Fix build with OpenSSL 1.1 and later.

2 files changed, 18 insertions, 0 deletions

diff --git a/src/certificate.cc b/src/certificate.cc
index fbe3a80d..64fb3626 100644
--- a/src/certificate.cc
+++ b/src/certificate.cc
@@ -355,6 +355,7 @@ Certificate::serial () const
 	return st;
 }
 
+/** @return thumbprint of the to-be-signed portion of this certificate */
 string
 Certificate::thumbprint () const
 {
@@ -362,7 +363,13 @@ Certificate::thumbprint () const
 
 	uint8_t buffer[8192];
 	uint8_t* p = buffer;
+
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+#warning "Using new OpenSSL API"
+	i2d_re_X509_tbs(_certificate, &p);
+#else
 	i2d_X509_CINF (_certificate->cert_info, &p);
+#endif
 	unsigned int const length = p - buffer;
 	if (length > sizeof (buffer)) {
 		throw MiscError ("buffer too small to generate thumbprint");
diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 29ae7feb..f06b2c3e 100644
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -51,6 +51,7 @@
 #include <openssl/bio.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
+#include <openssl/rsa.h>
 #include <boost/filesystem.hpp>
 #include <boost/algorithm/string.hpp>
 #include <boost/foreach.hpp>
@@ -463,7 +464,17 @@ CertificateChain::valid () const
 
 	RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0);
 	RSA* public_key = leaf().public_key ();
+
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+#warning "Using new OpenSSL API"
+	BIGNUM const * private_key_n;
+	RSA_get0_key(private_key, &private_key_n, 0, 0);
+	BIGNUM const * public_key_n;
+	RSA_get0_key(public_key, &public_key_n, 0, 0);
+	bool const valid = !BN_cmp (private_key_n, public_key_n);
+#else
 	bool const valid = !BN_cmp (private_key->n, public_key->n);
+#endif
 	BIO_free (bio);
 
 	return valid;