[packages/ckermit] - fix build with openssl 1.1.1
baggins
baggins at pld-linux.org
Sun Oct 21 13:21:09 CEST 2018
commit c09d4c891eec9e39f2ef977d0bc49ab59c4aef71
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Sun Oct 21 13:20:51 2018 +0200
- fix build with openssl 1.1.1
ckermit-gcc4.patch | 13 --
ckermit.spec | 6 +-
cku-makefile.patch | 6 +-
openssl-1.1.1.patch | 535 ++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 541 insertions(+), 19 deletions(-)
---
diff --git a/ckermit.spec b/ckermit.spec
index e744fb5..816a476 100644
--- a/ckermit.spec
+++ b/ckermit.spec
@@ -6,7 +6,7 @@ Summary: The quintessential all-purpose communications program
Summary(pl.UTF-8): Kwintesencja programów komunikacyjnych
Name: ckermit
Version: 9.0.302
-Release: 0.1
+Release: 1
License: Special (see Copyright Notice)
Group: Applications/Communications
Source0: ftp://kermit.columbia.edu/kermit/archives/cku302.tar.gz
@@ -16,9 +16,9 @@ Source2: cku-%{name}.modem.generic.ini
Source3: cku-%{name}.locale.ini
Source4: cku-%{name}.phone
Patch0: cku-makefile.patch
-Patch1: %{name}-gcc4.patch
Patch3: build.patch
Patch4: 050-consider-OPENSSL_NO_SSL3.patch
+Patch5: openssl-1.1.1.patch
URL: http://www.columbia.edu/kermit/
%{?with_kerberos5:BuildRequires: heimdal-devel}
BuildRequires: ncurses-devel
@@ -45,9 +45,9 @@ komunikacyjnych.
%prep
%setup -q -c
%patch0 -p1
-#%patch1 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%build
%if %{with kerberos5}
diff --git a/ckermit-gcc4.patch b/ckermit-gcc4.patch
deleted file mode 100644
index 7bafc2c..0000000
--- a/ckermit-gcc4.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- ckermit-8.0.211/ck_crp.c.orig 2004-03-14 18:05:52.000000000 +0100
-+++ ckermit-8.0.211/ck_crp.c 2005-06-12 17:07:45.000000000 +0200
-@@ -467,8 +467,8 @@
- * These function pointers point to the current routines
- * for encrypting and decrypting data.
- */
--static VOID (*encrypt_output) P((unsigned char *, int));
--static int (*decrypt_input) P((int));
-+VOID (*encrypt_output) P((unsigned char *, int));
-+int (*decrypt_input) P((int));
-
- #ifdef DEBUG
- static int encrypt_debug_mode = 1;
diff --git a/cku-makefile.patch b/cku-makefile.patch
index 7823092..2547eb4 100644
--- a/cku-makefile.patch
+++ b/cku-makefile.patch
@@ -14,7 +14,7 @@
+ \
+ -I/usr/include/security -I/usr/include/openssl -I/usr/include/ncurses \
+ -I/usr/include/krb5 -I/usr/include/et $(KFLAGS)" "LNKFLAGS = $(LNKFLAGS)" \
-+ "LIBS = -lm -lncurses -lssl -lcrypto -lgssapi_krb5 \
++ "LIBS = -lm -lncurses -lssl -lcrypto -lgssapi_krb5 -lutil \
+ -lkrb5 -lcom_err -lk5crypto -lcrypt -lresolv -lpam -ldl -lz -ltinfo"
+
+linux-PLD+krb5heimdal+openssl+zlib+pam+shadow:
@@ -27,7 +27,7 @@
+ -DHEIMDAL \
+ -I/usr/include/security -I/usr/include/openssl -I/usr/include/ncurses \
+ -I/usr/include/krb5 -I/usr/include/et $(KFLAGS)" "LNKFLAGS = $(LNKFLAGS)" \
-+ "LIBS = -lm -lncurses -lssl -lcrypto -lgssapi \
++ "LIBS = -lm -lncurses -lssl -lcrypto -lgssapi -lutil \
+ -lkrb5 -lcom_err -lcrypt -lresolv -lpam -ldl -lz -ltinfo"
+
+linux-PLD+openssl+zlib+pam+shadow:
@@ -40,7 +40,7 @@
+ \
+ -I/usr/include/security -I/usr/include/openssl -I/usr/include/ncurses \
+ -I/usr/include/krb5 -I/usr/include/et $(KFLAGS)" "LNKFLAGS = $(LNKFLAGS)" \
