tog-pegasus/SOURCES/pegasus-2.14.1-openssl-1.1-fix.patch

97 lines
4.1 KiB
Diff
Raw Permalink Normal View History

2021-11-02 16:51:09 +00:00
diff -up pegasus/src/Pegasus/Common/SSLContext.cpp.orig pegasus/src/Pegasus/Common/SSLContext.cpp
--- pegasus/src/Pegasus/Common/SSLContext.cpp.orig 2017-02-28 14:39:49.497066327 +0100
+++ pegasus/src/Pegasus/Common/SSLContext.cpp 2017-03-01 10:56:06.726453475 +0100
@@ -225,27 +225,31 @@ int SSLCallback::verificationCRLCallback
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, buf);
//initialize the CRL store
- X509_STORE_CTX crlStoreCtx;
- X509_STORE_CTX_init(&crlStoreCtx, sslCRLStore, NULL, NULL);
+ X509_STORE_CTX* crlStoreCtx;
+ crlStoreCtx = X509_STORE_CTX_new();
+ X509_STORE_CTX_init(crlStoreCtx, sslCRLStore, NULL, NULL);
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
"---> SSL: Initialized CRL store");
//attempt to get a CRL issued by the certificate's issuer
- X509_OBJECT obj;
+ X509_OBJECT* obj;
+ obj = X509_OBJECT_new();
if (X509_STORE_get_by_subject(
- &crlStoreCtx, X509_LU_CRL, issuerName, &obj) <= 0)
+ crlStoreCtx, X509_LU_CRL, issuerName, obj) <= 0)
{
- X509_STORE_CTX_cleanup(&crlStoreCtx);
+ X509_OBJECT_free(obj);
+ X509_STORE_CTX_cleanup(crlStoreCtx);
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3,
"---> SSL: No CRL by that issuer");
PEG_METHOD_EXIT();
return 0;
}
- X509_STORE_CTX_cleanup(&crlStoreCtx);
+ X509_STORE_CTX_cleanup(crlStoreCtx);
//get CRL
- X509_CRL* crl = obj.data.crl;
+ X509_CRL* crl;
+ crl = X509_OBJECT_get0_X509_CRL(obj);
if (crl == NULL)
{
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL is null");
@@ -272,18 +276,18 @@ int SSLCallback::verificationCRLCallback
{
revokedCert = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
//a matching serial number indicates revocation
- if (ASN1_INTEGER_cmp(revokedCert->serialNumber, serialNumber) == 0)
+ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revokedCert), serialNumber) == 0)
{
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2,
"---> SSL: Certificate is revoked");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
- X509_CRL_free(crl);
+ X509_OBJECT_free(obj);
PEG_METHOD_EXIT();
return 1;
}
}
- X509_CRL_free(crl);
+ X509_OBJECT_free(obj);
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
"---> SSL: Certificate is not revoked at this level");
diff -up pegasus/src/Pegasus/Common/SSLContextRep.h.orig pegasus/src/Pegasus/Common/SSLContextRep.h
--- pegasus/src/Pegasus/Common/SSLContextRep.h.orig 2017-02-28 14:32:44.379013979 +0100
+++ pegasus/src/Pegasus/Common/SSLContextRep.h 2017-02-28 14:36:38.088039077 +0100
@@ -104,7 +104,11 @@ public:
//important as per following site for
//http://www.openssl.org/support/faq.html#PROG
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_malloc_init();
+#else
+ OPENSSL_malloc_init();
+#endif
SSL_library_init();
SSL_load_error_strings();
}
diff -up pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp
--- pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig 2017-03-01 10:34:19.367952613 +0100
+++ pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp 2017-03-01 10:36:18.003931270 +0100
@@ -531,11 +531,11 @@ inline CIMInstance _getCRLInstance(X509_
for (int i = 0; i < numRevoked; i++)
{
r = sk_X509_REVOKED_value(revoked, i);
- rawSerialNumber = ASN1_INTEGER_get(r->serialNumber);
+ rawSerialNumber = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(r));
sprintf(serial, "%lu", (unsigned long)rawSerialNumber);
revokedSerialNumbers.append(String(serial));
- revocationDate = getDateTime(r->revocationDate);
+ revocationDate = getDateTime(X509_REVOKED_get0_revocationDate(r));
revocationDates.append(revocationDate);
}