From 18c7d8393411c9c91d211060599c5dea83b016e5 Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Mon, 17 May 2021 18:38:34 +0200 Subject: [PATCH] BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 The following functions used in CA/CRL file hot update were not defined in OpenSSL 1.0.2 so they need to be defined in openssl-compat : - X509_CRL_get_signature_nid - X509_CRL_get0_lastUpdate - X509_CRL_get0_nextUpdate - X509_REVOKED_get0_serialNumber - X509_REVOKED_get0_revocationDate --- include/haproxy/openssl-compat.h | 25 +++++++++++++++++++++++++ src/ssl_ckch.c | 2 +- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index 96a0bf38b..8e1b94bc3 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -261,6 +261,31 @@ static inline void SSL_CTX_up_ref(SSL_CTX *ctx) { CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); } + +static inline int X509_CRL_get_signature_nid(const X509_CRL *crl) +{ + return OBJ_obj2nid(crl->sig_alg->algorithm); +} + +static inline const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl) +{ + return X509_CRL_get_lastUpdate(crl); +} + +static inline const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) +{ + return X509_CRL_get_nextUpdate(crl); +} + +static inline const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) +{ + return x->serialNumber; +} + +static inline const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x) +{ + return x->revocationDate; +} #endif #if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) || (LIBRESSL_VERSION_NUMBER >= 0x2070200fL) diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index bbd83aae7..f59c212f8 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -3327,7 +3327,7 @@ static int show_crl_detail(X509_CRL *crl, struct buffer *out) if (BIO_reset(bio) == -1) goto end; BIO_printf(bio , " Serial Number: "); - i2a_ASN1_INTEGER(bio, X509_REVOKED_get0_serialNumber(rev_entry)); + i2a_ASN1_INTEGER(bio, (ASN1_INTEGER*)X509_REVOKED_get0_serialNumber(rev_entry)); BIO_printf(bio, "\n Revocation Date: "); ASN1_TIME_print(bio, X509_REVOKED_get0_revocationDate(rev_entry)); BIO_printf(bio, "\n");