-+ "LIBS = -lm -lncurses -lssl -lcrypto \
++ "LIBS = -lm -lncurses -lssl -lcrypto -lutil \
+ -lcrypt -lresolv -lpam -ldl -lz -ltinfo"
+
linuxnotcp:
diff --git a/openssl-1.1.1.patch b/openssl-1.1.1.patch
new file mode 100644
index 0000000..b174166
--- /dev/null
+++ b/openssl-1.1.1.patch
@@ -0,0 +1,535 @@
+diff -ur ckermit-9.0.302/ck_crp.c ckermit-9.0.302.openssl111/ck_crp.c
+--- ckermit-9.0.302/ck_crp.c 2011-08-20 23:02:21.000000000 +0200
++++ ckermit-9.0.302.openssl111/ck_crp.c 2018-10-21 13:18:30.581182834 +0200
+@@ -295,7 +295,7 @@
+ #define des_new_random_key des_random_key
+ #define des_set_random_generator_seed des_random_seed
+ #endif /* UNIX */
+-#define des_fixup_key_parity des_set_odd_parity
++#define des_fixup_key_parity DES_set_odd_parity
+ #ifdef OPENSSL_097
+ #define OPENSSL_ENABLE_OLD_DES_SUPPORT
+ #include <openssl/des.h>
+@@ -394,7 +394,7 @@
+ void
+ des_set_random_generator_seed(Block B)
+ {
+- des_random_seed(B);
++// DES_random_seed(B);
+ return;
+ }
+
+@@ -403,7 +403,7 @@
+ void
+ des_fixup_key_parity(Block B)
+ {
+- des_set_odd_parity(B);
++ DES_set_odd_parity(B);
+ return;
+ }
+ #endif /* COMMENT */
+@@ -415,7 +415,7 @@
+ This might need to have the "rc = " removed because this
+ is VOID in later, and maybe even all, versions.
+ */
+- rc = des_random_key(B);
++ rc = DES_random_key(B);
+ return(rc);
+ }
+
+@@ -2138,8 +2138,9 @@
+ }
+
+ #else /* MIT_CURRENT */
+- des_new_random_key(fbp->temp_feed);
+- des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
++ DES_random_key(fbp->temp_feed);
++ int DES_random_key(DES_cblock *ret);
++ DES_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
+ fbp->krbdes_sched, 1);
+ #endif /* MIT_CURRENT */
+ p = fbp->fb_feed + 3;
+@@ -2457,14 +2458,14 @@
+ fb64_stream_key(fbp->krbdes_key, c_stream);
+
+ if (fbp->once == 0) {
+- des_set_random_generator_seed(fbp->krbdes_key);
++// DES_set_random_generator_seed(fbp->krbdes_key);
+ fbp->once = 1;
+ }
+
+ memset(fbp->krbdes_sched,0,sizeof(Schedule));
+ ckhexdump("fb64_session_key",fbp->krbdes_key,8);
+
+- rc = des_key_sched(fbp->krbdes_key, fbp->krbdes_sched);
++ rc = DES_key_sched(fbp->krbdes_key, fbp->krbdes_sched);
+ if ( rc == -1 ) {
+ printf("?Invalid DES key specified for encryption\n");
+ debug(F110,"fb64_session_key",
+@@ -2620,7 +2621,7 @@
+ ckhexdump("fb64_stream_iv",stp->str_ikey,8);
+
+ #ifndef MIT_CURRENT
+- rc = des_key_sched(stp->str_ikey, stp->str_sched);
++ rc = DES_key_sched(stp->str_ikey, stp->str_sched);
+ if ( rc == -1 ) {
+ printf("?Invalid DES key specified for encryption\r\n");
+ debug(F110,"fb64_stream_iv",
+@@ -2662,7 +2663,7 @@
+
+ ckhexdump("fb64_stream_key",key,8);
+
+- rc = des_key_sched(key, stp->str_sched);
++ rc = DES_key_sched(key, stp->str_sched);
+ if ( rc == -1 ) {
+ printf("?Invalid DES key specified for encryption\r\n");
+ debug(F110,"fb64_stream_key",
+@@ -2721,7 +2722,7 @@
+ #ifdef MIT_CURRENT
+ ecb_encrypt(stp, stp->str_output, b);
+ #else /* MIT_CURRENT */
+- des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
++ DES_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
+ #endif /* MIT_CURRENT */
+ memcpy(stp->str_feed,b,sizeof(Block));
+ index = 0;
+@@ -2759,7 +2760,7 @@
