You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bi...@apache.org on 2015/10/01 03:20:57 UTC
svn commit: r1706179 - in /tomcat/native/trunk/native/src: sslinfo.c
sslutils.c
Author: billbarker
Date: Thu Oct 1 01:20:57 2015
New Revision: 1706179
URL: http://svn.apache.org/viewvc?rev=1706179&view=rev
Log:
catch up with OpenSSL master. ported from 1.1 branch
Modified:
tomcat/native/trunk/native/src/sslinfo.c
tomcat/native/trunk/native/src/sslutils.c
Modified: tomcat/native/trunk/native/src/sslinfo.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslinfo.c?rev=1706179&r1=1706178&r2=1706179&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslinfo.c (original)
+++ tomcat/native/trunk/native/src/sslinfo.c Thu Oct 1 01:20:57 2015
@@ -393,14 +393,22 @@ TCN_IMPLEMENT_CALL(jstring, SSLSocket, g
}
break;
case SSL_INFO_CLIENT_A_SIG:
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
nid = OBJ_obj2nid((ASN1_OBJECT *)xs->cert_info->signature->algorithm);
+#else
+ nid = X509_get_signature_nid(xs);
+#endif
if (nid == NID_undef)
value = tcn_new_string(e, "UNKNOWN");
else
value = tcn_new_string(e, OBJ_nid2ln(nid));
break;
case SSL_INFO_CLIENT_A_KEY:
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
nid = OBJ_obj2nid((ASN1_OBJECT *)xs->cert_info->key->algor->algorithm);
+#else
+ nid = OBJ_obj2nid((ASN1_OBJECT *)(X509_get_X509_PUBKEY(xs)->algor->algorithm));
+#endif
if (nid == NID_undef)
value = tcn_new_string(e, "UNKNOWN");
else
@@ -442,14 +450,22 @@ TCN_IMPLEMENT_CALL(jstring, SSLSocket, g
}
break;
case SSL_INFO_SERVER_A_SIG:
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
nid = OBJ_obj2nid((ASN1_OBJECT *)xs->cert_info->signature->algorithm);
+#else
+ nid = X509_get_signature_nid(xs);
+#endif
if (nid == NID_undef)
value = tcn_new_string(e, "UNKNOWN");
else
value = tcn_new_string(e, OBJ_nid2ln(nid));
break;
case SSL_INFO_SERVER_A_KEY:
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
nid = OBJ_obj2nid((ASN1_OBJECT *)xs->cert_info->key->algor->algorithm);
+#else
+ nid = OBJ_obj2nid((ASN1_OBJECT *)(X509_get_X509_PUBKEY(xs)->algor->algorithm));
+#endif
if (nid == NID_undef)
value = tcn_new_string(e, "UNKNOWN");
else
Modified: tomcat/native/trunk/native/src/sslutils.c
URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslutils.c?rev=1706179&r1=1706178&r2=1706179&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/sslutils.c (original)
+++ tomcat/native/trunk/native/src/sslutils.c Thu Oct 1 01:20:57 2015
@@ -419,7 +419,11 @@ static int ssl_verify_CRL(int ok, X509_S
X509_REVOKED *revoked =
sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
ASN1_INTEGER *sn = revoked->serialNumber;
+#else
+ ASN1_INTEGER *sn = X509_REVOKED_get0_serialNumber(revoked);
+#endif
if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) {
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org