httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From do...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_init.c ssl_engine_kernel.c ssl_engine_vars.c ssl_util.c ssl_util_ssl.c
Date Thu, 10 Jan 2002 04:55:19 GMT
dougm       02/01/09 20:55:19

  Modified:    .        CHANGES acinclude.m4
               modules/ssl mod_ssl.h ssl_engine_init.c ssl_engine_kernel.c
                        ssl_engine_vars.c ssl_util.c ssl_util_ssl.c
  Log:
   mod_ssl adjustments to help with using toolkits other than OpenSSL:
    Use SSL functions/macros instead of directly dereferencing SSL
    structures wherever possible.
    Add type-casts for the cases where functions return a generic pointer.
    Add $SSL/include to configure search path.
  Submitted by:	Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
  Reviewed by:	dougm
  
  Revision  Changes    Path
  1.512     +7 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.511
  retrieving revision 1.512
  diff -u -r1.511 -r1.512
  --- CHANGES	10 Jan 2002 03:23:33 -0000	1.511
  +++ CHANGES	10 Jan 2002 04:55:18 -0000	1.512
  @@ -1,4 +1,11 @@
   Changes with Apache 2.0.31-dev
  +  *) mod_ssl adjustments to help with using toolkits other than OpenSSL:
  +      Use SSL functions/macros instead of directly dereferencing SSL
  +      structures wherever possible.
  +      Add type-casts for the cases where functions return a generic pointer.
  +      Add $SSL/include to configure search path.
  +     [Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>]
  +
     *) Moved several pointers out of the shared Scoreboard so it is
        more portable, and will present the vhost name across server
        generation restarts.  [William Rowe]
  
  
  
  1.109     +3 -0      httpd-2.0/acinclude.m4
  
  Index: acinclude.m4
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/acinclude.m4,v
  retrieving revision 1.108
  retrieving revision 1.109
  diff -u -r1.108 -r1.109
  --- acinclude.m4	6 Jan 2002 23:39:50 -0000	1.108
  +++ acinclude.m4	10 Jan 2002 04:55:19 -0000	1.109
  @@ -451,6 +451,9 @@
       if test -f "$p/openssl/ssl.h"; then
         ap_ssltk_incdir="$p"
         break
  +    elif test -f "$p/ssl.h"; then
  +      ap_ssltk_incdir="$p"
  +      break
       fi
     done
     if test "x$ap_ssltk_incdir" = "x"; then
  
  
  
  1.52      +25 -0     httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.51
  retrieving revision 1.52
  diff -u -r1.51 -r1.52
  --- mod_ssl.h	9 Jan 2002 19:24:32 -0000	1.51
  +++ mod_ssl.h	10 Jan 2002 04:55:19 -0000	1.52
  @@ -345,6 +345,31 @@
   
   #ifndef X509_V_ERR_CERT_UNTRUSTED
   #define X509_V_ERR_CERT_UNTRUSTED 27
  +
  +#endif
  +
  +#ifdef OPENSSL_VERSION_NUMBER
  +
  +#define EVP_PKEY_key_type(k)              (EVP_PKEY_type(k->type))
  +
  +#define X509_NAME_get_entries(xs)         (xs->entries)
  +#define X509_REVOKED_get_serialNumber(xs) (xs->serialNumber)
  +
  +#define X509_get_signature_algorithm(xs) (xs->cert_info->signature->algorithm)
  +#define X509_get_key_algorithm(xs)       (xs->cert_info->key->algor->algorithm)
  +
  +#define X509_NAME_ENTRY_get_data_ptr(xs) (xs->value->data)
  +#define X509_NAME_ENTRY_get_data_len(xs) (xs->value->length)
  +
  +#define SSL_CTX_get_extra_certs(ctx)       (ctx->extra_certs)
  +#define SSL_CTX_set_extra_certs(ctx,value) {ctx->extra_certs = value;}
  +
  +#define SSL_CIPHER_get_name(s)             (s->name)
  +#define SSL_CIPHER_get_valid(s)            (s->valid)
  +
  +#define SSL_SESSION_get_session_id(s)      (s->session_id)
  +#define SSL_SESSION_get_session_id_length(s) (s->session_id_length)
  +
   #endif
   
