plaisthos has uploaded this change for review. ( http://gerrit.openvpn.net/c/openvpn/+/1589?usp=email )
Change subject: [WIP] Do not access interal of ASN1_INTEGER to print hex of serial ...................................................................... [WIP] Do not access interal of ASN1_INTEGER to print hex of serial OpenSSL 4.0 does not allow internal access to to these data structures anymore. So use public methods to get the serial data and convert it to hex. TODO: check this does not change the output format Change-Id: I5158fbb0762443ea4954e5745f520e83e019ed30 Signed-off-by: Arne Schwabe <[email protected]> --- M src/openvpn/ssl_verify_openssl.c 1 file changed, 17 insertions(+), 6 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/89/1589/1 diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index f39f34a..7d37d17 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -255,17 +255,19 @@ } else if (strcmp(LN_serialNumber, x509_username_field) == 0) { - ASN1_INTEGER *asn1_i = X509_get_serialNumber(peer_cert); - struct gc_arena gc = gc_new(); - char *serial = format_hex_ex(asn1_i->data, asn1_i->length, 0, 1 | FHE_CAPS, NULL, &gc); + const ASN1_INTEGER *asn1_i = X509_get_serialNumber(peer_cert); + + BIGNUM *bn_serial = ASN1_INTEGER_to_BN(asn1_i, NULL); + char *serial = BN_bn2hex(bn_serial); + BN_free(bn_serial); if (!serial || cn_len <= strlen(serial) + 2) { - gc_free(&gc); + OPENSSL_free(serial); return FAILURE; } snprintf(common_name, cn_len, "0x%s", serial); - gc_free(&gc); + OPENSSL_free(serial); } else { @@ -310,8 +312,17 @@ backend_x509_get_serial_hex(openvpn_x509_cert_t *cert, struct gc_arena *gc) { const ASN1_INTEGER *asn1_i = X509_get_serialNumber(cert); + BIGNUM *bn_serial = ASN1_INTEGER_to_BN(asn1_i, NULL); + int len_serial = BN_num_bytes(bn_serial); + unsigned char *buf = malloc(len_serial); + BN_bn2binpad(bn_serial, buf, len_serial); - return format_hex_ex(asn1_i->data, asn1_i->length, 0, 1, ":", gc); + + char *ret = format_hex_ex(buf, len_serial, 0, 1, ":", gc); + free(buf); + BN_free(bn_serial); + + return ret; } result_t -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1589?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I5158fbb0762443ea4954e5745f520e83e019ed30 Gerrit-Change-Number: 1589 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos <[email protected]> Gerrit-CC: openvpn-devel <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
