1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 06:25:03 -05:00

openssl: adapt to openssl >= 1.1.0 X509 opaque structs

Closes #491
This commit is contained in:
Daniel Stenberg 2015-12-10 19:20:22 +01:00
parent dd1b44c612
commit 7f683b0ea8

View File

@ -119,10 +119,15 @@
#define OPENSSL_NO_SSL2 #define OPENSSL_NO_SSL2
#endif #endif
#if OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ removed "SSLeay" */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ */
#define SSLeay_add_ssl_algorithms() SSL_library_init() #define SSLeay_add_ssl_algorithms() SSL_library_init()
#define SSLeay() OpenSSL_version_num() #define SSLeay() OpenSSL_version_num()
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
#endif
#if OPENSSL_VERSION_NUMBER >= 0x1000200fL /* 1.0.2 or later */
#define HAVE_X509_GET0_SIGNATURE 1
#endif #endif
#if defined(OPENSSL_IS_BORINGSSL) #if defined(OPENSSL_IS_BORINGSSL)
@ -2324,13 +2329,11 @@ static CURLcode get_cert_chain(struct connectdata *conn,
for(i = 0; i < numcerts; i++) { for(i = 0; i < numcerts; i++) {
ASN1_INTEGER *num; ASN1_INTEGER *num;
X509 *x = sk_X509_value(sk, i); X509 *x = sk_X509_value(sk, i);
X509_CINF *cinf;
EVP_PKEY *pubkey=NULL; EVP_PKEY *pubkey=NULL;
int j; int j;
char *ptr; char *ptr;
ASN1_BIT_STRING *psig;
X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE); X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
push_certinfo("Subject", i); push_certinfo("Subject", i);
@ -2348,10 +2351,36 @@ static CURLcode get_cert_chain(struct connectdata *conn,
BIO_printf(mem, "%02x", num->data[j]); BIO_printf(mem, "%02x", num->data[j]);
push_certinfo("Serial Number", i); push_certinfo("Serial Number", i);
cinf = x->cert_info; #if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)
{
X509_ALGOR *palg;
ASN1_STRING *a = ASN1_STRING_new();
if(a) {
X509_get0_signature(&psig, &palg, x);
X509_signature_print(mem, palg, a);
ASN1_STRING_free(a);
}
i2a_ASN1_OBJECT(mem, palg->algorithm);
push_certinfo("Public Key Algorithm", i);
i2a_ASN1_OBJECT(mem, cinf->signature->algorithm); X509V3_ext(data, i, X509_get0_extensions(x));
push_certinfo("Signature Algorithm", i); }
#else
{
/* before OpenSSL 1.0.2 */
X509_CINF *cinf = x->cert_info;
i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
push_certinfo("Signature Algorithm", i);
i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
push_certinfo("Public Key Algorithm", i);
X509V3_ext(data, i, cinf->extensions);
psig = x->signature;
}
#endif
ASN1_TIME_print(mem, X509_get_notBefore(x)); ASN1_TIME_print(mem, X509_get_notBefore(x));
push_certinfo("Start date", i); push_certinfo("Start date", i);
@ -2359,9 +2388,6 @@ static CURLcode get_cert_chain(struct connectdata *conn,
ASN1_TIME_print(mem, X509_get_notAfter(x)); ASN1_TIME_print(mem, X509_get_notAfter(x));
push_certinfo("Expire date", i); push_certinfo("Expire date", i);
i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
push_certinfo("Public Key Algorithm", i);
pubkey = X509_get_pubkey(x); pubkey = X509_get_pubkey(x);
if(!pubkey) if(!pubkey)
infof(data, " Unable to load public key\n"); infof(data, " Unable to load public key\n");
@ -2402,10 +2428,8 @@ static CURLcode get_cert_chain(struct connectdata *conn,
EVP_PKEY_free(pubkey); EVP_PKEY_free(pubkey);
} }
X509V3_ext(data, i, cinf->extensions); for(j = 0; j < psig->length; j++)
BIO_printf(mem, "%02x:", psig->data[j]);
for(j = 0; j < x->signature->length; j++)
BIO_printf(mem, "%02x:", x->signature->data[j]);
push_certinfo("Signature", i); push_certinfo("Signature", i);
PEM_write_bio_X509(mem, x); PEM_write_bio_X509(mem, x);