   #define ssl_verify_error_is_optional(errnum) \
  
  
  
  1.23      +5 -5      httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -u -r1.22 -r1.23
  --- ssl_engine_init.c	9 Jan 2002 22:21:34 -0000	1.22
  +++ ssl_engine_init.c	10 Jan 2002 04:55:19 -0000	1.23
  @@ -604,7 +604,7 @@
                       "CA certificates for client authentication", cpVHostID);
               ssl_die();
           }
  -        SSL_CTX_set_client_CA_list(sc->pSSLCtx, skCAList);
  +        SSL_CTX_set_client_CA_list(sc->pSSLCtx, (STACK *)skCAList);
       }
   
       /*
  @@ -628,7 +628,7 @@
        * should take place. This cannot work.
        */
       if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE) {
  -        skCAList = SSL_CTX_get_client_CA_list(ctx);
  +        skCAList = (STACK_OF(X509_NAME) *)SSL_CTX_get_client_CA_list(ctx);
           if (sk_X509_NAME_num(skCAList) == 0)
               ssl_log(s, SSL_LOG_WARN,
                       "Init: Ops, you want to request client authentication, "
  @@ -785,7 +785,7 @@
           && sc->pPrivateKey[SSL_AIDX_DSA] != NULL) {
           pKey = X509_get_pubkey(sc->pPublicCert[SSL_AIDX_DSA]);
           if (   pKey != NULL
  -            && EVP_PKEY_type(pKey->type) == EVP_PKEY_DSA 
  +            && EVP_PKEY_key_type(pKey) == EVP_PKEY_DSA 
               && EVP_PKEY_missing_parameters(pKey))
               EVP_PKEY_copy_parameters(pKey, sc->pPrivateKey[SSL_AIDX_DSA]);
       }
  @@ -924,7 +924,7 @@
        * Process CA certificate bundle file
        */
       if (cpCAfile != NULL) {
  -        sk = SSL_load_client_CA_file(cpCAfile);
  +        sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(cpCAfile);
           for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
               ssl_log(s, SSL_LOG_TRACE,
                       "CA certificate: %s",
  @@ -941,7 +941,7 @@
           apr_dir_open(&dir, cpCApath, p);
           while ((apr_dir_read(&direntry, APR_FINFO_DIRENT, dir)) != APR_SUCCESS) {
               cp = apr_pstrcat(p, cpCApath, "/", direntry.name, NULL);
  -            sk = SSL_load_client_CA_file(cp);
  +            sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(cp);
               for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
                   ssl_log(s, SSL_LOG_TRACE,
                           "CA certificate: %s",
  
  
  
