Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP2
xmltooling.15367
0007-Unwind-previous.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0007-Unwind-previous.patch of Package xmltooling.15367
From bae0dd5307ac389c17901050bf6b0de6a66700f2 Mon Sep 17 00:00:00 2001 From: Rod Widdowson <rdw@steadingsoftware.com> Date: Tue, 19 Jul 2016 16:51:30 +0100 Subject: [PATCH 07/31] Unwind previous. Managed to get myself into a fankle and whilst I create a branch and then make changes I pushed the changes and then made the remote branch. Sigh. This leaves mainline in a precarious position, so this backs it all out. I'll commit the inverse change to the new branch and from then on changes should be as I wanted.. Maybe --- Projects/vc10/xmltooling/xmltooling.vcxproj | 6 +-- .../vc10/xmltooling/xmltooling.vcxproj.filters | 13 +----- xmltooling/Makefile.am | 2 - xmltooling/XMLToolingConfig.cpp | 9 ---- .../security/impl/ExplicitKeyTrustEngine.cpp | 9 ++-- .../security/impl/FilesystemCredentialResolver.cpp | 1 - xmltooling/security/impl/PKIXPathValidator.cpp | 54 +++++++++------------- xmltooling/security/impl/SecurityHelper.cpp | 13 +++--- xmltooling/soap/impl/CURLSOAPTransport.cpp | 11 ++--- 9 files changed, 39 insertions(+), 79 deletions(-) diff --git a/Projects/vc10/xmltooling/xmltooling.vcxproj b/Projects/vc10/xmltooling/xmltooling.vcxproj index 48e2cf3..2320132 100644 --- a/Projects/vc10/xmltooling/xmltooling.vcxproj +++ b/Projects/vc10/xmltooling/xmltooling.vcxproj @@ -1,4 +1,4 @@ -<?xml version="1.0" encoding="utf-8"?> +<?xml version="1.0" encoding="utf-8"?> <Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <ItemGroup Label="ProjectConfigurations"> <ProjectConfiguration Include="Debug|Win32"> @@ -194,7 +194,6 @@ <ClCompile Include="..\..\..\XMLTooling\Lockable.cpp" /> <ClCompile Include="..\..\..\XMLTooling\Namespace.cpp" /> <ClCompile Include="..\..\..\XMLTooling\QName.cpp" /> - <ClCompile Include="..\..\..\xmltooling\security\impl\OpenSSLSupport.cpp" /> <ClCompile Include="..\..\..\XMLTooling\security\impl\PKIXPathValidator.cpp" /> <ClCompile Include="..\..\..\XMLTooling\unicode.cpp" /> <ClCompile Include="..\..\..\XMLTooling\util\CloneInputStream.cpp" /> @@ -271,7 +270,6 @@ <ClInclude Include="..\..\..\XMLTooling\Namespace.h" /> <ClInclude Include="..\..\..\XMLTooling\PluginManager.h" /> <ClInclude Include="..\..\..\XMLTooling\QName.h" /> - <ClInclude Include="..\..\..\xmltooling\security\impl\OpenSSLSupport.h" /> <ClInclude Include="..\..\..\XMLTooling\security\OpenSSLPathValidator.h" /> <ClInclude Include="..\..\..\XMLTooling\security\PathValidator.h" /> <ClInclude Include="..\..\..\XMLTooling\security\PKIXPathValidatorParams.h" /> @@ -348,4 +346,4 @@ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <ImportGroup Label="ExtensionTargets"> </ImportGroup> -</Project> \ No newline at end of file +</Project> diff --git a/Projects/vc10/xmltooling/xmltooling.vcxproj.filters b/Projects/vc10/xmltooling/xmltooling.vcxproj.filters index a3e2882..bee07e2 100644 --- a/Projects/vc10/xmltooling/xmltooling.vcxproj.filters +++ b/Projects/vc10/xmltooling/xmltooling.vcxproj.filters @@ -1,4 +1,4 @@ -<?xml version="1.0" encoding="utf-8"?> +<?xml version="1.0" encoding="utf-8"?