hi all,
I'm the maintainer of grid-proxy-verify, a grid-tool that uses "plain"
openssl to verify a grid proxy (either RFC3820 or legacy Globus proxy).
This tool
http://www.nikhef.nl/~janjust/proxy-verify/
and
http://www.nikhef.nl/~janjust/proxy-verify/grid-proxy-verify.c
builds without any warnings with openssl 0.9.8 and 1.0.x, e.g. using
gcc -Wall -pedantic -c -o grid-proxy-verify.o grid-proxy-verify.c
but with 1.1.0 I run into all sorts of issues (see the bottom of this
email). Most of these have to do with members of structs becoming opaque
but especially the disappearance of the check_issued callback is
worrisome, as that callback is crucial for verifying proxy certificates.
How should I modify my code so that it builds and links with openssl 1.1.0?
thx for any pointers,
JJK / Jan Just Keijser
$ gcc -I openssl-1.1.0-pre5/include -o grid-proxy-verify.o
grid-proxy-verify.c
grid-proxy-verify.c: In function ‘grid_X509_check_issued_wrapper’:
grid-proxy-verify.c:337:14: error: dereferencing pointer to incomplete type
if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) return 0;
^
grid-proxy-verify.c:341:8: error: dereferencing pointer to incomplete type
ctx->error = ret;
^
grid-proxy-verify.c:342:8: error: dereferencing pointer to incomplete type
ctx->current_cert = x;
^
grid-proxy-verify.c:343:8: error: dereferencing pointer to incomplete type
ctx->current_issuer = issuer;
^
grid-proxy-verify.c:344:15: error: dereferencing pointer to incomplete type
return ctx->verify_cb(0, ctx);
^
grid-proxy-verify.c: In function ‘grid_verifyProxy’:
grid-proxy-verify.c:529:25: error: dereferencing pointer to incomplete type
if (pkey->type == EVP_PKEY_RSA)
^
grid-proxy-verify.c:531:56: error: dereferencing pointer to incomplete type
int key_strength = BN_num_bits(pkey->pkey.rsa->n);
^
grid-proxy-verify.c: In function ‘grid_X509_verify_callback’:
grid-proxy-verify.c:593:16: error: dereferencing pointer to incomplete type
ctx->error = errnum;
^
grid-proxy-verify.c:620:21: warning: cast to pointer from integer of
different size [-Wint-to-pointer-cast]
certstack = (STACK_OF(X509) *) X509_STORE_CTX_get_chain( ctx );
^
grid-proxy-verify.c:627:12: error: dereferencing pointer to incomplete type
ctx->error = errnum;
^
In file included from openssl-1.1.0-pre5/include/openssl/x509.h:363:0,
from grid-proxy-verify.c:38:
grid-proxy-verify.c: In function ‘grid_verifyCert’:
openssl-1.1.0-pre5/include/openssl/x509_vfy.h:107:56: error:
dereferencing pointer to incomplete type
# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
^
grid-proxy-verify.c:686:5: note: in expansion of macro
‘X509_STORE_set_verify_cb_func’
X509_STORE_set_verify_cb_func (store, grid_X509_verify_callback);
^
grid-proxy-verify.c:720:10: error: dereferencing pointer to incomplete type
store->check_issued = grid_X509_check_issued_wrapper;
^
grid-proxy-verify.c:783:9: error: dereferencing pointer to incomplete type
cert->ex_flags |= EXFLAG_PROXY;
^
grid-proxy-verify.c:785:16: error: dereferencing pointer to incomplete type
verify_ctx -> param -> depth = depth + 5;
^
grid-proxy-verify.c:794:25: error: dereferencing pointer to incomplete type
ret = verify_ctx->error;
^
grid-proxy-verify.c: In function ‘main’:
grid-proxy-verify.c:965:5: warning: ‘ERR_remove_state’ is deprecated
(declared at openssl-1.1.0-pre5/include/openssl/err.h:363)
[-Wdeprecated-declarations]
ERR_remove_state(0);
^
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