+ #ifdef MIT_CURRENT
+ ecb_encrypt(stp, stp->str_output, b);
+ #else /* MIT_CURRENT */
+- des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
++ DES_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
+ #endif /* MIT_CURRENT */
+ memcpy(stp->str_feed, b, sizeof(Block));
+ stp->str_index = 1; /* Next time will be 1 */
+@@ -2805,7 +2806,7 @@
+ #ifdef MIT_CURRENT
+ ecb_encrypt(stp, stp->str_feed, b);
+ #else /* MIT_CURRENT */
+- des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
++ DES_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
+ #endif /* MIT_CURRENT */
+ memcpy(stp->str_feed,b,sizeof(Block));
+ index = 0;
+@@ -2840,7 +2841,7 @@
+ #ifdef MIT_CURRENT
+ ecb_encrypt(stp, stp->str_feed, b);
+ #else /* MIT_CURRENT */
+- des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
++ DES_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
+ #endif /* MIT_CURRENT */
+ memcpy(stp->str_feed, b, sizeof(Block));
+ stp->str_index = 1; /* Next time will be 1 */
+@@ -2955,19 +2956,19 @@
+ /*
+ * Create a random feed and send it over.
+ */
+- des_new_random_key(fbp->temp_feed);
++ DES_random_key(fbp->temp_feed);
+ #ifdef LIBDES
+- des_ecb3_encrypt(fbp->temp_feed, fbp->temp_feed,
++ DES_ecb3_encrypt(fbp->temp_feed, fbp->temp_feed,
+ fbp->krbdes_sched[0],
+ fbp->krbdes_sched[1],
+ fbp->krbdes_sched[2],
+ 1);
+ #else /* LIBDES */
+- des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
++ DES_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
+ fbp->krbdes_sched[0], 1);
+- des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
++ DES_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
+ fbp->krbdes_sched[1], 0);
+- des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
++ DES_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
+ fbp->krbdes_sched[2], 1);
+ #endif /* LIBDES */
+
+@@ -3274,7 +3275,7 @@
+ sizeof(Block)
+ );
+ if (fbp->once == 0) {
+- des_set_random_generator_seed(fbp->krbdes_key[0]);
++// DES_set_random_generator_seed(fbp->krbdes_key[0]);
+ fbp->once = 1;
+ }
+
+@@ -3333,7 +3334,7 @@
+ for ( i=0;i<3;i++ ) {
+ memset(fbp->krbdes_sched[i],0,sizeof(Schedule));
+
+- rc = des_key_sched(fbp->krbdes_key[i], fbp->krbdes_sched[i]);
++ rc = DES_key_sched(fbp->krbdes_key[i], fbp->krbdes_sched[i]);
+ if ( rc == -1 ) {
+ printf("?Invalid DES key specified for encryption [DES3,%s]\r\n",
+ server?"server":"client");
+@@ -3488,7 +3489,7 @@
+
+ ckhexdump("des3_fb64_stream_iv",stp->str_ikey[i],8);
+
+- rc = des_key_sched(stp->str_ikey[i], stp->str_sched[i]);
++ rc = DES_key_sched(stp->str_ikey[i], stp->str_sched[i]);
+ if ( rc == -1 ) {
+ printf("?Invalid DES key specified for encryption [DES3 iv]\r\n");
+ debug(F110,"des3_fb64_stream_iv",
+@@ -3521,7 +3522,7 @@
+
+ ckhexdump("des3_fb64_stream_key",key[i],8);
+
+- rc = des_key_sched(key[i], stp->str_sched[i]);
++ rc = DES_key_sched(key[i], stp->str_sched[i]);
+ if ( rc == -1 ) {
+ printf("?Invalid DES key specified for encryption [DES3 key]\r\n");
+ debug(F110,"des3_fb64_stream_key",
+@@ -3580,14 +3581,14 @@
+ if (index == sizeof(Block)) {
+ Block b;
+ #ifdef LIBDES
+- des_ecb3_encrypt(stp->str_output, b, stp->str_sched[0],
++ DES_ecb3_encrypt(stp->str_output, b, stp->str_sched[0],
