Path: blob/main/ftp/bsdftpd-ssl/files/patch-ssl_sslapp.c
18878 views
--- ssl/sslapp.c.orig 2005-01-10 23:34:59 UTC1+++ ssl/sslapp.c2@@ -113,10 +113,14 @@ do_ssleay_init(int server)34if (SSL_CTX_need_tmp_RSA(ssl_ctx)) {5RSA *rsa;6+ BIGNUM *e;78if (ssl_debug_flag)9ssl_log_msgn(bio_err, "Generating temp (512 bit) RSA key...");10- rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);11+12+ e = BN_new();13+ BN_set_word(e, RSA_F4);14+ RSA_generate_key_ex(rsa, 512, e, NULL);15if (ssl_debug_flag)16ssl_log_msgn(bio_err, "Generation of temp (512 bit) RSA key done");1718@@ -289,12 +293,13 @@ int19ssl_X509_STORE_lookup(X509_STORE *pStore, int nType,20X509_NAME *pName, X509_OBJECT *pObj)21{22- X509_STORE_CTX pStoreCtx;23+ X509_STORE_CTX *pStoreCtx;24int rc;2526- X509_STORE_CTX_init(&pStoreCtx, pStore, NULL, NULL);27- rc = X509_STORE_get_by_subject(&pStoreCtx, nType, pName, pObj);28- X509_STORE_CTX_cleanup(&pStoreCtx);29+ pStoreCtx = X509_STORE_CTX_new();30+ X509_STORE_CTX_init(pStoreCtx, pStore, NULL, NULL);31+ rc = X509_STORE_get_by_subject(pStoreCtx, nType, pName, pObj);32+ X509_STORE_CTX_free(pStoreCtx);33return rc;34}3536@@ -311,7 +316,7 @@ ssl_X509_STORE_lookup(X509_STORE *pStore, int nType,37int38verify_cb_CRL(int ok, X509_STORE_CTX *ctx)39{40- X509_OBJECT obj;41+ X509_OBJECT *obj;42X509_NAME *subject;43X509_NAME *issuer;44X509 *xs;45@@ -368,16 +373,16 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)46* Try to retrieve a CRL corresponding to the _subject_ of47* the current certificate in order to verify it's integrity.48*/49- memset((char *)&obj, 0, sizeof(obj));50- rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, subject, &obj);51- crl = obj.data.crl;52+ obj = X509_OBJECT_new();53+ rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, subject, obj);54+ crl = X509_OBJECT_get0_X509_CRL(obj);55if (rc > 0 && crl != NULL) {56/*57* Verify the signature on this CRL58*/59if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {60X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);61- X509_OBJECT_free_contents(&obj);62+ X509_OBJECT_free(obj);63return 0;64}6566@@ -387,24 +392,24 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)67i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));68if (i == 0) {69X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);70- X509_OBJECT_free_contents(&obj);71+ X509_OBJECT_free(obj);72return 0;73}74if (i < 0) {75X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);76- X509_OBJECT_free_contents(&obj);77+ X509_OBJECT_free(obj);78return 0;79}80- X509_OBJECT_free_contents(&obj);81+ X509_OBJECT_free(obj);82}8384/*85* Try to retrieve a CRL corresponding to the _issuer_ of86* the current certificate in order to check for revocation.87*/88- memset((char *)&obj, 0, sizeof(obj));89- rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, issuer, &obj);90- crl = obj.data.crl;91+ obj = X509_OBJECT_new();92+ rc = ssl_X509_STORE_lookup(x509st_CRL, X509_LU_CRL, issuer, obj);93+ crl = X509_OBJECT_get0_X509_CRL(obj);94if (rc > 0 && crl != NULL) {95/*96* Check if the current certificate is revoked by this CRL97@@ -412,13 +417,14 @@ verify_cb_CRL(int ok, X509_STORE_CTX *ctx)98n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));99for (i = 0; i < n; i++) {100revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);101- if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(xs)) == 0) {102+ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),103+ X509_get_serialNumber(xs)) == 0) {104X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);105- X509_OBJECT_free_contents(&obj);106+ X509_OBJECT_free(obj);107return 0;108}109}110- X509_OBJECT_free_contents(&obj);111+ X509_OBJECT_free(obj);112}113return ok;114}115116117