mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-29 09:41:21 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: cleanup old openssl API call

Browse Source 
For generate-certificates, X509V3_EXT_conf is used but it's an old API
call: X509V3_EXT_nconf must be preferred. Openssl compatibility is ok
because it's inside #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME, introduce 5
years after X509V3_EXT_nconf.
This commit is contained in:
Emmanuel Hocdet 2018-10-01 18:41:36 +02:00 committed by Christopher Faulet
parent d3ff20f0ae
commit a9b84028e6
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/ssl_sock.c
View File

@ -1670,6 +1670,7 @@ ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL
X509 *newcrt = NULL; X509 *newcrt = NULL;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
SSL *tmp_ssl = NULL; SSL *tmp_ssl = NULL;
CONF *ctmp = NULL;
X509_NAME *name; X509_NAME *name;
const EVP_MD *digest; const EVP_MD *digest;
X509V3_CTX ctx; X509V3_CTX ctx;
@ -1727,11 +1728,12 @@ ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL
X509_NAME_free(name); X509_NAME_free(name);
/* Add x509v3 extensions as specified */ /* Add x509v3 extensions as specified */
ctmp = NCONF_new(NULL);
X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0); X509V3_set_ctx(&ctx, cacert, newcrt, NULL, NULL, 0);
for (i = 0; i < X509V3_EXT_SIZE; i++) { for (i = 0; i < X509V3_EXT_SIZE; i++) {
X509_EXTENSION *ext; X509_EXTENSION *ext;
if (!(ext = X509V3_EXT_conf(NULL, &ctx, x509v3_ext_names[i], x509v3_ext_values[i]))) if (!(ext = X509V3_EXT_nconf(ctmp, &ctx, x509v3_ext_names[i], x509v3_ext_values[i])))
goto mkcert_error; goto mkcert_error;
if (!X509_add_ext(newcrt, ext, -1)) { if (!X509_add_ext(newcrt, ext, -1)) {
X509_EXTENSION_free(ext); X509_EXTENSION_free(ext);
@ -1799,6 +1801,7 @@ ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL
return ssl_ctx; return ssl_ctx;
mkcert_error: mkcert_error:
if (ctmp) NCONF_free(ctmp);
if (tmp_ssl) SSL_free(tmp_ssl); if (tmp_ssl) SSL_free(tmp_ssl);
if (ssl_ctx) SSL_CTX_free(ssl_ctx); if (ssl_ctx) SSL_CTX_free(ssl_ctx);
if (newcrt) X509_free(newcrt); if (newcrt) X509_free(newcrt);