> <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <ItemGroup> <Filter Include="Source Files"> @@ -73,9 +73,6 @@ <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions> </Filter> - <Filter Include="Header Files\security\impl"> - <UniqueIdentifier>{8ce132be-735f-49f0-899a-cc0e7cb8e775}</UniqueIdentifier> - </Filter> </ItemGroup> <ItemGroup> <ClCompile Include="..\..\..\XMLTooling\AbstractAttributeExtensibleXMLObject.cpp"> @@ -273,9 +270,6 @@ <ClCompile Include="..\..\..\XMLTooling\util\CloneInputStream.cpp"> <Filter>Source Files\util</Filter> </ClCompile> - <ClCompile Include="..\..\..\xmltooling\security\impl\OpenSSLSupport.cpp"> - <Filter>Source Files\security\impl</Filter> - </ClCompile> </ItemGroup> <ItemGroup> <ClInclude Include="..\..\..\XMLTooling\AbstractAttributeExtensibleXMLObject.h"> @@ -527,9 +521,6 @@ <ClInclude Include="..\..\..\XMLTooling\util\CloneInputStream.h"> <Filter>Header Files\util</Filter> </ClInclude> - <ClInclude Include="..\..\..\xmltooling\security\impl\OpenSSLSupport.h"> - <Filter>Header Files\security\impl</Filter> - </ClInclude> </ItemGroup> <ItemGroup> <ResourceCompile Include="..\..\..\XMLTooling\xmltooling.rc"> @@ -540,4 +531,4 @@ <None Include="..\..\..\XMLTooling\config_pub.h.in" /> <None Include="..\..\..\XMLTooling\Makefile.am" /> </ItemGroup> -</Project> \ No newline at end of file +</Project> diff --git a/xmltooling/Makefile.am b/xmltooling/Makefile.am index e2ced1a..f265007 100644 --- a/xmltooling/Makefile.am +++ b/xmltooling/Makefile.am @@ -57,7 +57,6 @@ encinclude_HEADERS = \ implinclude_HEADERS = \ impl/AnyElement.h \ - security/impl\OpenSSLSupport.h \ impl/UnknownElement.h ioinclude_HEADERS = \ @@ -148,7 +147,6 @@ xmlsec_sources = \ security/impl/InlineKeyResolver.cpp \ security/impl/KeyInfoResolver.cpp \ security/impl/OpenSSLCryptoX509CRL.cpp \ - security/impl/OpenSSLSupport.cpp \ security/impl/PKIXPathValidator.cpp \ security/impl/SecurityHelper.cpp \ security/impl/StaticPKIXTrustEngine.cpp \ diff --git a/xmltooling/XMLToolingConfig.cpp b/xmltooling/XMLToolingConfig.cpp index a8b4bb5..6925a23 100644 --- a/xmltooling/XMLToolingConfig.cpp +++ b/xmltooling/XMLToolingConfig.cpp @@ -111,15 +111,6 @@ using namespace xmlsignature; namespace { static XMLToolingInternalConfig g_config; #ifndef XMLTOOLING_NO_XMLSEC -// NOTE: -// "The old locking functions have been removed completely without compatibility macros" -// see: -// https://www.openssl.org/docs/manmaster/crypto/CRYPTO_THREAD_lock_free.html -// -// For now we just make the callback compile. More work TBD -#ifndef CRYPTO_LOCK -#define CRYPTO_LOCK 1 -#endif static ptr_vector<Mutex> g_openssl_locks; extern "C" void openssl_locking_callback(int mode,int n,const char *file,int line) diff --git a/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp b/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp index a4a5dd2..6ad420f 100644 --- a/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp +++ b/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp @@ -34,20 +34,17 @@ #include "signature/Signature.h" #include "signature/SignatureValidator.h" #include "util/NDC.h" -#include "security/impl/OpenSSLSupport.h" #include <xercesc/util/XMLUniDefs.hpp> #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp> #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp> #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp> - using namespace xmlsignature; using namespace xmltooling::logging; using