diff -up pegasus/src/Pegasus/Common/SSLContext.cpp.orig pegasus/src/Pegasus/Common/SSLContext.cpp --- pegasus/src/Pegasus/Common/SSLContext.cpp.orig 2017-02-28 14:39:49.497066327 +0100 +++ pegasus/src/Pegasus/Common/SSLContext.cpp 2017-03-01 10:56:06.726453475 +0100 @@ -225,27 +225,31 @@ int SSLCallback::verificationCRLCallback PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, buf); //initialize the CRL store - X509_STORE_CTX crlStoreCtx; - X509_STORE_CTX_init(&crlStoreCtx, sslCRLStore, NULL, NULL); + X509_STORE_CTX* crlStoreCtx; + crlStoreCtx = X509_STORE_CTX_new(); + X509_STORE_CTX_init(crlStoreCtx, sslCRLStore, NULL, NULL); PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: Initialized CRL store"); //attempt to get a CRL issued by the certificate's issuer - X509_OBJECT obj; + X509_OBJECT* obj; + obj = X509_OBJECT_new(); if (X509_STORE_get_by_subject( - &crlStoreCtx, X509_LU_CRL, issuerName, &obj) <= 0) + crlStoreCtx, X509_LU_CRL, issuerName, obj) <= 0) { - X509_STORE_CTX_cleanup(&crlStoreCtx); + X509_OBJECT_free(obj); + X509_STORE_CTX_cleanup(crlStoreCtx); PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3, "---> SSL: No CRL by that issuer"); PEG_METHOD_EXIT(); return 0; } - X509_STORE_CTX_cleanup(&crlStoreCtx); + X509_STORE_CTX_cleanup(crlStoreCtx); //get CRL - X509_CRL* crl = obj.data.crl; + X509_CRL* crl; + crl = X509_OBJECT_get0_X509_CRL(obj); if (crl == NULL) { PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL is null"); @@ -272,18 +276,18 @@ int SSLCallback::verificationCRLCallback { revokedCert = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); //a matching serial number indicates revocation - if (ASN1_INTEGER_cmp(revokedCert->serialNumber, serialNumber) == 0) + if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revokedCert), serialNumber) == 0) { PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2, "---> SSL: Certificate is revoked"); X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED); - X509_CRL_free(crl); + X509_OBJECT_free(obj); PEG_METHOD_EXIT(); return 1; } } - X509_CRL_free(crl); + X509_OBJECT_free(obj); PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: Certificate is not revoked at this level"); diff -up pegasus/src/Pegasus/Common/SSLContextRep.h.orig pegasus/src/Pegasus/Common/SSLContextRep.h --- pegasus/src/Pegasus/Common/SSLContextRep.h.orig 2017-02-28 14:32:44.379013979 +0100 +++ pegasus/src/Pegasus/Common/SSLContextRep.h 2017-02-28 14:36:38.088039077 +0100 @@ -104,7 +104,11 @@ public: //important as per following site for //http://www.openssl.org/support/faq.html#PROG +#if OPENSSL_VERSION_NUMBER < 0x10100000L CRYPTO_malloc_init(); +#else + OPENSSL_malloc_init(); +#endif SSL_library_init(); SSL_load_error_strings(); } diff -up pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp --- pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig 2017-03-01 10:34:19.367952613 +0100 +++ pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp 2017-03-01 10:36:18.003931270 +0100 @@ -531,11 +531,11 @@ inline CIMInstance _getCRLInstance(X509_ for (int i = 0; i < numRevoked; i++) { r = sk_X509_REVOKED_value(revoked, i); - rawSerialNumber = ASN1_INTEGER_get(r->serialNumber); + rawSerialNumber = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(r)); sprintf(serial, "%lu", (unsigned long)rawSerialNumber); revokedSerialNumbers.append(String(serial)); - revocationDate = getDateTime(r->revocationDate); + revocationDate = getDateTime(X509_REVOKED_get0_revocationDate(r)); revocationDates.append(revocationDate); }