tog-pegasus/pegasus-2.14.1-openssl-1.1-fix.patch

diff -up pegasus/src/Pegasus/Common/SSLContext.cpp.orig pegasus/src/Pegasus/Common/SSLContext.cpp
--- pegasus/src/Pegasus/Common/SSLContext.cpp.orig	2017-02-28 14:39:49.497066327 +0100
+++ pegasus/src/Pegasus/Common/SSLContext.cpp	2017-03-01 10:56:06.726453475 +0100
@@ -225,27 +225,31 @@ int SSLCallback::verificationCRLCallback
     PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, buf);
 
     //initialize the CRL store
-    X509_STORE_CTX crlStoreCtx;
-    X509_STORE_CTX_init(&crlStoreCtx, sslCRLStore, NULL, NULL);
+    X509_STORE_CTX* crlStoreCtx;
+    crlStoreCtx = X509_STORE_CTX_new();
+    X509_STORE_CTX_init(crlStoreCtx, sslCRLStore, NULL, NULL);
 
     PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
         "---> SSL: Initialized CRL store");
 
     //attempt to get a CRL issued by the certificate's issuer
-    X509_OBJECT obj;
+    X509_OBJECT* obj;
+    obj = X509_OBJECT_new();
     if (X509_STORE_get_by_subject(
-            &crlStoreCtx, X509_LU_CRL, issuerName, &obj) <= 0)
+            crlStoreCtx, X509_LU_CRL, issuerName, obj) <= 0)
     {
-        X509_STORE_CTX_cleanup(&crlStoreCtx);
+        X509_OBJECT_free(obj);
+        X509_STORE_CTX_cleanup(crlStoreCtx);
         PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3,
             "---> SSL: No CRL by that issuer");
         PEG_METHOD_EXIT();
         return 0;
     }
-    X509_STORE_CTX_cleanup(&crlStoreCtx);
+    X509_STORE_CTX_cleanup(crlStoreCtx);
 
     //get CRL
-    X509_CRL* crl = obj.data.crl;
+    X509_CRL* crl;
+    crl = X509_OBJECT_get0_X509_CRL(obj);
     if (crl == NULL)
     {
         PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL is null");
@@ -272,18 +276,18 @@ int SSLCallback::verificationCRLCallback
     {
         revokedCert = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
         //a matching serial number indicates revocation
-        if (ASN1_INTEGER_cmp(revokedCert->serialNumber, serialNumber) == 0)
+        if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revokedCert), serialNumber) == 0)
         {
             PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2,
                 "---> SSL: Certificate is revoked");
             X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
-            X509_CRL_free(crl);
+            X509_OBJECT_free(obj);
             PEG_METHOD_EXIT();
             return 1;
         }
     }
 
-    X509_CRL_free(crl);
+    X509_OBJECT_free(obj);
 
     PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
         "---> SSL: Certificate is not revoked at this level");
diff -up pegasus/src/Pegasus/Common/SSLContextRep.h.orig pegasus/src/Pegasus/Common/SSLContextRep.h
--- pegasus/src/Pegasus/Common/SSLContextRep.h.orig	2017-02-28 14:32:44.379013979 +0100
+++ pegasus/src/Pegasus/Common/SSLContextRep.h	2017-02-28 14:36:38.088039077 +0100
@@ -104,7 +104,11 @@ public:
 
             //important as per following site for 
             //http://www.openssl.org/support/faq.html#PROG
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
             CRYPTO_malloc_init();
+#else
+            OPENSSL_malloc_init();
+#endif
             SSL_library_init();
             SSL_load_error_strings();
         }
diff -up pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp
--- pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig	2017-03-01 10:34:19.367952613 +0100
+++ pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp	2017-03-01 10:36:18.003931270 +0100
@@ -531,11 +531,11 @@ inline CIMInstance _getCRLInstance(X509_
     for (int i = 0; i < numRevoked; i++)
     {
         r = sk_X509_REVOKED_value(revoked, i);
-        rawSerialNumber = ASN1_INTEGER_get(r->serialNumber);
+        rawSerialNumber = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(r));
         sprintf(serial, "%lu", (unsigned long)rawSerialNumber);
         revokedSerialNumbers.append(String(serial));
 
-        revocationDate = getDateTime(r->revocationDate);
+        revocationDate = getDateTime(X509_REVOKED_get0_revocationDate(r));
         revocationDates.append(revocationDate);
     }
Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/tog-pegasus.git#6e556193473e062db027bdb29c0ffc2cbfb5e7c4 2020-12-16 23:01:21 +00:00			`diff -up pegasus/src/Pegasus/Common/SSLContext.cpp.orig pegasus/src/Pegasus/Common/SSLContext.cpp`
			`--- pegasus/src/Pegasus/Common/SSLContext.cpp.orig 2017-02-28 14:39:49.497066327 +0100`
			`+++ pegasus/src/Pegasus/Common/SSLContext.cpp 2017-03-01 10:56:06.726453475 +0100`
			`@@ -225,27 +225,31 @@ int SSLCallback::verificationCRLCallback`
			`PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, buf);`

