tog-pegasus/pegasus-2.14.1-openssl-1.1-fix.patch
DistroBaker 081267dc43 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/tog-pegasus.git#6e556193473e062db027bdb29c0ffc2cbfb5e7c4
2020-12-16 23:01:21 +00:00

97 lines
4.1 KiB
Diff

diff -up pegasus/src/Pegasus/Common/SSLContext.cpp.orig pegasus/src/Pegasus/Common/SSLContext.cpp
--- pegasus/src/Pegasus/Common/SSLContext.cpp.orig 2017-02-28 14:39:49.497066327 +0100
+++ pegasus/src/Pegasus/Common/SSLContext.cpp 2017-03-01 10:56:06.726453475 +0100
@@ -225,27 +225,31 @@ int SSLCallback::verificationCRLCallback
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, buf);
//initialize the CRL store
- X509_STORE_CTX crlStoreCtx;
- X509_STORE_CTX_init(&crlStoreCtx, sslCRLStore, NULL, NULL);
+ X509_STORE_CTX* crlStoreCtx;
+ crlStoreCtx = X509_STORE_CTX_new();
+ X509_STORE_CTX_init(crlStoreCtx, sslCRLStore, NULL, NULL);
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
"---> SSL: Initialized CRL store");
//attempt to get a CRL issued by the certificate's issuer
- X509_OBJECT obj;
+ X509_OBJECT* obj;
+ obj = X509_OBJECT_new();
if (X509_STORE_get_by_subject(
- &crlStoreCtx, X509_LU_CRL, issuerName, &obj) <= 0)
+ crlStoreCtx, X509_LU_CRL, issuerName, obj) <= 0)
{
- X509_STORE_CTX_cleanup(&crlStoreCtx);
+ X509_OBJECT_free(obj);
+ X509_STORE_CTX_cleanup(crlStoreCtx);
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3,
"---> SSL: No CRL by that issuer");
PEG_METHOD_EXIT();
return 0;
}
- X509_STORE_CTX_cleanup(&crlStoreCtx);
+ X509_STORE_CTX_cleanup(crlStoreCtx);
//get CRL
- X509_CRL* crl = obj.data.crl;
+ X509_CRL* crl;
+ crl = X509_OBJECT_get0_X509_CRL(obj);
if (crl == NULL)
{
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL is null");
@@ -272,18 +276,18 @@ int SSLCallback::verificationCRLCallback
{
revokedCert = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
//a matching serial number indicates revocation
- if (ASN1_INTEGER_cmp(revokedCert->serialNumber, serialNumber) == 0)
+ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revokedCert), serialNumber) == 0)
{
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2,
"---> SSL: Certificate is revoked");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
- X509_CRL_free(crl);
+ X509_OBJECT_free(obj);
PEG_METHOD_EXIT();
return 1;
}
}
- X509_CRL_free(crl);
+ X509_OBJECT_free(obj);
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
"---> SSL: Certificate is not revoked at this level");
diff -up pegasus/src/Pegasus/Common/SSLContextRep.h.orig pegasus/src/Pegasus/Common/SSLContextRep.h
--- pegasus/src/Pegasus/Common/SSLContextRep.h.orig 2017-02-28 14:32:44.379013979 +0100
+++ pegasus/src/Pegasus/Common/SSLContextRep.h 2017-02-28 14:36:38.088039077 +0100
@@ -104,7 +104,11 @@ public:
//important as per following site for
//http://www.openssl.org/support/faq.html#PROG
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
CRYPTO_malloc_init();
+#else
+ OPENSSL_malloc_init();
+#endif
SSL_library_init();
SSL_load_error_strings();
}
diff -up pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp
--- pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig 2017-03-01 10:34:19.367952613 +0100
+++ pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp 2017-03-01 10:36:18.003931270 +0100
@@ -531,11 +531,11 @@ inline CIMInstance _getCRLInstance(X509_
for (int i = 0; i < numRevoked; i++)
{
r = sk_X509_REVOKED_value(revoked, i);
- rawSerialNumber = ASN1_INTEGER_get(r->serialNumber);
+ rawSerialNumber = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(r));
sprintf(serial, "%lu", (unsigned long)rawSerialNumber);
revokedSerialNumbers.append(String(serial));
- revocationDate = getDateTime(r->revocationDate);
+ revocationDate = getDateTime(X509_REVOKED_get0_revocationDate(r));
revocationDates.append(revocationDate);
}