BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2

author Remi Tricot-Le Breton <rlebreton@haproxy.com>

Fri, 20 Aug 2021 07:51:23 +0000 (09:51 +0200)

committer William Lallemand <wlallemand@haproxy.org>

Fri, 20 Aug 2021 08:05:58 +0000 (10:05 +0200)
author Remi Tricot-Le Breton <rlebreton@haproxy.com>
Fri, 20 Aug 2021 07:51:23 +0000 (09:51 +0200)
committer William Lallemand <wlallemand@haproxy.org>
Fri, 20 Aug 2021 08:05:58 +0000 (10:05 +0200)
diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h

index 983ee03fef77dae09042e231c612b3ae570f0d76..eb96703a560705cbbd130bf3e257fe69aa00e58f 100644 (file)
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -291,6 +291,11 @@ static inline const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOK
  {
      return x->revocationDate;
  }
+
+static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
+{
+    return ctx->cert;
+}
  #endif
  
  #if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) || (LIBRESSL_VERSION_NUMBER >= 0x2070200fL)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c

index bc827833da3d23b73cd584ed2a79e74865835882..83003d9d05c4a78c79ba5a0dc7f04f2429a61afb 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1592,14 +1592,12 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
                  * chain, we might never call this verify callback on the client
                  * certificate's depth (which is 0) so we try to store the
                  * reference right now. */
-               if (X509_STORE_CTX_get0_chain(x_store) != NULL) {
-                       certs = X509_STORE_CTX_get1_chain(x_store);
-                       if (certs) {
-                               client_crt = sk_X509_value(certs, 0);
-                               if (client_crt) {
-                                       X509_up_ref(client_crt);
-                                       SSL_set_ex_data(ssl, ssl_client_crt_ref_index, client_crt);
-                               }
+               certs = X509_STORE_CTX_get1_chain(x_store);
+               if (certs) {
+                       client_crt = sk_X509_value(certs, 0);
+                       if (client_crt) {
+                               X509_up_ref(client_crt);
+                               SSL_set_ex_data(ssl, ssl_client_crt_ref_index, client_crt);
                         }
                         sk_X509_pop_free(certs, X509_free);
                 }
author	Remi Tricot-Le Breton <rlebreton@haproxy.com>
	Fri, 20 Aug 2021 07:51:23 +0000 (09:51 +0200)
committer	William Lallemand <wlallemand@haproxy.org>
	Fri, 20 Aug 2021 08:05:58 +0000 (10:05 +0200)
include/haproxy/openssl-compat.h		patch \| blob \| blame \| history
src/ssl_sock.c		patch \| blob \| blame \| history