namespace xmltooling; using namespace std; - using xercesc::DOMElement; namespace xmltooling { @@ -263,8 +260,8 @@ bool ExplicitKeyTrustEngine::validate( { RSA* rsa = static_cast<OpenSSLCryptoKeyRSA*>(key)->getOpenSSLRSA(); EVP_PKEY* evp = X509_PUBKEY_get(X509_get_X509_PUBKEY(certEE)); - if (rsa && evp && EVP_PKEY_id(evp) == EVP_PKEY_RSA && - BN_cmp(RSA_get0_n(rsa),RSA_get0_n(EVP_PKEY_get0_RSA(evp))) == 0 && BN_cmp(RSA_get0_e(rsa), RSA_get0_e(EVP_PKEY_get0_RSA(evp))) == 0) { + if (rsa && evp && evp->type == EVP_PKEY_RSA && + BN_cmp(rsa->n,evp->pkey.rsa->n) == 0 && BN_cmp(rsa->e,evp->pkey.rsa->e) == 0) { if (evp) EVP_PKEY_free(evp); log.debug("end-entity certificate matches peer RSA key information"); @@ -279,7 +276,7 @@ bool ExplicitKeyTrustEngine::validate( { DSA* dsa = static_cast<OpenSSLCryptoKeyDSA*>(key)->getOpenSSLDSA(); EVP_PKEY* evp = X509_PUBKEY_get(X509_get_X509_PUBKEY(certEE)); - if (dsa && evp && EVP_PKEY_id(evp) == EVP_PKEY_DSA && BN_cmp(DSA_get0_pubkey(dsa),DSA_get0_pubkey(EVP_PKEY_get0_DSA(evp))) == 0) { + if (dsa && evp && evp->type == EVP_PKEY_DSA && BN_cmp(dsa->pub_key,evp->pkey.dsa->pub_key) == 0) { if (evp) EVP_PKEY_free(evp); log.debug("end-entity certificate matches peer DSA key information"); diff --git a/xmltooling/security/impl/FilesystemCredentialResolver.cpp b/xmltooling/security/impl/FilesystemCredentialResolver.cpp index f9a337d..dfeccf7 100644 --- a/xmltooling/security/impl/FilesystemCredentialResolver.cpp +++ b/xmltooling/security/impl/FilesystemCredentialResolver.cpp @@ -34,7 +34,6 @@ #include "security/OpenSSLCredential.h" #include "security/SecurityHelper.h" #include "security/XSECCryptoX509CRL.h" -#include "security/impl/OpenSSLSupport.h" #include "util/NDC.h" #include "util/PathResolver.h" #include "util/Threads.h" diff --git a/xmltooling/security/impl/PKIXPathValidator.cpp b/xmltooling/security/impl/PKIXPathValidator.cpp index 90cee59..3ac8308 100644 --- a/xmltooling/security/impl/PKIXPathValidator.cpp +++ b/xmltooling/security/impl/PKIXPathValidator.cpp @@ -30,7 +30,6 @@ #include "security/OpenSSLCryptoX509CRL.h" #include "security/PKIXPathValidatorParams.h" #include "security/SecurityHelper.h" -#include "security/impl/OpenSSLSupport.h" #include "util/NDC.h" #include "util/PathResolver.h" #include "util/Threads.h" @@ -55,9 +54,7 @@ namespace { { if (!ok) { Category::getInstance("OpenSSL").error( - "path validation failure at depth(%d): %s", - X509_STORE_CTX_get_error_depth(ctx), - X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx)) + "path validation failure at depth(%d): %s", ctx->error_depth, X509_verify_cert_error_string(ctx->error) ); } return ok; @@ -294,24 +291,18 @@ bool PKIXPathValidator::validate(X509* EE, STACK_OF(X509)* untrusted, const Path // This contains the state of the validate operation. int count=0; - X509StoreCtxRAII ctxContainer; - - if (!ctxContainer.of()) { - log_openssl(); - X509_STORE_free(store); - return false; - } + X509_STORE_CTX ctx; // AFAICT, EE and untrusted are passed in but not owned by the ctx. #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) - if (X509_STORE_CTX_init(ctxContainer.of(),store,EE,untrusted) != 1) { + if (X509_STORE_CTX_init(&ctx,store,EE,untrusted) != 1) { log_openssl(); m_log.error("unable to initialize X509_STORE_CTX"); X509_STORE_free(store); return false; } #else - X509_STORE_CTX_init(ctxContainer.of(),store,EE,untrusted); + X509_STORE_CTX_init(&ctx,store,EE,untrusted); #endif STACK_OF(X509)* CAstack = sk_X509_new_null(); @@ -325,15 +316,15 @@ bool PKIXPathValidator::validate(X509* EE, STACK_OF(X509)* untrusted, const Path m_log.debug("supplied (%d) CA certificate(s)", count); // Seems to be most efficient to just pass in the CA stack. - ctxContainer.set0TrustedStack(CAstack); - X509_STORE_CTX_set_depth(ctxContainer.of(),100); // we check the depth down below - X509_STORE_CTX_set_verify_cb(ctxContainer.of(),error_callback); + X509_STORE_CTX_trusted_stack(&ctx,CAstack); + X509_STORE_CTX_set_depth(&ctx,100); // we check the depth down below + X509_STORE_CTX_set_verify_cb(&ctx,error_callback); // Do a first pass verify. If CRLs aren't used, this is the only pass. - int ret = X509_verify_cert(ctxContainer.of()); + int ret = X509_verify_cert(&ctx); if (ret == 1) { // Now see if the depth was acceptable by counting the number of intermediates. - int depth=sk_X509_num(ctxContainer.get0Chain())-2; + int depth=sk_X509_num(ctx.chain)-2; if (pkixParams->getVerificationDepth() < depth) { m_log.error( "certificate chain was too long (%d intermediates, only %d allowed)", @@ -349,7 +340,7 @@ bool PKIXPathValidator::validate(X509* EE, STACK_OF(X509)* untrusted, const Path #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) // After the first X509_verify_cert call, the ctx can no longer be used // (subsequent calls will fail with OpenSSL 1.0.1p / 1.0.2d or later). - X509_STORE_CTX_cleanup(ctxContainer.of()); + X509_STORE_CTX_cleanup(&ctx); // When we add CRLs, we have to be sure the nextUpdate hasn't passed, because OpenSSL won't accept // the CRL in that case. If we end up not adding a CRL for a particular link in the chain, the @@ -412,23 +403,23 @@ bool PKIXPathValidator::validate(X509* EE, STACK_OF(X509)* untrusted, const Path // Do a second pass verify with CRLs in place. Reinitialize ctx, see // https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=aae41f8c54257d9fa6904d3a9aa09c5db6cefd0d #if (OPENSSL_VERSION_NUMBER >= 0x00907000L) - if (X509_STORE_CTX_init(ctxContainer.of(),store,EE,untrusted) != 1) { + if (X509_STORE_CTX_init(&ctx,store,EE,untrusted) != 1) { log_openssl(); m_log.error("unable to initialize X509_STORE_CTX"); ret = 0; } #else - X509_STORE_CTX_init(ctxContainer.of(),store,EE,untrusted); + X509_STORE_CTX_init(&ctx,store,EE,untrusted); #endif if (ret != 0) { - ctxContainer.set0TrustedStack(CAstack); - X509_STORE_CTX_set_depth(ctxContainer.of(),100); // already checked above - X509_STORE_CTX_set_verify_cb(ctxContainer.of(),error_callback); + X509_STORE_CTX_trusted_stack(&ctx,CAstack); + X509_STORE_CTX_set_depth(&ctx,100); // already checked above + X509_STORE_CTX_set_verify_cb(&ctx,error_callback); if (pkixParams->getRevocationChecking() == PKIXPathValidatorParams::REVOCATION_FULLCHAIN) - X509_STORE_CTX_set_flags(ctxContainer.of(), X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); + X509_STORE_CTX_set_flags(&ctx, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); else - X509_STORE_CTX_set_flags(ctxContainer.of(), X509_V_FLAG_CRL_CHECK); - ret = X509_verify_cert(ctxContainer.of()); + X509_STORE_CTX_set_flags(&ctx, X509_V_FLAG_CRL_CHECK); + ret = X509_verify_cert(&ctx); } #else m_log.warn("CRL checking is enabled, but