You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2017/05/08 13:48:34 UTC
[trafficserver] branch 7.1.x updated: X509 was made opaque in
OpenSSL 1.1
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/7.1.x by this push:
new e3fffeb X509 was made opaque in OpenSSL 1.1
e3fffeb is described below
commit e3fffebc84949eaa77f6dbc8021e7eb65a5f37c2
Author: Jack Bates <ja...@nottheoilrig.com>
AuthorDate: Sat Jan 28 11:12:38 2017 -0700
X509 was made opaque in OpenSSL 1.1
Fixes #1385
(cherry picked from commit 22994b0dc3ad5827a26a6fed2ee525cc16b476d8)
---
configure.ac | 1 +
plugins/experimental/sslheaders/expand.cc | 14 +++++++++++---
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 66e71b6..9bd59c5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1145,6 +1145,7 @@ AC_CHECK_FUNCS([ \
BIO_sock_non_fatal_error \
CRYPTO_set_mem_functions \
HMAC_CTX_new \
+ X509_get0_signature \
])
AC_CHECK_FUNC([BIO_set_data], [],
diff --git a/plugins/experimental/sslheaders/expand.cc b/plugins/experimental/sslheaders/expand.cc
index 870ef75..059ca42 100644
--- a/plugins/experimental/sslheaders/expand.cc
+++ b/plugins/experimental/sslheaders/expand.cc
@@ -70,9 +70,17 @@ x509_expand_serial(X509 *x509, BIO *bio)
static void
x509_expand_signature(X509 *x509, BIO *bio)
{
- ASN1_BIT_STRING *sig = x509->signature;
- const char *ptr = (const char *)sig->data;
- const char *end = ptr + sig->length;
+#ifndef HAVE_X509_GET0_SIGNATURE
+ const ASN1_BIT_STRING *sig = x509->signature;
+#else
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_get0_signature(psig, palg, x) (X509_get0_signature(const_cast<ASN1_BIT_STRING **>(psig), (palg), (x)))
+#endif
+ const ASN1_BIT_STRING *sig;
+ X509_get0_signature(&sig, nullptr, x509);
+#endif
+ const char *ptr = (const char *)sig->data;
+ const char *end = ptr + sig->length;
// The canonical OpenSSL way to format the signature seems to be
// X509_signature_dump(). However that separates each byte with a ':', which is
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].