On Fri, Jul 5, 2024 at 3:35 PM Yann Ylavic <ylavic....@gmail.com> wrote:
>
> On Fri, Jul 5, 2024 at 3:05 PM Ruediger Pluem <rpl...@apache.org> wrote:
> >
> > >>>> md_crypt.c: In function 'md_cert_get_ct_scts':
> > >>>> md_crypt.c:2071:5: error: unknown type name 'SCT'
> > >>>> SCT *sct_handle;
> >
> > This one is caused by r1918195 in >= 2.4.60. Before r1918195 OPENSSL_NO_CT
> > was defined when openssl was < 1.1.1. Now it is not any
> > longer and hence md_cert_get_ct_scts gets a real function body as
> >
> > #ifndef OPENSSL_NO_CT
> >
> > (line 2068) is now true. Hence we error out on the non presence of the SCT
> > struct (line 2071).
>
> Maybe something like the attached patch for this one too (which could
> avoid configure tricks for both..).
Or rather this one.
Index: modules/md/md_crypt.c
===================================================================
--- modules/md/md_crypt.c (revision 1918881)
+++ modules/md/md_crypt.c (working copy)
@@ -63,7 +63,11 @@
|| LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
/* Missing from LibreSSL < 3.5.0 and only available since OpenSSL v1.1.x */
#include <openssl/ct.h>
+#define MD_HAVE_CT 1
#endif
+#ifndef MD_HAVE_CT
+#define MD_HAVE_CT 0
+#endif
static int initialized;
@@ -2037,11 +2061,10 @@ out:
return rv;
}
+#if MD_HAVE_CT
#define MD_OID_CT_SCTS_NUM "1.3.6.1.4.1.11129.2.4.2"
#define MD_OID_CT_SCTS_SNAME "CT-SCTs"
#define MD_OID_CT_SCTS_LNAME "CT Certificate SCTs"
-
-#ifndef OPENSSL_NO_CT
static int get_ct_scts_nid(void)
{
int nid = OBJ_txt2nid(MD_OID_CT_SCTS_NUM);
@@ -2065,7 +2088,7 @@ const char *md_nid_get_lname(int nid)
apr_status_t md_cert_get_ct_scts(apr_array_header_t *scts, apr_pool_t *p, const md_cert_t *cert)
{
-#ifndef OPENSSL_NO_CT
+#if MD_HAVE_CT
int nid, i, idx, critical;
STACK_OF(SCT) *sct_list;
SCT *sct_handle;
