openssl: Fix call of X509_CRL_get0_signature() with OpenSSL 1.1.0

The order of arguments in X509_CRL_get0_signature() is not the same as that
of X509_get0_signature().

Fixes: 989ba4b6cd16 ("openssl: Update CRL API to OpenSSL 1.1.0")

diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index e8b58c75997039c49650d3622a8409834962292e..503f7bf27860e0d290dfc8c80a5cbe66b3a48312 100644 (file)
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -50,7 +50,7 @@
 #include <credentials/certificates/x509.h>
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-static inline void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509_CRL *crl) {
+static inline void X509_CRL_get0_signature(const X509_CRL *crl, ASN1_BIT_STRING **psig, X509_ALGOR **palg) {
        if (psig) { *psig = crl->signature; }
        if (palg) { *palg = crl->sig_alg; }
 }
@@ -331,7 +331,7 @@ METHOD(certificate_t, issued_by, bool,
 #else
        tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
 #endif
-       X509_CRL_get0_signature(&sig, NULL, this->crl);
+       X509_CRL_get0_signature(this->crl, &sig, NULL);
        valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig));
        free(tbs.ptr);
        key->destroy(key);
@@ -575,7 +575,7 @@ static bool parse_crl(private_openssl_crl_t *this)
                return FALSE;
        }
 
-       X509_CRL_get0_signature(NULL, &alg, this->crl);
+       X509_CRL_get0_signature(this->crl, NULL, &alg);
        X509_ALGOR_get0(&oid, NULL, NULL, alg);
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
        if (!chunk_equals(