diff options
| author | Carl Hetherington <cth@carlh.net> | 2016-11-10 09:53:52 +0000 |
|---|---|---|
| committer | Carl Hetherington <cth@carlh.net> | 2016-11-10 11:14:16 +0000 |
| commit | 1e063f223e33d6946a5165795bbb90d404f86e00 (patch) | |
| tree | 35aa222db03c2b759fffc2fdf2cca52aef243730 | |
| parent | 4c2fb8ea9d3c02ea5243122201eb8282daac5adb (diff) | |
Fix build with OpenSSL 1.1 and later.
| -rw-r--r-- | cscript | 2 | ||||
| -rw-r--r-- | src/certificate.cc | 7 | ||||
| -rw-r--r-- | src/certificate_chain.cc | 11 | ||||
| -rw-r--r-- | test/certificates_test.cc | 3 |
4 files changed, 23 insertions, 0 deletions
@@ -47,6 +47,8 @@ def build(target, options): cmd += ' --disable-tests' if (target.distro == 'debian' and target.version == 'unstable' or target.distro == 'fedora' and target.version == '23'): target.append_with_space('CXXFLAGS', '-std=c++11') + if (target.distro == 'debian' and target.version == 'unstable'): + cmd += ' --openssl-new-api' elif target.platform == 'windows': cmd += ' --target-windows --disable-gcov --disable-tests' if target.version == 'xp': diff --git a/src/certificate.cc b/src/certificate.cc index fbe3a80d..64fb3626 100644 --- a/src/certificate.cc +++ b/src/certificate.cc @@ -355,6 +355,7 @@ Certificate::serial () const return st; } +/** @return thumbprint of the to-be-signed portion of this certificate */ string Certificate::thumbprint () const { @@ -362,7 +363,13 @@ Certificate::thumbprint () const uint8_t buffer[8192]; uint8_t* p = buffer; + +#if OPENSSL_VERSION_NUMBER > 0x10100000L +#warning "Using new OpenSSL API" + i2d_re_X509_tbs(_certificate, &p); +#else i2d_X509_CINF (_certificate->cert_info, &p); +#endif unsigned int const length = p - buffer; if (length > sizeof (buffer)) { throw MiscError ("buffer too small to generate thumbprint"); diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc index 29ae7feb..f06b2c3e 100644 --- a/src/certificate_chain.cc +++ b/src/certificate_chain.cc @@ -51,6 +51,7 @@ #include <openssl/bio.h> #include <openssl/evp.h> #include <openssl/pem.h> +#include <openssl/rsa.h> #include <boost/filesystem.hpp> #include <boost/algorithm/string.hpp> #include <boost/foreach.hpp> @@ -463,7 +464,17 @@ CertificateChain::valid () const RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0); RSA* public_key = leaf().public_key (); + +#if OPENSSL_VERSION_NUMBER > 0x10100000L +#warning "Using new OpenSSL API" + BIGNUM const * private_key_n; + RSA_get0_key(private_key, &private_key_n, 0, 0); + BIGNUM const * public_key_n; + RSA_get0_key(public_key, &public_key_n, 0, 0); + bool const valid = !BN_cmp (private_key_n, public_key_n); +#else bool const valid = !BN_cmp (private_key->n, public_key->n); +#endif BIO_free (bio); return valid; diff --git a/test/certificates_test.cc b/test/certificates_test.cc index 8ae01eed..1bec9869 100644 --- a/test/certificates_test.cc +++ b/test/certificates_test.cc @@ -44,6 +44,7 @@ BOOST_AUTO_TEST_CASE (certificates1) /* Leaf */ BOOST_CHECK_EQUAL (*i, c.leaf ()); + BOOST_CHECK_EQUAL (i->thumbprint(), "EZg5wDcihccWqwdg59Y8D+IJpYM="); BOOST_CHECK_EQUAL ( c.leaf().issuer(), @@ -58,6 +59,7 @@ BOOST_AUTO_TEST_CASE (certificates1) ++i; /* Intermediate */ + BOOST_CHECK_EQUAL (i->thumbprint(), "GwM6ex2UVlWclH8f1uV7W1n0EEU="); BOOST_CHECK_EQUAL ( i->issuer(), "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org" @@ -72,6 +74,7 @@ BOOST_AUTO_TEST_CASE (certificates1) /* Root */ BOOST_CHECK_EQUAL (*i, c.root ()); + BOOST_CHECK_EQUAL (i->thumbprint(), "zU8NVNwI2PYejmSYRntG7c6sdTw="); BOOST_CHECK_EQUAL ( c.root().issuer(), "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org" |