  1.38      +45 -20    httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.37
  retrieving revision 1.38
  diff -u -r1.37 -r1.38
  --- ssl_engine_kernel.c	29 Nov 2001 07:30:30 -0000	1.37
  +++ ssl_engine_kernel.c	10 Jan 2002 04:55:19 -0000	1.38
  @@ -489,7 +489,7 @@
           if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE)
               pCipher = SSL_get_current_cipher(ssl);
           else {
  -            skCipherOld = SSL_get_ciphers(ssl);
  +            skCipherOld = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
               if (skCipherOld != NULL)
                   skCipherOld = sk_SSL_CIPHER_dup(skCipherOld);
           }
  @@ -502,7 +502,7 @@
               return HTTP_FORBIDDEN;
           }
           /* determine whether a renegotiation has to be forced */
  -        skCipher = SSL_get_ciphers(ssl);
  +        skCipher = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
           if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
               /* optimized way */
               if ((pCipher == NULL && skCipher != NULL) ||
  @@ -741,19 +741,23 @@
            * here because it resets too much of the connection.  So we set the
            * state explicitly and continue the handshake manually.
            */
  -        ssl_log(r->server, SSL_LOG_INFO, "Requesting connection re-negotiation");
  +        ssl_log(r->server, SSL_LOG_INFO,
  +                "Requesting connection re-negotiation");
           if (renegotiate_quick) {
               /* perform just a manual re-verification of the peer */
               ssl_log(r->server, SSL_LOG_TRACE,
  -                    "Performing quick renegotiation: just re-verifying the peer");
  +                    "Performing quick renegotiation: "
  +                    "just re-verifying the peer");
               certstore = SSL_CTX_get_cert_store(ctx);
               if (certstore == NULL) {
  -                ssl_log(r->server, SSL_LOG_ERROR, "Cannot find certificate storage");
  +                ssl_log(r->server, SSL_LOG_ERROR,
  +                        "Cannot find certificate storage");
                   return HTTP_FORBIDDEN;
               }
  -            certstack = SSL_get_peer_cert_chain(ssl);
  +            certstack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
               if (certstack == NULL || sk_X509_num(certstack) == 0) {
  -                ssl_log(r->server, SSL_LOG_ERROR, "Cannot find peer certificate chain");
  +                ssl_log(r->server, SSL_LOG_ERROR,
  +                        "Cannot find peer certificate chain");
                   return HTTP_FORBIDDEN;
               }
               cert = sk_X509_value(certstack, 0);
  @@ -772,9 +776,11 @@
           else {
               /* do a full renegotiation */
               ssl_log(r->server, SSL_LOG_TRACE,
  -                    "Performing full renegotiation: complete handshake protocol");
  +                    "Performing full renegotiation: "
  +                    "complete handshake protocol");
               if (r->main != NULL)
  -                SSL_set_session_id_context(ssl, (unsigned char *)&(r->main), sizeof(r->main));
  +                SSL_set_session_id_context(ssl, (unsigned char *)&(r->main),
  +                                           sizeof(r->main));
               else
                   SSL_set_session_id_context(ssl, (unsigned char *)&r, sizeof(r));
               /* will need to push to / pull from filters to renegotiate */
  @@ -783,11 +789,13 @@
               SSL_do_handshake(ssl);
   
               if (SSL_get_state(ssl) != SSL_ST_OK) {
  -                ssl_log(r->server, SSL_LOG_ERROR, "Re-negotiation request failed");
  +                ssl_log(r->server, SSL_LOG_ERROR,
  +                        "Re-negotiation request failed");
                   ssl_bio_hooks_unset(ssl);
                   return HTTP_FORBIDDEN;
               }
  -            ssl_log(r->server, SSL_LOG_INFO, "Awaiting re-negotiation handshake");
  +            ssl_log(r->server, SSL_LOG_INFO,
  +                    "Awaiting re-negotiation handshake");
               SSL_set_state(ssl, SSL_ST_ACCEPT);
               SSL_do_handshake(ssl);
   
  @@ -795,7 +803,8 @@
   
               if (SSL_get_state(ssl) != SSL_ST_OK) {
                   ssl_log(r->server, SSL_LOG_ERROR,
  -                        "Re-negotiation handshake failed: Not accepted by client!?");
  +                        "Re-negotiation handshake failed: "
  +                        "Not accepted by client!?");
                   return HTTP_FORBIDDEN;
               }
           }
  @@ -1124,7 +1133,7 @@
           apr_table_set(e, "SSL_SERVER_CERT", val);
           val = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_CERT");
           apr_table_set(e, "SSL_CLIENT_CERT", val);
  -        if ((sk = SSL_get_peer_cert_chain(ssl)) != NULL) {
  +        if ((sk = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl)) != NULL) {
               for (i = 0; i < sk_X509_num(sk); i++) {
                   var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
                   val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
  @@ -1485,11 +1494,14 @@
   #else
               revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
   #endif
  -            if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(xs)) ==
0) {
  +            if (ASN1_INTEGER_cmp(X509_REVOKED_get_serialNumber(revoked),
  +                                 X509_get_serialNumber(xs)) == 0) {
  +
   
