLAG_CHECK_SS_SIGNATURE);
+  X509_STORE_CTX_trusted_stack (csc, trusted);
+  X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CHECK_SS_SIGNATURE);
 
-  ret = X509_verify_cert (&csc) > 0;
+  ret = X509_verify_cert (csc) > 0;
   sk_X509_free (trusted);
 
 end:
-  X509_STORE_CTX_cleanup (&csc);
+  X509_STORE_CTX_cleanup (csc);
   X509_STORE_free (store);
 
   return ret;
@@ -734,7 +735,7 @@ g_tls_file_database_openssl_verify_chain (GTlsDatabase             *database,
   GTlsCertificateOpenssl *anchor;
   STACK_OF(X509) *certs, *anchors;
   X509_STORE *store;
-  X509_STORE_CTX csc;
+  X509_STORE_CTX *csc;
   X509 *x;
   gint status;
   GTlsCertificateFlags result = 0;
@@ -767,11 +768,12 @@ g_tls_file_database_openssl_verify_chain (GTlsDatabase             *database,
   certs = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (chain));
 
   store = X509_STORE_new ();
+  csc = X509_STORE_CTX_new ();
 
   x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (chain));
-  if (!X509_STORE_CTX_init(&csc, store, x, certs))
+  if (!X509_STORE_CTX_init(csc, store, x, certs))
     {
-      X509_STORE_CTX_cleanup (&csc);
+      X509_STORE_CTX_cleanup (csc);
       X509_STORE_free (store);
       sk_X509_free (certs);
       return G_TLS_CERTIFICATE_GENERIC_ERROR;
@@ -781,15 +783,15 @@ g_tls_file_database_openssl_verify_chain (GTlsDatabase             *database,
     {
       g_assert (g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (anchor)) == NULL);
       anchors = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (anchor));
-      X509_STORE_CTX_trusted_stack (&csc, anchors);
+      X509_STORE_CTX_trusted_stack (csc, anchors);
     }
   else
     anchors = NULL;
 
-  if (X509_verify_cert (&csc) <= 0)
-    result = g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (&csc));
+  if (X509_verify_cert (csc) <= 0)
+    result = g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (csc));
 
-  X509_STORE_CTX_cleanup (&csc);
+  X509_STORE_CTX_cleanup (csc);
   X509_STORE_free (store);
   sk_X509_free (certs);
   if (anchors)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]