OpenSSL version is too old"); @@ -440,13 +431,13 @@ bool PKIXPathValidator::validate(X509* EE, STACK_OF(X509)* untrusted, const Path m_log.debug("successfully validated certificate chain"); } #if defined(X509_V_ERR_NO_EXPLICIT_POLICY) && (OPENSSL_VERSION_NUMBER < 0x10000000L) - else if (X509_STORE_CTX_get_error(ctxContainer.of()) == X509_V_ERR_NO_EXPLICIT_POLICY && !pkixParams->isPolicyMappingInhibited()) { + else if (X509_STORE_CTX_get_error(&ctx) == X509_V_ERR_NO_EXPLICIT_POLICY && !pkixParams->isPolicyMappingInhibited()) { m_log.warn("policy mapping requires OpenSSL 1.0.0 or later"); } #endif // Clean up... - X509_STORE_CTX_cleanup(ctxContainer.of()); + X509_STORE_CTX_cleanup(&ctx); X509_STORE_free(store); sk_X509_free(CAstack); @@ -555,10 +546,7 @@ XSECCryptoX509CRL* PKIXPathValidator::getRemoteCRLs(const char* cdpuri) const bool PKIXPathValidator::isFreshCRL(XSECCryptoX509CRL *c, Category* log) const { if (c) { -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - const -#endif - X509_CRL* crl = static_cast<OpenSSLCryptoX509CRL*>(c)->getOpenSSLX509CRL(); + const X509_CRL* crl = static_cast<OpenSSLCryptoX509CRL*>(c)->getOpenSSLX509CRL(); time_t thisUpdate = getCRLTime(X509_CRL_get_lastUpdate(crl)); time_t nextUpdate = getCRLTime(X509_CRL_get_nextUpdate(crl)); time_t now = time(nullptr); diff --git a/xmltooling/security/impl/SecurityHelper.cpp b/xmltooling/security/impl/SecurityHelper.cpp index e53ed8d..0c15f05 100644 --- a/xmltooling/security/impl/SecurityHelper.cpp +++ b/xmltooling/security/impl/SecurityHelper.cpp @@ -30,7 +30,6 @@ #include "security/OpenSSLCryptoX509CRL.h" #include "security/SecurityHelper.h" #include "security/X509Credential.h" -#include "security/impl/OpenSSLSupport.h" #include "soap/HTTPSOAPTransport.h" #include "util/NDC.h" @@ -206,7 +205,7 @@ XSECCryptoKey* SecurityHelper::loadKeyFromFile(const char* pathname, const char* // Now map it to an XSEC wrapper. if (pkey) { XSECCryptoKey* ret=nullptr; - switch (EVP_PKEY_id(pkey)) { + switch (pkey->type) { case EVP_PKEY_RSA: ret=new OpenSSLCryptoKeyRSA(pkey); break; @@ -487,7 +486,7 @@ bool SecurityHelper::matches(const XSECCryptoKey& key1, const XSECCryptoKey& key return false; const RSA* rsa1 = static_cast<const OpenSSLCryptoKeyRSA&>(key1).getOpenSSLRSA(); const RSA* rsa2 = static_cast<const OpenSSLCryptoKeyRSA&>(key2).getOpenSSLRSA(); - return (rsa1 && rsa2 && BN_cmp(RSA_get0_n(rsa1),RSA_get0_n(rsa2)) == 0 && BN_cmp(RSA_get0_e(rsa1),RSA_get0_e(rsa2)) == 0); + return (rsa1 && rsa2 && BN_cmp(rsa1->n,rsa2->n) == 0 && BN_cmp(rsa1->e,rsa2->e) == 0); } // For a private key, compare the private half. @@ -496,7 +495,7 @@ bool SecurityHelper::matches(const XSECCryptoKey& key1, const XSECCryptoKey& key return false; const RSA* rsa1 = static_cast<const OpenSSLCryptoKeyRSA&>(key1).getOpenSSLRSA(); const RSA* rsa2 = static_cast<const OpenSSLCryptoKeyRSA&>(key2).getOpenSSLRSA(); - return (rsa1 && rsa2 && BN_cmp(RSA_get0_n(rsa1),RSA_get0_n(rsa2)) == 0 && BN_cmp(RSA_get0_d(rsa1),RSA_get0_d(rsa2)) == 0); + return (rsa1 && rsa2 && BN_cmp(rsa1->n,rsa2->n) == 0 && BN_cmp(rsa1->d,rsa2->d) == 0); } // If one key is public or both, just compare the public key half. @@ -505,7 +504,7 @@ bool SecurityHelper::matches(const XSECCryptoKey& key1, const XSECCryptoKey& key return false; const DSA* dsa1 = static_cast<const