			`//initialize the CRL store`
			`- X509_STORE_CTX crlStoreCtx;`
			`- X509_STORE_CTX_init(&crlStoreCtx, sslCRLStore, NULL, NULL);`
			`+ X509_STORE_CTX* crlStoreCtx;`
			`+ crlStoreCtx = X509_STORE_CTX_new();`
			`+ X509_STORE_CTX_init(crlStoreCtx, sslCRLStore, NULL, NULL);`

			`PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,`
			`"---> SSL: Initialized CRL store");`

			`//attempt to get a CRL issued by the certificate's issuer`
			`- X509_OBJECT obj;`
			`+ X509_OBJECT* obj;`
			`+ obj = X509_OBJECT_new();`
			`if (X509_STORE_get_by_subject(`
			`- &crlStoreCtx, X509_LU_CRL, issuerName, &obj) <= 0)`
			`+ crlStoreCtx, X509_LU_CRL, issuerName, obj) <= 0)`
			`{`
			`- X509_STORE_CTX_cleanup(&crlStoreCtx);`
			`+ X509_OBJECT_free(obj);`
			`+ X509_STORE_CTX_cleanup(crlStoreCtx);`
			`PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3,`
			`"---> SSL: No CRL by that issuer");`
			`PEG_METHOD_EXIT();`
			`return 0;`
			`}`
			`- X509_STORE_CTX_cleanup(&crlStoreCtx);`
			`+ X509_STORE_CTX_cleanup(crlStoreCtx);`

			`//get CRL`
			`- X509_CRL* crl = obj.data.crl;`
			`+ X509_CRL* crl;`
			`+ crl = X509_OBJECT_get0_X509_CRL(obj);`
			`if (crl == NULL)`
			`{`
			`PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL is null");`
			`@@ -272,18 +276,18 @@ int SSLCallback::verificationCRLCallback`
			`{`
			`revokedCert = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);`
			`//a matching serial number indicates revocation`
			`- if (ASN1_INTEGER_cmp(revokedCert->serialNumber, serialNumber) == 0)`
			`+ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revokedCert), serialNumber) == 0)`
			`{`
			`PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2,`
			`"---> SSL: Certificate is revoked");`
			`X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);`
			`- X509_CRL_free(crl);`
			`+ X509_OBJECT_free(obj);`
			`PEG_METHOD_EXIT();`
			`return 1;`
			`}`
			`}`

			`- X509_CRL_free(crl);`
			`+ X509_OBJECT_free(obj);`

			`PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,`
			`"---> SSL: Certificate is not revoked at this level");`
			`diff -up pegasus/src/Pegasus/Common/SSLContextRep.h.orig pegasus/src/Pegasus/Common/SSLContextRep.h`
			`--- pegasus/src/Pegasus/Common/SSLContextRep.h.orig 2017-02-28 14:32:44.379013979 +0100`
			`+++ pegasus/src/Pegasus/Common/SSLContextRep.h 2017-02-28 14:36:38.088039077 +0100`
			`@@ -104,7 +104,11 @@ public:`

			`//important as per following site for`
			`//http://www.openssl.org/support/faq.html#PROG`
			`+#if OPENSSL_VERSION_NUMBER < 0x10100000L`
			`CRYPTO_malloc_init();`
			`+#else`
			`+ OPENSSL_malloc_init();`
			`+#endif`
			`SSL_library_init();`
			`SSL_load_error_strings();`
			`}`
			`diff -up pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp`
			`--- pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig 2017-03-01 10:34:19.367952613 +0100`
			`+++ pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp 2017-03-01 10:36:18.003931270 +0100`
			`@@ -531,11 +531,11 @@ inline CIMInstance _getCRLInstance(X509_`
			`for (int i = 0; i < numRevoked; i++)`
			`{`
			`r = sk_X509_REVOKED_value(revoked, i);`
			`- rawSerialNumber = ASN1_INTEGER_get(r->serialNumber);`
			`+ rawSerialNumber = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(r));`
			`sprintf(serial, "%lu", (unsigned long)rawSerialNumber);`
			`revokedSerialNumbers.append(String(serial));`

			`- revocationDate = getDateTime(r->revocationDate);`
			`+ revocationDate = getDateTime(X509_REVOKED_get0_revocationDate(r));`
			`revocationDates.append(revocationDate);`
			`}`