+ stp->str_sched[1], stp->str_sched[2], 1);
+ #else /* LIBDES */
+- des_ecb_encrypt(stp->str_output, b,
++ DES_ecb_encrypt(stp->str_output, b,
+ stp->str_sched[0], 1);
+- des_ecb_encrypt(stp->str_output, b,
++ DES_ecb_encrypt(stp->str_output, b,
+ stp->str_sched[1], 0);
+- des_ecb_encrypt(stp->str_output, b,
++ DES_ecb_encrypt(stp->str_output, b,
+ stp->str_sched[2], 1);
+ #endif /* LIBDES */
+ memcpy(stp->str_feed,b,sizeof(Block));
+@@ -3624,14 +3625,14 @@
+ if (index == sizeof(Block)) {
+ Block b;
+ #ifdef LIBDES
+- des_ecb3_encrypt(stp->str_output, b, stp->str_sched[0],
++ DES_ecb3_encrypt(stp->str_output, b, stp->str_sched[0],
+ stp->str_sched[1], stp->str_sched[2], 1);
+ #else /* LIBDES */
+- des_ecb_encrypt(stp->str_output, b,
++ DES_ecb_encrypt(stp->str_output, b,
+ stp->str_sched[0], 1);
+- des_ecb_encrypt(stp->str_output, b,
++ DES_ecb_encrypt(stp->str_output, b,
+ stp->str_sched[1], 0);
+- des_ecb_encrypt(stp->str_output, b,
++ DES_ecb_encrypt(stp->str_output, b,
+ stp->str_sched[2], 1);
+ #endif /* LIBDES */
+ memcpy(stp->str_feed, b, sizeof(Block));
+@@ -3680,14 +3681,14 @@
+ if (index == sizeof(Block)) {
+ Block b;
+ #ifdef LIBDES
+- des_ecb3_encrypt(stp->str_feed, b, stp->str_sched[0],
++ DES_ecb3_encrypt(stp->str_feed, b, stp->str_sched[0],
+ stp->str_sched[1], stp->str_sched[2], 1);
+ #else /* LIBDES */
+- des_ecb_encrypt(stp->str_output, b,
++ DES_ecb_encrypt(stp->str_output, b,
+ stp->str_sched[0], 1);
+- des_ecb_encrypt(stp->str_output, b,
++ DES_ecb_encrypt(stp->str_output, b,
+ stp->str_sched[1], 0);
+- des_ecb_encrypt(stp->str_output, b,
++ DES_ecb_encrypt(stp->str_output, b,
+ stp->str_sched[2], 1);
+ #endif /* LIBDES */
+ memcpy(stp->str_feed,b,sizeof(Block));
+@@ -3721,14 +3722,14 @@
+ if (index == sizeof(Block)) {
+ Block b;
+ #ifdef LIBDES
+- des_ecb3_encrypt(stp->str_feed, b, stp->str_sched[0],
++ DES_ecb3_encrypt(stp->str_feed, b, stp->str_sched[0],
+ stp->str_sched[1], stp->str_sched[2], 1);
+ #else /* LIBDES */
+- des_ecb_encrypt(stp->str_output, b,
++ DES_ecb_encrypt(stp->str_output, b,
+ stp->str_sched[0], 1);
+- des_ecb_encrypt(stp->str_output, b,
++ DES_ecb_encrypt(stp->str_output, b,
+ stp->str_sched[1], 0);
+- des_ecb_encrypt(stp->str_output, b,
++ DES_ecb_encrypt(stp->str_output, b,
+ stp->str_sched[2], 1);
+ #endif /* LIBDES */
+ memcpy(stp->str_feed, b, sizeof(Block));
+diff -ur ckermit-9.0.302/ck_ssl.c ckermit-9.0.302.openssl111/ck_ssl.c
+--- ckermit-9.0.302/ck_ssl.c 2018-10-21 13:19:06.894962175 +0200
++++ ckermit-9.0.302.openssl111/ck_ssl.c 2018-10-21 13:05:08.874620118 +0200
+@@ -301,7 +301,7 @@
+ break;
+ default:
+ printf("Error %d while verifying certificate.\r\n",
+- ctx->error);
++ X509_STORE_CTX_get_error(ctx));
+ break;
+ }
+ }
+@@ -936,10 +936,12 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
+- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ BIGNUM *p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
++ if (DH_set0_pqg(dh, p, NULL, g) == 0) {
++ DH_free(dh);
+ return(NULL);
++ }
+ return(dh);
+ }
+
+@@ -950,10 +952,12 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
+- dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
+- dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ BIGNUM *p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
++ if (DH_set0_pqg(dh, p, NULL, g) == 0) {
++ DH_free(dh);
+ return(NULL);
++ }
+ return(dh);
+ }
+
+@@ -964,10 +968,12 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
+- dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+- dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ BIGNUM *p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
++ if (DH_set0_pqg(dh, p, NULL, g) == 0) {
++ DH_free(dh);
+ return(NULL);
++ }
+ return(dh);
+ }
+
+@@ -978,10 +984,12 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
+- dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
+- dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ BIGNUM *p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
++ if (DH_set0_pqg(dh, p, NULL, g) == 0) {
++ DH_free(dh);
+ return(NULL);
++ }
+ return(dh);
+ }
+
+@@ -992,10 +1000,12 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
+- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ BIGNUM *p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++ if (DH_set0_pqg(dh, p, NULL, g) == 0) {
++ DH_free(dh);
+ return(NULL);
++ }
+ return(dh);
+ }
+ #endif /* NO_DH */
+@@ -1054,11 +1064,15 @@
+ if (ssl == NULL)
+ return;
+
++#if 0
+ if (ssl->expand == NULL || ssl->expand->meth == NULL)
++#endif
+ printf("Compression: None\r\n");
++#if 0
+ else {
+ printf("Compression: %s\r\n",ssl->expand->meth->name);
+ }
++#endif
+ }
+
+ int
+@@ -1457,13 +1471,15 @@
+
+ #ifdef ZLIB
+ cm = COMP_zlib();
+- if (cm != NULL && cm->type != NID_undef) {
++ if (cm != NULL && COMP_get_type(cm) != NID_undef) {
+ SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */
+ }
+ #endif /* ZLIB */
++#ifdef COMP_RLE
+ cm = COMP_rle();
+- if (cm != NULL && cm->type != NID_undef)
++ if (cm != NULL && COMP_get_type(cm) != NID_undef)
+ SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */
++#endif
+
+ /* Ensure the Random number generator has enough entropy */
+ if ( !RAND_status() ) {
+@@ -1483,14 +1499,10 @@
+ }
+ debug(F110,"ssl_rnd_file",ssl_rnd_file,0);
+
+- rc1 = RAND_egd(ssl_rnd_file);
+- debug(F111,"ssl_once_init","RAND_egd()",rc1);
+- if ( rc1 <= 0 ) {
+- rc2 = RAND_load_file(ssl_rnd_file, -1);
+- debug(F111,"ssl_once_init","RAND_load_file()",rc1);
+- }
++ rc2 = RAND_load_file(ssl_rnd_file, -1);
++ debug(F111,"ssl_once_init","RAND_load_file()",rc2);
+
+- if ( rc1 <= 0 && !rc2 )
++ if ( !rc2 )
+ {
+ time_t t = time(NULL);
+ int tlen = sizeof(time_t);
+@@ -2583,14 +2595,13 @@
+ int
+ ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
+ {
+- X509_OBJECT obj;
++ X509_OBJECT *obj;
+ X509_NAME *subject = NULL;
+ X509_NAME *issuer = NULL;
+ X509 *xs = NULL;
+ X509_CRL *crl = NULL;
+ X509_REVOKED *revoked = NULL;
+ X509_STORE_CTX * store_ctx = NULL;
+- long serial;
+ BIO *bio = NULL;
+ int i, n, rc;
+ char *cp;
+@@ -2607,6 +2618,11 @@
+ if ( !store_ctx )
+ return(ok);
+
++ obj = X509_OBJECT_new();
++ if ( !obj ) {
++ X509_STORE_CTX_free(store_ctx);
++ return(ok);
++ }
+ /*
+ * Determine certificate ingredients in advance
+ */
+@@ -2649,11 +2665,10 @@
+ * Try to retrieve a CRL corresponding to the _subject_ of
+ * the current certificate in order to verify it's integrity.