                   if (sc->nLogLevel >= SSL_LOG_INFO) {
                       char *cp = X509_NAME_oneline(issuer, NULL, 0);
  -                    long serial = ASN1_INTEGER_get(revoked->serialNumber);
  +                    long serial = ASN1_INTEGER_get(
  +                                       X509_REVOKED_get_serialNumber(revoked));
   
                       ssl_log(s, SSL_LOG_INFO,
                               "Certificate with serial %ld (0x%lX) "
  @@ -1520,6 +1532,9 @@
       SSLSrvConfigRec *sc;
       long t;
       BOOL rc;
  +    unsigned char *session_id;
  +    unsigned int session_id_length;
  +
   
       /*
        * Get Apache context back through OpenSSL context
  @@ -1539,8 +1554,12 @@
        * Store the SSL_SESSION in the inter-process cache with the
        * same expire time, so it expires automatically there, too.
        */
  +    session_id = SSL_SESSION_get_session_id(pNew);
  +    session_id_length = SSL_SESSION_get_session_id_length(pNew);
  +
       t = (SSL_get_time(pNew) + sc->nSessionCacheTimeout);
  -    rc = ssl_scache_store(s, pNew->session_id, pNew->session_id_length, t, pNew);
  +    rc = ssl_scache_store(s, session_id, session_id_length, t, pNew);
  +
   
       /*
        * Log this cache operation
  @@ -1548,7 +1567,7 @@
       ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
               "request=SET status=%s id=%s timeout=%ds (session caching)",
               rc == TRUE ? "OK" : "BAD",
  -            SSL_SESSION_id2sz(pNew->session_id, pNew->session_id_length),
  +            SSL_SESSION_id2sz(session_id, session_id_length),
               t-time(NULL));
   
       /*
  @@ -1615,6 +1634,9 @@
       SSL_CTX *ctx, SSL_SESSION *pSession)
   {
       server_rec *s;
  +    unsigned char *session_id;
  +    unsigned int session_id_length;
  +
   
       /*
        * Get Apache context back through OpenSSL context
  @@ -1626,15 +1648,18 @@
       /*
        * Remove the SSL_SESSION from the inter-process cache
        */
  -    ssl_scache_remove(s, pSession->session_id, pSession->session_id_length);
  +    session_id = SSL_SESSION_get_session_id(pSession);
  +    session_id_length = SSL_SESSION_get_session_id_length(pSession);
  +
  +    ssl_scache_remove(s, session_id, session_id_length);
  +
   
       /*
        * Log this cache operation
        */
       ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
               "request=REM status=OK id=%s (session dead)",
  -            SSL_SESSION_id2sz(pSession->session_id,
  -            pSession->session_id_length));
  +            SSL_SESSION_id2sz(session_id, session_id_length));
   
       return;
   }
  
  
  
