ITS#10216 libldap: fix OpenSSL channel binding digest

author Howard Chu <hyc@openldap.org>

Tue, 14 May 2024 15:13:15 +0000 (16:13 +0100)

committer Howard Chu <hyc@openldap.org>

Thu, 16 May 2024 15:01:39 +0000 (16:01 +0100)
author Howard Chu <hyc@openldap.org>
Tue, 14 May 2024 15:13:15 +0000 (16:13 +0100)
committer Howard Chu <hyc@openldap.org>
Thu, 16 May 2024 15:01:39 +0000 (16:01 +0100)
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c

index d5861d933900e45058e03775bd270e0fc19560e3..2e0806315a478b5b88aff9dc113ae694215194e9 100644 (file)
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@@ -54,8 +54,10 @@
  
  #if OPENSSL_VERSION_MAJOR >= 3
  #define ERR_get_error_line( a, b )     ERR_get_error_all( a, b, NULL, NULL, NULL )
+#ifndef SSL_get_peer_certificate
  #define SSL_get_peer_certificate( s )  SSL_get1_peer_certificate( s )
  #endif
+#endif
  typedef SSL_CTX tlso_ctx;
  typedef SSL tlso_session;
  
@@ -1068,7 +1070,12 @@ tlso_session_endpoint( tls_session *sess, struct berval *buf, int is_server )
                 return 0;
  
  #if OPENSSL_VERSION_NUMBER >= 0x10100000
-       md = EVP_get_digestbynid( X509_get_signature_nid( cert ));
+       {
+               int mdnid;
+               if ( !OBJ_find_sigid_algs( X509_get_signature_nid( cert ), &mdnid, NULL ))
+                       return 0;
+               md = EVP_get_digestbynid( mdnid );
+       }
  #else
         md = EVP_get_digestbynid(OBJ_obj2nid( cert->sig_alg->algorithm ));
  #endif
author	Howard Chu <hyc@openldap.org>
	Tue, 14 May 2024 15:13:15 +0000 (16:13 +0100)
committer	Howard Chu <hyc@openldap.org>
	Thu, 16 May 2024 15:01:39 +0000 (16:01 +0100)