mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-24 12:20:59 +01:00
Code Issues Projects Releases Wiki Activity

BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2

Browse Source 
The X509_STORE_CTX_get0_cert did not exist yet on OpenSSL 1.0.2 and
neither did X509_STORE_CTX_get0_chain, which was not actually needed
since its get1 equivalent already existed.
This commit is contained in:
Remi Tricot-Le Breton 2021-08-20 09:51:23 +02:00 committed by William Lallemand
parent 46b7dff8f0
commit f95c29546c
2 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/haproxy/openssl-compat.h
View File

@ -291,6 +291,11 @@ static inline const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOK
{
return x->revocationDate;
}
static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
{
return ctx->cert;
}
#endif
#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) || (LIBRESSL_VERSION_NUMBER >= 0x2070200fL)

14
src/ssl_sock.c
View File

@ -1592,14 +1592,12 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
* chain, we might never call this verify callback on the client
* certificate's depth (which is 0) so we try to store the
* reference right now. */
if (X509_STORE_CTX_get0_chain(x_store) != NULL) {
certs = X509_STORE_CTX_get1_chain(x_store);
if (certs) {
client_crt = sk_X509_value(certs, 0);
if (client_crt) {
X509_up_ref(client_crt);
SSL_set_ex_data(ssl, ssl_client_crt_ref_index, client_crt);
}
certs = X509_STORE_CTX_get1_chain(x_store);
if (certs) {
client_crt = sk_X509_value(certs, 0);
if (client_crt) {
X509_up_ref(client_crt);
SSL_set_ex_data(ssl, ssl_client_crt_ref_index, client_crt);
}
sk_X509_pop_free(certs, X509_free);
}