From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 20 Nov 2016 03:35:07 +0000 (-0800)
Subject: More openssl1.1 fixes: remove uses of X509->name in debugging. (closes #3870)
X-Git-Tag: neomutt-20170225~32^2~41^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c2919f946b1100931bc555d4710f2d4fa13598af;p=neomutt

More openssl1.1 fixes: remove uses of X509->name in debugging. (closes #3870)

X509->name was a shortcut for the longer
  name = X509_NAME_oneline (X509_get_subject_name (cert),
			    buf, sizeof (buf));
invocation.  Change the debugging to print the cert name and chain
names in the ssl_check_certificate() loop instead.
---

diff --git a/mutt_ssl.c b/mutt_ssl.c
index c44fad7d2..5fe813182 100644
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -666,7 +666,6 @@ static int check_certificate_by_signer (X509 *peercert)
     snprintf (buf, sizeof (buf), "%s (%d)",
 	X509_verify_cert_error_string(err), err);
     dprint (2, (debugfile, "X509_verify_cert: %s\n", buf));
-    dprint (2, (debugfile, " [%s]\n", peercert->name));
   }
 #endif
   X509_STORE_CTX_free (xsc);
@@ -914,7 +913,7 @@ out:
 
 static int ssl_cache_trusted_cert (X509 *c)
 {
-  dprint (1, (debugfile, "trusted: %s\n", c->name));
+  dprint (1, (debugfile, "ssl_cache_trusted_cert: trusted\n"));
   if (!SslSessionCerts)
     SslSessionCerts = sk_X509_new_null();
   return (sk_X509_push (SslSessionCerts, X509_dup(c)));
@@ -967,6 +966,13 @@ static int ssl_check_certificate (CONNECTION *conn, sslsockdata *data)
   int i, preauthrc, chain_len;
   STACK_OF(X509) *chain;
   X509 *cert;
+#ifdef DEBUG
+  char buf[STRING];
+
+  dprint (1, (debugfile, "ssl_check_certificate: checking cert %s\n",
+              X509_NAME_oneline (X509_get_subject_name (data->cert),
+                                 buf, sizeof (buf))));
+#endif
 
   if ((preauthrc = ssl_check_preauth (data->cert, conn->account.host)) > 0)
     return preauthrc;
@@ -983,6 +989,10 @@ static int ssl_check_certificate (CONNECTION *conn, sslsockdata *data)
   {
     cert = sk_X509_value (chain, i);
 
+    dprint (1, (debugfile, "ssl_check_certificate: checking cert chain entry %s\n",
+                X509_NAME_oneline (X509_get_subject_name (cert),
+                                   buf, sizeof (buf))));
+
     /* if the certificate validates or is manually accepted, then add it to
      * the trusted set and recheck the peer certificate */
     if (ssl_check_preauth (cert, NULL)
@@ -1009,8 +1019,6 @@ static int interactive_check_cert (X509 *cert, int idx, int len)
   FILE *fp;
   char *name = NULL, *c;
 
-  dprint (2, (debugfile, "interactive_check_cert: %s\n", cert->name));
-
   menu->max = 19;
   menu->dialog = (char **) safe_calloc (1, menu->max * sizeof (char *));
   for (i = 0; i < menu->max; i++)
@@ -1021,7 +1029,6 @@ static int interactive_check_cert (X509 *cert, int idx, int len)
   row++;
   name = X509_NAME_oneline (X509_get_subject_name (cert),
 			    buf, sizeof (buf));
-  dprint (2, (debugfile, "oneline: %s\n", name));
 
   for (i = 0; i < 5; i++)
   {