Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/1584?usp=email
to review the following change.
Change subject: ssl_verify_openssl: use official ASN1_STRING_ API
......................................................................
ssl_verify_openssl: use official ASN1_STRING_ API
ASN1_STRING are now opaque types in OpenSSL 4.x — the internal data and
length fields are no longer directly accessible. Use the accessor API
instead. Accessors have been available since OpenSSL 1.1.0
The ASN1_STRING_length accessor is already in use, but not consistently
applied. Standardise on using ASN1_STRING_length and ASN1_STRING_get0_data
which allows for successful build of OpenSSL 4.x
Change-Id: I8adffc3152b5b502a820a8ae0f901717e4831f81
Signed-off-by: Rudi Heitbaum <[email protected]>
---
M src/openvpn/ssl_verify_openssl.c
1 file changed, 4 insertions(+), 4 deletions(-)
git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/84/1584/1
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 46401cd..d96879b 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -259,7 +259,7 @@
{
ASN1_INTEGER *asn1_i = X509_get_serialNumber(peer_cert);
struct gc_arena gc = gc_new();
- char *serial = format_hex_ex(asn1_i->data, asn1_i->length, 0, 1 |
FHE_CAPS, NULL, &gc);
+ char *serial = format_hex_ex(ASN1_STRING_get0_data(asn1_i),
ASN1_STRING_length(asn1_i), 0, 1 | FHE_CAPS, NULL, &gc);
if (!serial || cn_len <= strlen(serial) + 2)
{
@@ -313,7 +313,7 @@
{
const ASN1_INTEGER *asn1_i = X509_get_serialNumber(cert);
- return format_hex_ex(asn1_i->data, asn1_i->length, 0, 1, ":", gc);
+ return format_hex_ex(ASN1_STRING_get0_data(asn1_i),
ASN1_STRING_length(asn1_i), 0, 1, ":", gc);
}
result_t
@@ -626,7 +626,7 @@
{
ASN1_BIT_STRING *ns;
ns = X509_get_ext_d2i(peer_cert, NID_netscape_cert_type, NULL,
NULL);
- result = (ns && ns->length > 0 && (ns->data[0] & NS_SSL_CLIENT)) ?
SUCCESS : FAILURE;
+ result = (ns && ASN1_STRING_length(ns) > 0 &&
(ASN1_STRING_get0_data(ns)[0] & NS_SSL_CLIENT)) ? SUCCESS : FAILURE;
if (result == SUCCESS)
{
msg(M_WARN, "X509: Certificate is a client certificate yet
it's purpose "
@@ -654,7 +654,7 @@
{
ASN1_BIT_STRING *ns;
ns = X509_get_ext_d2i(peer_cert, NID_netscape_cert_type, NULL,
NULL);
- result = (ns && ns->length > 0 && (ns->data[0] & NS_SSL_SERVER)) ?
SUCCESS : FAILURE;
+ result = (ns && ASN1_STRING_length(ns) > 0 &&
(ASN1_STRING_get0_data(ns)[0] & NS_SSL_SERVER)) ? SUCCESS : FAILURE;
if (result == SUCCESS)
{
msg(M_WARN, "X509: Certificate is a server certificate yet
it's purpose "
--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1584?usp=email
To unsubscribe, or for help writing mail filters, visit
http://gerrit.openvpn.net/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I8adffc3152b5b502a820a8ae0f901717e4831f81
Gerrit-Change-Number: 1584
Gerrit-PatchSet: 1
Gerrit-Owner: flichtenheld <[email protected]>
Gerrit-Reviewer: plaisthos <[email protected]>
Gerrit-CC: openvpn-devel <[email protected]>
Gerrit-Attention: plaisthos <[email protected]>
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
