[29707] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Add k5tls support for OpenSSL 1.1.0

daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Sep 22 22:17:47 2016

Date: Thu, 22 Sep 2016 22:17:43 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201609230217.u8N2HhWL020050@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/b6de7390454d48f69dac88ada2c67e2835fed965
commit b6de7390454d48f69dac88ada2c67e2835fed965
Author: Greg Hudson <ghudson@mit.edu>
Date:   Tue May 3 13:14:48 2016 -0400

    Add k5tls support for OpenSSL 1.1.0
    
    OpenSSL 1.1 makes the X509 type opaque and removes the M_ASN1_*
    macros.  Adjust the k5tls OpenSSL implementation accordingly.
    
    ticket: 8398

 src/plugins/tls/k5tls/openssl.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
index c9d270b..822632c 100644
--- a/src/plugins/tls/k5tls/openssl.c
+++ b/src/plugins/tls/k5tls/openssl.c
@@ -181,13 +181,13 @@ check_cert_address(X509 *x, const char *text)
     struct in6_addr sin6;
 
     /* Parse the IP address into an octet string. */
-    ip = M_ASN1_OCTET_STRING_new();
+    ip = ASN1_OCTET_STRING_new();
     if (ip == NULL)
         return FALSE;
     if (inet_pton(AF_INET, text, &sin)) {
-        M_ASN1_OCTET_STRING_set(ip, &sin, sizeof(sin));
+        ASN1_OCTET_STRING_set(ip, (unsigned char *)&sin, sizeof(sin));
     } else if (inet_pton(AF_INET6, text, &sin6)) {
-        M_ASN1_OCTET_STRING_set(ip, &sin6, sizeof(sin6));
+        ASN1_OCTET_STRING_set(ip, (unsigned char *)&sin6, sizeof(sin6));
     } else {
         ASN1_OCTET_STRING_free(ip);
         return FALSE;
@@ -317,7 +317,7 @@ verify_callback(int preverify_ok, X509_STORE_CTX *store_ctx)
     if (err != X509_V_OK) {
         bio = BIO_new(BIO_s_mem());
         if (bio != NULL) {
-            X509_NAME_print_ex(bio, x->cert_info->subject, 0, 0);
+            X509_NAME_print_ex(bio, X509_get_subject_name(x), 0, 0);
             count = BIO_get_mem_data(bio, &cert);
             errstr = X509_verify_cert_error_string(err);
             TRACE_TLS_CERT_ERROR(context, depth, count, cert, err, errstr);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post