SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb)
])
+dnl Checks whether the X509_get0_signature() has const arguments
+AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_X509_GET0_SIGNATURE_ARGS],[
+ AH_TEMPLATE(SQUID_USE_CONST_X509_GET0_SIGNATURE_ARGS, "Define if X509_get0_signature() accepts const parameters")
+ SQUID_STATE_SAVE(check_const_X509_get0_signature_args)
+ AC_MSG_CHECKING("whether X509_get0_signature() accepts const parameters")
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
+#include <openssl/ssl.h>
+ ],[
+#if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE
+ const ASN1_BIT_STRING *sig = nullptr;
+ const X509_ALGOR *sig_alg;
+ X509_get0_signature(&sig, &sig_alg, nullptr);
+#else
+#error Missing X509_get0_signature()
+#endif
+ ])
+ ],[
+ AC_DEFINE(SQUID_USE_CONST_X509_GET0_SIGNATURE_ARGS, 1)
+ AC_MSG_RESULT([yes])
+ ],[
+ AC_MSG_RESULT([no])
+ ])
+ SQUID_STATE_ROLLBACK(check_const_X509_get0_signature_args)
+])
+
dnl Try to handle TXT_DB related problems:
dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
SQUID_CHECK_OPENSSL_CONST_SSL_METHOD
SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA
SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG
+ SQUID_CHECK_OPENSSL_CONST_X509_GET0_SIGNATURE_ARGS
SQUID_CHECK_OPENSSL_TXTDB
SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK
fi
static void
printX509Signature(const Security::CertPointer &cert, std::string &out)
{
- ASN1_BIT_STRING *sig = nullptr;
-#if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE
- X509_ALGOR *sig_alg;
- X509_get0_signature(&sig, &sig_alg, cert.get());
-#else
- sig = cert->signature;
-#endif
-
+ const ASN1_BIT_STRING *sig = Ssl::X509_get_signature(cert);
if (sig && sig->data) {
const unsigned char *s = sig->data;
for (int i = 0; i < sig->length; ++i) {
return ret;
}
+const ASN1_BIT_STRING *
+Ssl::X509_get_signature(const Security::CertPointer &cert)
+{
+#if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE
+#if SQUID_USE_CONST_X509_GET0_SIGNATURE_ARGS
+ const ASN1_BIT_STRING *sig = nullptr;
+ const X509_ALGOR *sig_alg = nullptr;
+#else
+ ASN1_BIT_STRING *sig = nullptr;
+ X509_ALGOR *sig_alg = nullptr;
+#endif
+ X509_get0_signature(&sig, &sig_alg, cert.get());
+ return sig;
+#else
+ return cert->signature;
+#endif
+}
+
/// \ingroup ServerProtocolSSLAPI
/// \return whether both certificates exist and are the same (e.g., have identical ASN.1 images)
bool CertificatesCmp(const Security::CertPointer &cert1, const Security::CertPointer &cert2);
+
+/// wrapper for OpenSSL X509_get0_signature() which takes care of
+/// portability issues with older OpenSSL versions
+const ASN1_BIT_STRING *X509_get_signature(const Security::CertPointer &);
+
} // namespace Ssl
#endif // SQUID_SSL_GADGETS_H
void Ssl::InRamCertificateDbKey(const Ssl::CertificateProperties &certProperties, SBuf &key)
{
bool origSignatureAsKey = false;
- if (certProperties.mimicCert.get()) {
- ASN1_BIT_STRING *sig = nullptr;
-#if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE
- X509_ALGOR *sig_alg;
- X509_get0_signature(&sig, &sig_alg, certProperties.mimicCert.get());
-#else
- sig = certProperties.mimicCert->signature;
-#endif
- if (sig) {
+ if (certProperties.mimicCert) {
+ if (auto *sig = Ssl::X509_get_signature(certProperties.mimicCert)) {
origSignatureAsKey = true;
key.append((const char *)sig->data, sig->length);
}
projects / thirdparty / squid.git / commitdiff
