Hi,
On Sun, Jan 14, 2018 at 6:28 AM, Steffan Karger <[email protected]> wrote:
> Hi,
>
> On 08-01-18 03:21, [email protected] wrote:
>> From: Selva Nair <[email protected]>
>>
>> - Replace direct access to internals of openssl structs
>> by corresponding methods.
>>
>> Signed-off-by: Selva Nair <[email protected]>
>> ---
>> Tested on Windows 10 with openssl 1.0.1r and 1.1.0g
>>
>> configure.ac | 1 +
>> src/openvpn/cryptoapi.c | 69
>> +++++++++++++++++++++++++++-----------------
>> src/openvpn/openssl_compat.h | 14 +++++++++
>> 3 files changed, 57 insertions(+), 27 deletions(-)
>>
>>
..
>> - rsa->n = BN_dup(pub_rsa->n);
>> - rsa->flags |= RSA_FLAG_EXT_PKEY;
>> + if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA)
>> + {
>> + msg(M_WARN, "cryptoapicert requires an RSA certificate");
>> + goto err;
>> + }
>> + pub_rsa = EVP_PKEY_get0_RSA(pkey);
>
> This conflicts with the patch set from Emmanuel, where he removes
> EVP_PKEY_id(). Canbe easily resolved by changing the if to
>
> if (!(pub_rsa = EVP_PKEY_get0_RSA))
>
> ... but only once the NULL-check patch for openssl_compat.h is applied.
I'll send a v2 assuming that patch will get merged eventually.
I would have preferred to have EVP_PKEY_id() retained in the compat layer
as its much more convenient to use it when multiple key types are to be
differentiated.. (read as: I want to support EC certs here).
Thanks for the review.
Selva
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
