[glib-networking: 13/129] openssl/gtlscertificate: adapt to OpenSSL 1.1.0+
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking: 13/129] openssl/gtlscertificate: adapt to OpenSSL 1.1.0+
- Date: Sat, 2 Feb 2019 22:44:29 +0000 (UTC)
commit 260ccc630c3aecbf7376840387c604c5d4f3f47a
Author: Igor Gnatenko <ignatenko src gnome org>
Date: Fri Oct 21 17:19:13 2016 +0200
openssl/gtlscertificate: adapt to OpenSSL 1.1.0+
Since 1.1.0 X509_STORE_CTX is opaque structure.
Signed-off-by: Igor Gnatenko <ignatenko src gnome org>
tls/openssl/gtlscertificate-openssl.c | 30 ++++++++++++++++--------------
tls/openssl/gtlsfiledatabase-openssl.c | 28 +++++++++++++++-------------
2 files changed, 31 insertions(+), 27 deletions(-)
---
diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c
index d51c9f5..cff0122 100644
--- a/tls/openssl/gtlscertificate-openssl.c
+++ b/tls/openssl/gtlscertificate-openssl.c
@@ -307,15 +307,16 @@ g_tls_certificate_openssl_verify (GTlsCertificate *cert,
if (trusted_ca)
{
X509_STORE *store;
- X509_STORE_CTX csc;
+ X509_STORE_CTX *csc;
STACK_OF(X509) *trusted;
store = X509_STORE_new ();
+ csc = X509_STORE_CTX_new ();
- if (!X509_STORE_CTX_init (&csc, store, x, untrusted))
+ if (!X509_STORE_CTX_init (csc, store, x, untrusted))
{
sk_X509_free (untrusted);
- X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_CTX_cleanup (csc);
X509_STORE_free (store);
return G_TLS_CERTIFICATE_GENERIC_ERROR;
}
@@ -328,12 +329,12 @@ g_tls_certificate_openssl_verify (GTlsCertificate *cert,
sk_X509_push (trusted, priv->cert);
}
- X509_STORE_CTX_trusted_stack (&csc, trusted);
- if (X509_verify_cert (&csc) <= 0)
- gtls_flags |= g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (&csc));
+ X509_STORE_CTX_trusted_stack (csc, trusted);
+ if (X509_verify_cert (csc) <= 0)
+ gtls_flags |= g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (csc));
sk_X509_free (trusted);
- X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_CTX_cleanup (csc);
X509_STORE_free (store);
}
@@ -605,7 +606,7 @@ is_issuer (GTlsCertificateOpenssl *cert,
X509 *x;
X509 *issuer_x;
X509_STORE *store;
- X509_STORE_CTX csc;
+ X509_STORE_CTX *csc;
STACK_OF(X509) *trusted;
gboolean ret = FALSE;
gint err;
@@ -614,20 +615,21 @@ is_issuer (GTlsCertificateOpenssl *cert,
issuer_x = g_tls_certificate_openssl_get_cert (issuer);
store = X509_STORE_new ();
+ csc = X509_STORE_CTX_new ();
- if (!X509_STORE_CTX_init (&csc, store, x, NULL))
+ if (!X509_STORE_CTX_init (csc, store, x, NULL))
goto end;
trusted = sk_X509_new_null ();
sk_X509_push (trusted, issuer_x);
- X509_STORE_CTX_trusted_stack (&csc, trusted);
- X509_STORE_CTX_set_flags (&csc, X509_V_FLAG_CB_ISSUER_CHECK);
+ X509_STORE_CTX_trusted_stack (csc, trusted);
+ X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CB_ISSUER_CHECK);
/* FIXME: is this the right way to do it? */
- if (X509_verify_cert (&csc) <= 0)
+ if (X509_verify_cert (csc) <= 0)
{
- err = X509_STORE_CTX_get_error (&csc);
+ err = X509_STORE_CTX_get_error (csc);
if (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
ret = TRUE;
}
@@ -637,7 +639,7 @@ is_issuer (GTlsCertificateOpenssl *cert,
sk_X509_free (trusted);
end:
- X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_CTX_cleanup (csc);
X509_STORE_free (store);
return ret;
diff --git a/tls/openssl/gtlsfiledatabase-openssl.c b/tls/openssl/gtlsfiledatabase-openssl.c
index 8f906b4..83aa66c 100644
--- a/tls/openssl/gtlsfiledatabase-openssl.c
+++ b/tls/openssl/gtlsfiledatabase-openssl.c
@@ -516,27 +516,28 @@ is_self_signed (GTlsCertificateOpenssl *certificate)
{
X509 *cert;
X509_STORE *store;
- X509_STORE_CTX csc;
+ X509_STORE_CTX *csc;
STACK_OF(X509) *trusted;
gboolean ret = FALSE;
store = X509_STORE_new ();
+ csc = X509_STORE_CTX_new ();
cert = g_tls_certificate_openssl_get_cert (certificate);
- if (!X509_STORE_CTX_init(&csc, store, cert, NULL))
+ if (!X509_STORE_CTX_init(csc, store, cert, NULL))
goto end;
trusted = sk_X509_new_null ();
sk_X509_push (trusted, cert);
- X509_STORE_CTX_trusted_stack (&csc, trusted);
- X509_STORE_CTX_set_flags (&csc, X509_V_FLAG_CHECK_SS_SIGNATURE);
+ X509_STORE_CTX_trusted_stack (csc, trusted);
+ X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CHECK_SS_SIGNATURE);
- ret = X509_verify_cert (&csc) > 0;
+ ret = X509_verify_cert (csc) > 0;
sk_X509_free (trusted);
end:
- X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_CTX_cleanup (csc);
X509_STORE_free (store);
return ret;
@@ -734,7 +735,7 @@ g_tls_file_database_openssl_verify_chain (GTlsDatabase *database,
GTlsCertificateOpenssl *anchor;
STACK_OF(X509) *certs, *anchors;
X509_STORE *store;
- X509_STORE_CTX csc;
+ X509_STORE_CTX *csc;
X509 *x;
gint status;
GTlsCertificateFlags result = 0;
@@ -767,11 +768,12 @@ g_tls_file_database_openssl_verify_chain (GTlsDatabase *database,
certs = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (chain));
store = X509_STORE_new ();
+ csc = X509_STORE_CTX_new ();
x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (chain));
- if (!X509_STORE_CTX_init(&csc, store, x, certs))
+ if (!X509_STORE_CTX_init(csc, store, x, certs))
{
- X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_CTX_cleanup (csc);
X509_STORE_free (store);
sk_X509_free (certs);
return G_TLS_CERTIFICATE_GENERIC_ERROR;
@@ -781,15 +783,15 @@ g_tls_file_database_openssl_verify_chain (GTlsDatabase *database,
{
g_assert (g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (anchor)) == NULL);
anchors = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (anchor));
- X509_STORE_CTX_trusted_stack (&csc, anchors);
+ X509_STORE_CTX_trusted_stack (csc, anchors);
}
else
anchors = NULL;
- if (X509_verify_cert (&csc) <= 0)
- result = g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (&csc));
+ if (X509_verify_cert (csc) <= 0)
+ result = g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (csc));
- X509_STORE_CTX_cleanup (&csc);
+ X509_STORE_CTX_cleanup (csc);
X509_STORE_free (store);
sk_X509_free (certs);
if (anchors)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]