In an upcoming libcrypto bump, we will make a few structs in libcrypto
opaque. This needs a small change in acme-client. Fetch the extension
stack using X509_get0_extensions() and iterate using the stack API.
Note that sk_*_num() returns -1 on NULL, so we won't enter the for loop
and the extsz dance is unnecessary.
The first hunk is mostly whitespace. It only drops extsz and adds exts.
Index: revokeproc.c
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/revokeproc.c,v
retrieving revision 1.17
diff -u -p -r1.17 revokeproc.c
--- revokeproc.c 2 Jan 2021 19:04:21 -0000 1.17
+++ revokeproc.c 13 Oct 2021 10:44:57 -0000
@@ -94,19 +94,20 @@ int
revokeproc(int fd, const char *certfile, int force,
int revocate, const char *const *alts, size_t altsz)
{
- char *der = NULL, *dercp, *der64 = NULL;
- char *san = NULL, *str, *tok;
- int rc = 0, cc, i, extsz, ssz, len;
- size_t *found = NULL;
- BIO *bio = NULL;
- FILE *f = NULL;
- X509 *x = NULL;
- long lval;
- enum revokeop op, rop;
- time_t t;
- X509_EXTENSION *ex;
- ASN1_OBJECT *obj;
- size_t j;
+ char *der = NULL, *dercp, *der64 = NULL;
+ char *san = NULL, *str, *tok;
+ int rc = 0, cc, i, ssz, len;
+ size_t *found = NULL;
+ BIO *bio = NULL;
+ FILE *f = NULL;
+ X509 *x = NULL;
+ long lval;
+ enum revokeop op, rop;
+ time_t t;
+ const STACK_OF(X509_EXTENSION) *exts;
+ X509_EXTENSION *ex;
+ ASN1_OBJECT *obj;
+ size_t j;
/*
* First try to open the certificate before we drop privileges
@@ -164,13 +165,12 @@ revokeproc(int fd, const char *certfile,
* command line.
*/
- extsz = x->cert_info->extensions != NULL ?
- sk_X509_EXTENSION_num(x->cert_info->extensions) : 0;
+ exts = X509_get0_extensions(x);
/* Scan til we find the SAN NID. */
- for (i = 0; i < extsz; i++) {
- ex = sk_X509_EXTENSION_value(x->cert_info->extensions, i);
+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+ ex = sk_X509_EXTENSION_value(exts, i);
assert(ex != NULL);
obj = X509_EXTENSION_get_object(ex);
assert(obj != NULL);
