You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2017/05/08 13:48:34 UTC

[trafficserver] branch 7.1.x updated: X509 was made opaque in OpenSSL 1.1

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

The following commit(s) were added to refs/heads/7.1.x by this push:
       new  e3fffeb   X509 was made opaque in OpenSSL 1.1
e3fffeb is described below

commit e3fffebc84949eaa77f6dbc8021e7eb65a5f37c2
Author: Jack Bates <ja...@nottheoilrig.com>
AuthorDate: Sat Jan 28 11:12:38 2017 -0700

    X509 was made opaque in OpenSSL 1.1
    
    Fixes #1385
    
    (cherry picked from commit 22994b0dc3ad5827a26a6fed2ee525cc16b476d8)
---
 configure.ac                              |  1 +
 plugins/experimental/sslheaders/expand.cc | 14 +++++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 66e71b6..9bd59c5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1145,6 +1145,7 @@ AC_CHECK_FUNCS([ \
   BIO_sock_non_fatal_error \
   CRYPTO_set_mem_functions \
   HMAC_CTX_new \
+  X509_get0_signature \
 ])
 
 AC_CHECK_FUNC([BIO_set_data], [],
diff --git a/plugins/experimental/sslheaders/expand.cc b/plugins/experimental/sslheaders/expand.cc
index 870ef75..059ca42 100644
--- a/plugins/experimental/sslheaders/expand.cc
+++ b/plugins/experimental/sslheaders/expand.cc
@@ -70,9 +70,17 @@ x509_expand_serial(X509 *x509, BIO *bio)
 static void
 x509_expand_signature(X509 *x509, BIO *bio)
 {
-  ASN1_BIT_STRING *sig = x509->signature;
-  const char *ptr      = (const char *)sig->data;
-  const char *end      = ptr + sig->length;
+#ifndef HAVE_X509_GET0_SIGNATURE
+  const ASN1_BIT_STRING *sig = x509->signature;
+#else
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_get0_signature(psig, palg, x) (X509_get0_signature(const_cast<ASN1_BIT_STRING **>(psig), (palg), (x)))
+#endif
+  const ASN1_BIT_STRING *sig;
+  X509_get0_signature(&sig, nullptr, x509);
+#endif
+  const char *ptr = (const char *)sig->data;
+  const char *end = ptr + sig->length;
 
   // The canonical OpenSSL way to format the signature seems to be
   // X509_signature_dump(). However that separates each byte with a ':', which is

-- 
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].