+ */
+- memset((char *)&obj, 0, sizeof(obj));
+ X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
+- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, &obj);
++ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
+ X509_STORE_CTX_cleanup(store_ctx);
+- crl = obj.data.crl;
++ crl = X509_OBJECT_get0_X509_CRL(obj);
+ if (rc > 0 && crl != NULL) {
+ /*
+ * Verify the signature on this CRL
+@@ -2661,7 +2676,7 @@
+ if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
+ fprintf(stderr, "Invalid signature on CRL!\n");
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
+- X509_OBJECT_free_contents(&obj);
++ X509_OBJECT_free(obj);
+ X509_STORE_CTX_free(store_ctx);
+ return 0;
+ }
+@@ -2674,7 +2689,7 @@
+ fprintf(stderr, "Found CRL has invalid nextUpdate field.\n");
+ X509_STORE_CTX_set_error(ctx,
+ X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
+- X509_OBJECT_free_contents(&obj);
++ X509_OBJECT_free(obj);
+ X509_STORE_CTX_free(store_ctx);
+ return 0;
+ }
+@@ -2683,22 +2698,20 @@
+ "Found CRL is expired - revoking all certificates until you get updated CRL.\n"
+ );
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
+- X509_OBJECT_free_contents(&obj);
++ X509_OBJECT_free(obj);
+ X509_STORE_CTX_free(store_ctx);
+ return 0;
+ }
+- X509_OBJECT_free_contents(&obj);
+ }
+
+ /*
+ * Try to retrieve a CRL corresponding to the _issuer_ of
+ * the current certificate in order to check for revocation.
+ */
+- memset((char *)&obj, 0, sizeof(obj));
+ X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
+- rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, &obj);
++ rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
+ X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */
+- crl = obj.data.crl;
++ crl = X509_OBJECT_get0_X509_CRL(obj);
+ if (rc > 0 && crl != NULL) {
+ /*
+ * Check if the current certificate is revoked by this CRL
+@@ -2706,20 +2719,17 @@
+ n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+ for (i = 0; i < n; i++) {
+ revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+- if (ASN1_INTEGER_cmp(revoked->serialNumber,
++ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
+ X509_get_serialNumber(xs)) == 0) {
+
+- serial = ASN1_INTEGER_get(revoked->serialNumber);
+- cp = X509_NAME_oneline(issuer, NULL, 0);
+- free(cp);
+-
+ X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
+- X509_OBJECT_free_contents(&obj);
++ X509_OBJECT_free(obj);
+ return 0;
+ }
+ }
+- X509_OBJECT_free_contents(&obj);
+ }
++ X509_OBJECT_free(obj);
++ X509_STORE_CTX_free(store_ctx);
+ return ok;
+ }
+
+@@ -4338,6 +4348,8 @@
+ FILE *fp;
+ struct passwd *pwd;
+ X509 *file_cert;
++ const ASN1_BIT_STRING *peer_sig, *file_sig;
++ const X509_ALGOR *peer_alg, *file_alg;
+
+ if ( peer_cert == NULL )
+ return(0);
+@@ -4350,8 +4362,10 @@
+
+ if (!(fp = fopen(buf, "r")))
+ return 0;
++ X509_get0_signature(&peer_sig, &peer_alg, peer_cert);
+ while (!r && (file_cert = PEM_read_X509(fp, NULL, NULL, NULL))) {
+- if (!ASN1_STRING_cmp(peer_cert->signature, file_cert->signature))
++ X509_get0_signature(&file_sig, &file_alg, file_cert);
++ if (!ASN1_STRING_cmp(peer_sig, file_sig))
+ r = 1;
+ X509_free(file_cert);
+ }
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/ckermit.git/commitdiff/c09d4c891eec9e39f2ef977d0bc49ab59c4aef71
More information about the pld-cvs-commit
mailing list