  1.11      +24 -12    httpd-2.0/modules/ssl/ssl_engine_vars.c
  
  Index: ssl_engine_vars.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_vars.c,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- ssl_engine_vars.c	21 Nov 2001 22:29:14 -0000	1.10
  +++ ssl_engine_vars.c	10 Jan 2002 04:55:19 -0000	1.11
  @@ -283,8 +283,9 @@
       }
       else if (ssl != NULL && strcEQ(var, "SESSION_ID")) {
           SSL_SESSION *pSession = SSL_get_session(ssl);
  -        result = apr_pstrdup(p, SSL_SESSION_id2sz(pSession->session_id, 
  -                                                 pSession->session_id_length));
  +        result = apr_pstrdup(p, SSL_SESSION_id2sz(
  +                                SSL_SESSION_get_session_id(pSession),
  +                                SSL_SESSION_get_session_id_length(pSession)));
       }
       else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER",
6)) {
           result = ssl_var_lookup_ssl_cipher(p, c, var+6);
  @@ -356,13 +357,15 @@
           resdup = FALSE;
       }
       else if (strcEQ(var, "A_SIG")) {
  -        nid = OBJ_obj2nid(xs->cert_info->signature->algorithm);
  -        result = apr_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
  +        nid = OBJ_obj2nid((ASN1_OBJECT *)X509_get_signature_algorithm(xs));
  +        result = apr_pstrdup(p, 
  +                             (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
           resdup = FALSE;
       }
       else if (strcEQ(var, "A_KEY")) {
  -        nid = OBJ_obj2nid(xs->cert_info->key->algor->algorithm);
  -        result = apr_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
  +        nid = OBJ_obj2nid((ASN1_OBJECT *)X509_get_key_algorithm(xs));
  +        result = apr_pstrdup(p,
  +                             (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
           resdup = FALSE;
       }
       else if (strcEQ(var, "CERT")) {
  @@ -400,21 +403,30 @@
       char *result;
       X509_NAME_ENTRY *xsne;
       int i, j, n;
  +    char *data_ptr;
  +    int data_len;
   
       result = NULL;
   
       for (i = 0; ssl_var_lookup_ssl_cert_dn_rec[i].name != NULL; i++) {
           if (strEQ(var, ssl_var_lookup_ssl_cert_dn_rec[i].name)) {
  -            for (j = 0; j < sk_X509_NAME_ENTRY_num(xsname->entries); j++) {
  -                xsne = sk_X509_NAME_ENTRY_value(xsname->entries, j);
  -                n = OBJ_obj2nid(xsne->object);
  +            for (j = 0; j < sk_X509_NAME_ENTRY_num((STACK_OF(X509_NAME_ENTRY) *)
  +                                                 X509_NAME_get_entries(xsname));
  +                 j++) {
  +                xsne = sk_X509_NAME_ENTRY_value((STACK_OF(X509_NAME_ENTRY) *)
  +                                             X509_NAME_get_entries(xsname), j);
  +
  +                n =OBJ_obj2nid((ASN1_OBJECT *)X509_NAME_ENTRY_get_object(xsne));
  +                data_ptr = X509_NAME_ENTRY_get_data_ptr(xsne);
  +                data_len = X509_NAME_ENTRY_get_data_len(xsne);
  +
                   if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid) {
  -                    result = apr_palloc(p, xsne->value->length+1);
  -                    apr_cpystrn(result, (char *)xsne->value->data, xsne->value->length+1);
  +                    result = apr_palloc(p, data_len+1);
  +                    apr_cpystrn(result, (char *)data_ptr, data_len+1);
   #ifdef CHARSET_EBCDIC
                       ascii2ebcdic(result, result, xsne->value->length);
   #endif /* CHARSET_EBCDIC */
  -                    result[xsne->value->length] = NUL;
  +                    result[data_len] = NUL;
                       break;
                   }
               }
  
  
  
  1.24      +1 -1      httpd-2.0/modules/ssl/ssl_util.c
  
  Index: ssl_util.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util.c,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- ssl_util.c	9 Jan 2002 19:24:32 -0000	1.23
  +++ ssl_util.c	10 Jan 2002 04:55:19 -0000	1.24
  @@ -221,7 +221,7 @@
       if (pCert != NULL)
           pKey = X509_get_pubkey(pCert);
       if (pKey != NULL) {
  -        switch (EVP_PKEY_type(pKey->type)) {
  +        switch (EVP_PKEY_key_type(pKey)) {
               case EVP_PKEY_RSA: 
                   t = SSL_ALGO_RSA;
                   break;
  
  
  
