[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/maint-0.2.7] Work around openssl declaring x509_get_not{Before, After} as functions
commit 1eb838b30361b0dcc1e2b82815be25391d5a15f1
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Tue Oct 6 09:04:37 2015 -0400
Work around openssl declaring x509_get_not{Before,After} as functions
Now that x509_get_not{Before,After} are functions in OpenSSL 1.1
(not yet releasesd), we need to define a variant that takes a const
pointer to X509 and returns a const pointer to ASN1_time.
Part of 17237. I'm not convinced this is an openssl bug or a tor
bug. It might be just one of those things.
---
changes/bug17237_027 | 4 ++++
src/common/tortls.c | 13 +++++++++----
2 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/changes/bug17237_027 b/changes/bug17237_027
new file mode 100644
index 0000000..8448bb0
--- /dev/null
+++ b/changes/bug17237_027
@@ -0,0 +1,4 @@
+ o Minor features (compilation):
+ - Repair compilation with the most recent (unreleased, alpha)
+ vesions of OpenSSL 1.1. Fixes the 0.2.7-related part of
+ ticket 17237.
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 20c8984..97d0ce2 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -75,6 +75,11 @@
#include "container.h"
#include <string.h>
+#define X509_get_notBefore_const(cert) \
+ ((const ASN1_TIME*) X509_get_notBefore((X509 *)cert))
+#define X509_get_notAfter_const(cert) \
+ ((const ASN1_TIME*) X509_get_notAfter((X509 *)cert))
+
/* Enable the "v2" TLS handshake.
*/
#define V2_HANDSHAKE_SERVER
@@ -2203,7 +2208,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem)
if (!(bio = BIO_new(BIO_s_mem()))) {
log_warn(LD_GENERAL, "Couldn't allocate BIO!"); goto end;
}
- if (!(ASN1_TIME_print(bio, X509_get_notBefore(cert)))) {
+ if (!(ASN1_TIME_print(bio, X509_get_notBefore_const(cert)))) {
tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime");
goto end;
}
@@ -2211,7 +2216,7 @@ log_cert_lifetime(int severity, const X509 *cert, const char *problem)
s1 = tor_strndup(buf->data, buf->length);
(void)BIO_reset(bio);
- if (!(ASN1_TIME_print(bio, X509_get_notAfter(cert)))) {
+ if (!(ASN1_TIME_print(bio, X509_get_notAfter_const(cert)))) {
tls_log_errors(NULL, LOG_WARN, LD_NET, "printing certificate lifetime");
goto end;
}
@@ -2374,12 +2379,12 @@ check_cert_lifetime_internal(int severity, const X509 *cert,
now = time(NULL);
t = now + future_tolerance;
- if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) {
+ if (X509_cmp_time(X509_get_notBefore_const(cert), &t) > 0) {
log_cert_lifetime(severity, cert, "not yet valid");
return -1;
}
t = now - past_tolerance;
- if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) {
+ if (X509_cmp_time(X509_get_notAfter_const(cert), &t) < 0) {
log_cert_lifetime(severity, cert, "already expired");
return -1;
}
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits