aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2015-12-10 19:20:22 +0100
committerDaniel Stenberg <daniel@haxx.se>2015-12-10 22:45:38 +0100
commit7f683b0ea87ed158eb4bd22cdd1f26eb901a97d0 (patch)
tree4124d9b1c0afd61ff0feb31ac7414f808fa9adec /lib
parentdd1b44c6126a03c6a696fa749e2a32eb616e9131 (diff)
openssl: adapt to openssl >= 1.1.0 X509 opaque structs
Closes #491
Diffstat (limited to 'lib')
-rw-r--r--lib/vtls/openssl.c52
1 files changed, 38 insertions, 14 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 4a705b657..fdc27b04d 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -119,10 +119,15 @@
#define OPENSSL_NO_SSL2
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ removed "SSLeay" */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L /* 1.1.0+ */
#define SSLeay_add_ssl_algorithms() SSL_library_init()
#define SSLeay() OpenSSL_version_num()
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+#define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x1000200fL /* 1.0.2 or later */
+#define HAVE_X509_GET0_SIGNATURE 1
#endif
#if defined(OPENSSL_IS_BORINGSSL)
@@ -2324,13 +2329,11 @@ static CURLcode get_cert_chain(struct connectdata *conn,
for(i = 0; i < numcerts; i++) {
ASN1_INTEGER *num;
-
X509 *x = sk_X509_value(sk, i);
-
- X509_CINF *cinf;
EVP_PKEY *pubkey=NULL;
int j;
char *ptr;
+ ASN1_BIT_STRING *psig;
X509_NAME_print_ex(mem, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
push_certinfo("Subject", i);
@@ -2348,10 +2351,36 @@ static CURLcode get_cert_chain(struct connectdata *conn,
BIO_printf(mem, "%02x", num->data[j]);
push_certinfo("Serial Number", i);
- cinf = x->cert_info;
+#if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS)
+ {
+ X509_ALGOR *palg;
+ ASN1_STRING *a = ASN1_STRING_new();
+ if(a) {
+ X509_get0_signature(&psig, &palg, x);
+ X509_signature_print(mem, palg, a);
+ ASN1_STRING_free(a);
+ }
+ i2a_ASN1_OBJECT(mem, palg->algorithm);
+ push_certinfo("Public Key Algorithm", i);
- i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
- push_certinfo("Signature Algorithm", i);
+ X509V3_ext(data, i, X509_get0_extensions(x));
+ }
+#else
+ {
+ /* before OpenSSL 1.0.2 */
+ X509_CINF *cinf = x->cert_info;
+
+ i2a_ASN1_OBJECT(mem, cinf->signature->algorithm);
+ push_certinfo("Signature Algorithm", i);
+
+ i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
+ push_certinfo("Public Key Algorithm", i);
+
+ X509V3_ext(data, i, cinf->extensions);
+
+ psig = x->signature;
+ }
+#endif
ASN1_TIME_print(mem, X509_get_notBefore(x));
push_certinfo("Start date", i);
@@ -2359,9 +2388,6 @@ static CURLcode get_cert_chain(struct connectdata *conn,
ASN1_TIME_print(mem, X509_get_notAfter(x));
push_certinfo("Expire date", i);
- i2a_ASN1_OBJECT(mem, cinf->key->algor->algorithm);
- push_certinfo("Public Key Algorithm", i);
-
pubkey = X509_get_pubkey(x);
if(!pubkey)
infof(data, " Unable to load public key\n");
@@ -2402,10 +2428,8 @@ static CURLcode get_cert_chain(struct connectdata *conn,
EVP_PKEY_free(pubkey);
}
- X509V3_ext(data, i, cinf->extensions);
-
- for(j = 0; j < x->signature->length; j++)
- BIO_printf(mem, "%02x:", x->signature->data[j]);
+ for(j = 0; j < psig->length; j++)
+ BIO_printf(mem, "%02x:", psig->data[j]);
push_certinfo("Signature", i);
PEM_write_bio_X509(mem, x);