  1.10      +22 -14    httpd-2.0/modules/ssl/ssl_util_ssl.c
  
  Index: ssl_util_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_util_ssl.c,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- ssl_util_ssl.c	21 Nov 2001 22:58:28 -0000	1.9
  +++ ssl_util_ssl.c	10 Jan 2002 04:55:19 -0000	1.10
  @@ -284,12 +284,12 @@
   
       if (ssl == NULL) 
           return "";
  -    if ((sk = SSL_get_ciphers(ssl)) == NULL)
  +    if ((sk = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl)) == NULL)
           return "";
       l = 0;
       for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
           c = sk_SSL_CIPHER_value(sk, i);
  -        l += strlen(c->name)+2+1;
  +        l += strlen(SSL_CIPHER_get_name(c))+2+1;
       }
       if (l == 0)
           return "";
  @@ -297,11 +297,11 @@
       cp = cpCipherSuite;
       for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
           c = sk_SSL_CIPHER_value(sk, i);
  -        l = strlen(c->name);
  -        memcpy(cp, c->name, l);
  +        l = strlen(SSL_CIPHER_get_name(c));
  +        memcpy(cp, SSL_CIPHER_get_name(c), l);
           cp += l;
           *cp++ = '/';
  -        *cp++ = (c->valid == 1 ? '1' : '0');
  +        *cp++ = (SSL_CIPHER_get_valid(c) == 1 ? '1' : '0');
           *cp++ = ':';
       }
       *(cp-1) = NUL;
  @@ -378,15 +378,21 @@
       X509_NAME *xsn;
       X509_NAME_ENTRY *xsne;
       int i, nid;
  +    char *data_ptr;
  +    int data_len;
   
       xsn = X509_get_subject_name(xs);
  -    for (i = 0; i < sk_X509_NAME_ENTRY_num(xsn->entries); i++) {
  -        xsne = sk_X509_NAME_ENTRY_value(xsn->entries, i);
  -        nid = OBJ_obj2nid(xsne->object);
  +    for (i = 0; i < sk_X509_NAME_ENTRY_num((STACK_OF(X509_NAME_ENTRY) *)
  +                                           X509_NAME_get_entries(xsn)); i++) {
  +        xsne = sk_X509_NAME_ENTRY_value((STACK_OF(X509_NAME_ENTRY) *)
  +                                         X509_NAME_get_entries(xsn), i);
  +        nid = OBJ_obj2nid((ASN1_OBJECT *)X509_NAME_ENTRY_get_object(xsne));
           if (nid == NID_commonName) {
  -            *cppCN = apr_palloc(p, xsne->value->length+1);
  -            apr_cpystrn(*cppCN, (char *)xsne->value->data, xsne->value->length+1);
  -            (*cppCN)[xsne->value->length] = NUL;
  +            data_ptr = X509_NAME_ENTRY_get_data_ptr(xsne);
  +            data_len = X509_NAME_ENTRY_get_data_len(xsne);
  +            *cppCN = apr_palloc(p, data_len+1);
  +            apr_cpystrn(*cppCN, (char *)data_ptr, data_len+1);
  +            (*cppCN)[data_len] = NUL;
   #ifdef CHARSET_EBCDIC
               ascii2ebcdic(*cppCN, *cppCN, strlen(*cppCN));
   #endif
  @@ -470,6 +476,7 @@
       X509 *x509;
       unsigned long err;
       int n;
  +    STACK *extra_certs;
   
       if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
           return -1;
  @@ -490,9 +497,10 @@
           X509_free(x509);
       }
       /* free a perhaps already configured extra chain */
  -    if (ctx->extra_certs != NULL) {
  -        sk_X509_pop_free(ctx->extra_certs, X509_free);
  -        ctx->extra_certs = NULL;
  +    extra_certs=SSL_CTX_get_extra_certs(ctx);
  +    if (extra_certs != NULL) {
  +        sk_X509_pop_free((STACK_OF(X509) *)extra_certs, X509_free);
  +        SSL_CTX_set_extra_certs(ctx,NULL);
       }
       /* create new extra chain by loading the certs */
       n = 0;
  
  
  

Mime
View raw message