krb5 commit: Add k5tls support for OpenSSL 1.1.0
Greg Hudson
ghudson at mit.edu
Thu Sep 22 22:17:43 EDT 2016
https://github.com/krb5/krb5/commit/b6de7390454d48f69dac88ada2c67e2835fed965
commit b6de7390454d48f69dac88ada2c67e2835fed965
Author: Greg Hudson <ghudson at mit.edu>
Date: Tue May 3 13:14:48 2016 -0400
Add k5tls support for OpenSSL 1.1.0
OpenSSL 1.1 makes the X509 type opaque and removes the M_ASN1_*
macros. Adjust the k5tls OpenSSL implementation accordingly.
ticket: 8398
src/plugins/tls/k5tls/openssl.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
index c9d270b..822632c 100644
--- a/src/plugins/tls/k5tls/openssl.c
+++ b/src/plugins/tls/k5tls/openssl.c
@@ -181,13 +181,13 @@ check_cert_address(X509 *x, const char *text)
struct in6_addr sin6;
/* Parse the IP address into an octet string. */
- ip = M_ASN1_OCTET_STRING_new();
+ ip = ASN1_OCTET_STRING_new();
if (ip == NULL)
return FALSE;
if (inet_pton(AF_INET, text, &sin)) {
- M_ASN1_OCTET_STRING_set(ip, &sin, sizeof(sin));
+ ASN1_OCTET_STRING_set(ip, (unsigned char *)&sin, sizeof(sin));
} else if (inet_pton(AF_INET6, text, &sin6)) {
- M_ASN1_OCTET_STRING_set(ip, &sin6, sizeof(sin6));
+ ASN1_OCTET_STRING_set(ip, (unsigned char *)&sin6, sizeof(sin6));
} else {
ASN1_OCTET_STRING_free(ip);
return FALSE;
@@ -317,7 +317,7 @@ verify_callback(int preverify_ok, X509_STORE_CTX *store_ctx)
if (err != X509_V_OK) {
bio = BIO_new(BIO_s_mem());
if (bio != NULL) {
- X509_NAME_print_ex(bio, x->cert_info->subject, 0, 0);
+ X509_NAME_print_ex(bio, X509_get_subject_name(x), 0, 0);
count = BIO_get_mem_data(bio, &cert);
errstr = X509_verify_cert_error_string(err);
TRACE_TLS_CERT_ERROR(context, depth, count, cert, err, errstr);
More information about the cvs-krb5
mailing list