This is the first of two diffs to prepare isakmpd for upcoming libcrypto
changes. X509_EXTENSION will become opaque so we need to use an accessor.
I decided to leave accesses into ASN1_OCTET_STRING as they are for
readability (asn1_string_st is still exposed in OpenSSL's asn1.h).
Index: x509.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/x509.c,v
retrieving revision 1.120
diff -u -p -r1.120 x509.c
--- x509.c 13 Oct 2021 16:57:43 -0000 1.120
+++ x509.c 21 Oct 2021 10:14:03 -0000
@@ -1064,9 +1064,10 @@ x509_cert_obtain(u_int8_t *id, size_t id
int
x509_cert_subjectaltname(X509 *scert, u_int8_t **altname, u_int32_t *len)
{
- X509_EXTENSION *subjectaltname;
- u_int8_t *sandata;
- int extpos, santype, sanlen;
+ X509_EXTENSION *subjectaltname;
+ ASN1_OCTET_STRING *sanasn1data;
+ u_int8_t *sandata;
+ int extpos, santype, sanlen;
extpos = X509_get_ext_by_NID(scert, NID_subject_alt_name, -1);
if (extpos == -1) {
@@ -1075,16 +1076,16 @@ x509_cert_subjectaltname(X509 *scert, u_
return 0;
}
subjectaltname = X509_get_ext(scert, extpos);
+ sanasn1data = X509_EXTENSION_get_data(subjectaltname);
- if (!subjectaltname || !subjectaltname->value ||
- !subjectaltname->value->data ||
- subjectaltname->value->length < 4) {
+ if (!subjectaltname || !sanasn1data || !sanasn1data->data ||
+ sanasn1data->length < 4) {
log_print("x509_cert_subjectaltname: invalid "
"subjectaltname extension");
return 0;
}
/* SSL does not handle unknown ASN stuff well, do it by hand. */
- sandata = subjectaltname->value->data;
+ sandata = sanasn1data->data;
santype = sandata[2] & 0x3f;
sanlen = sandata[3];
sandata += 4;
@@ -1094,7 +1095,7 @@ x509_cert_subjectaltname(X509 *scert, u_
* extra stuff in subjectAltName, so we will just take the first
* salen bytes, and not worry about what follows.
*/
- if (sanlen + 4 > subjectaltname->value->length) {
+ if (sanlen + 4 > sanasn1data->length) {
log_print("x509_cert_subjectaltname: subjectaltname invalid "
"length");
return 0;