OpenSSLCryptoKeyDSA&>(key1).getOpenSSLDSA(); const DSA* dsa2 = static_cast<const OpenSSLCryptoKeyDSA&>(key2).getOpenSSLDSA(); - return (dsa1 && dsa2 && BN_cmp(DSA_get0_pubkey(dsa1),DSA_get0_pubkey(dsa2)) == 0); + return (dsa1 && dsa2 && BN_cmp(dsa1->pub_key,dsa2->pub_key) == 0); } // For a private key, compare the private half. @@ -514,7 +513,7 @@ bool SecurityHelper::matches(const XSECCryptoKey& key1, const XSECCryptoKey& key return false; const DSA* dsa1 = static_cast<const OpenSSLCryptoKeyDSA&>(key1).getOpenSSLDSA(); const DSA* dsa2 = static_cast<const OpenSSLCryptoKeyDSA&>(key2).getOpenSSLDSA(); - return (dsa1 && dsa2 && BN_cmp(DSA_get0_privkey(dsa1),DSA_get0_privkey(dsa2)) == 0); + return (dsa1 && dsa2 && BN_cmp(dsa1->priv_key,dsa2->priv_key) == 0); } #if defined(XMLTOOLING_XMLSEC_ECC) && defined(XMLTOOLING_OPENSSL_HAVE_EC) @@ -790,7 +789,7 @@ XSECCryptoKey* SecurityHelper::fromDEREncoding(const char* buf, unsigned long bu // Now map it to an XSEC wrapper. XSECCryptoKey* ret = nullptr; try { - switch (EVP_PKEY_id(pkey)) { + switch (pkey->type) { case EVP_PKEY_RSA: ret = new OpenSSLCryptoKeyRSA(pkey); break; diff --git a/xmltooling/soap/impl/CURLSOAPTransport.cpp b/xmltooling/soap/impl/CURLSOAPTransport.cpp index b7ebe25..38e9271 100644 --- a/xmltooling/soap/impl/CURLSOAPTransport.cpp +++ b/xmltooling/soap/impl/CURLSOAPTransport.cpp @@ -30,7 +30,6 @@ #include "security/CredentialCriteria.h" #include "security/OpenSSLTrustEngine.h" #include "security/OpenSSLCredential.h" -#include "security/impl/OpenSSLSupport.h" #include "soap/HTTPSOAPTransport.h" #include "soap/OpenSSLSOAPTransport.h" #include "util/NDC.h" @@ -712,20 +711,20 @@ int xmltooling::verify_callback(X509_STORE_CTX* x509_ctx, void* arg) ctx->m_criteria->setUsage(Credential::TLS_CREDENTIAL); // Bypass name check (handled for us by curl). ctx->m_criteria->setPeerName(nullptr); - success = ctx->m_trustEngine->validate(X509_STORE_CTX_get0_cert(x509_ctx),X509_STORE_CTX_get0_untrusted(x509_ctx),*(ctx->m_peerResolver),ctx->m_criteria); + success = ctx->m_trustEngine->validate(x509_ctx->cert,x509_ctx->untrusted,*(ctx->m_peerResolver),ctx->m_criteria); } else { // Bypass name check (handled for us by curl). CredentialCriteria cc; cc.setUsage(Credential::TLS_CREDENTIAL); - success = ctx->m_trustEngine->validate(X509_STORE_CTX_get0_cert(x509_ctx),X509_STORE_CTX_get0_untrusted(x509_ctx),*(ctx->m_peerResolver),&cc); + success = ctx->m_trustEngine->validate(x509_ctx->cert,x509_ctx->untrusted,*(ctx->m_peerResolver),&cc); } if (!success) { log.error("supplied TrustEngine failed to validate SSL/TLS server certificate"); - if (X509_STORE_CTX_get0_cert(x509_ctx)) { + if (x509_ctx->cert) { BIO* b = BIO_new(BIO_s_mem()); - X509_print(b, X509_STORE_CTX_get0_cert(x509_ctx)); + X509_print(b, x509_ctx->cert); BUF_MEM* bptr = nullptr; BIO_get_mem_ptr(b, &bptr); if (bptr && bptr->length > 0) { @@ -737,7 +736,7 @@ int xmltooling::verify_callback(X509_STORE_CTX* x509_ctx, void* arg) } BIO_free(b); } - X509_STORE_CTX_set_error(x509_ctx, X509_V_ERR_APPLICATION_VERIFICATION); // generic error, check log for plugin specifics + x509_ctx->error = X509_V_ERR_APPLICATION_VERIFICATION; // generic error, check log for plugin specifics ctx->setAuthenticated(false); return ctx->m_mandatory ? 0 : 1; } -- 2.13.6
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
