X509 *cert;
X509 *peercert;
X509_STORE *cert_store = NULL;
- X509_STORE_CTX cert_store_ctx;
+ X509_STORE_CTX *cert_store_ctx;
STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
const SSL_CIPHER *cipher = NULL;
int depth, verify_old, verify, n, is_slave = 0;
cert = sk_X509_value(cert_stack, 0);
}
- X509_STORE_CTX_init(&cert_store_ctx, cert_store, cert, cert_stack);
+ cert_store_ctx = X509_STORE_CTX_new();
+ X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack);
depth = SSL_get_verify_depth(ssl);
if (depth >= 0) {
- X509_STORE_CTX_set_depth(&cert_store_ctx, depth);
+ X509_STORE_CTX_set_depth(cert_store_ctx, depth);
}
- X509_STORE_CTX_set_ex_data(&cert_store_ctx,
+ X509_STORE_CTX_set_ex_data(cert_store_ctx,
SSL_get_ex_data_X509_STORE_CTX_idx(),
(char *)ssl);
- if (!X509_verify_cert(&cert_store_ctx)) {
+ if (!X509_verify_cert(cert_store_ctx)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02224)
"Re-negotiation verification step failed");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
}
- SSL_set_verify_result(ssl, cert_store_ctx.error);
- X509_STORE_CTX_cleanup(&cert_store_ctx);
+ SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(cert_store_ctx));
+ X509_STORE_CTX_cleanup(cert_store_ctx);
+ X509_STORE_CTX_free(cert_store_ctx);
if (cert_stack != SSL_get_peer_cert_chain(ssl)) {
/* we created this ourselves, so free it */
{
OCSP_REQUEST *req = OCSP_REQUEST_new();
- *certid = OCSP_cert_to_id(NULL, cert, ctx->current_issuer);
+ *certid = OCSP_cert_to_id(NULL, cert, X509_STORE_CTX_get0_current_issuer(ctx));
if (!*certid || !OCSP_request_add0_id(req, *certid)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01921)
"could not retrieve certificate id");
if (rc == V_OCSP_CERTSTATUS_GOOD) {
/* TODO: allow flags configuration. */
- if (OCSP_basic_verify(basicResponse, NULL, ctx->ctx, 0) != 1) {
+ if (OCSP_basic_verify(basicResponse, NULL, X509_STORE_CTX_get0_store(ctx), 0) != 1) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01925)
"failed to verify the OCSP response");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
void free_bio_methods(void);
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#define X509_STORE_CTX_get0_store(x) (x->ctx)
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10000000L
+#ifndef X509_STORE_CTX_get0_current_issuer
+#define X509_STORE_CTX_get0_current_issuer(x) (x->current_issuer)
+#endif
+#endif
+
/* mod_ssl headers */
#include "ssl_util_ssl.h"
X509 *issuer = NULL;
int i;
X509_STORE *st = SSL_CTX_get_cert_store(mctx->ssl_ctx);
- X509_STORE_CTX inctx;
+ X509_STORE_CTX *inctx;
STACK_OF(X509) *extra_certs = NULL;
#ifdef OPENSSL_NO_SSL_INTERN
}
}
- if (!X509_STORE_CTX_init(&inctx, st, NULL, NULL))
+ inctx = X509_STORE_CTX_new();
+ if (!X509_STORE_CTX_init(inctx, st, NULL, NULL))
return 0;
- if (X509_STORE_CTX_get1_issuer(&issuer, &inctx, x) <= 0)
+ if (X509_STORE_CTX_get1_issuer(&issuer, inctx, x) <= 0)
issuer = NULL;
- X509_STORE_CTX_cleanup(&inctx);
+ X509_STORE_CTX_cleanup(inctx);
+ X509_STORE_CTX_free(inctx);
return issuer;
-
}
int ssl_stapling_init_cert(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp,
projects / apache / commitdiff