From: Remi Tricot-Le Breton Date: Fri, 20 Aug 2021 07:51:23 +0000 (+0200) Subject: BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 X-Git-Tag: v2.5-dev5~59 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f95c29546ca7a1ab0c64b6d0709bb54197806df8;p=thirdparty%2Fhaproxy.git BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2 The X509_STORE_CTX_get0_cert did not exist yet on OpenSSL 1.0.2 and neither did X509_STORE_CTX_get0_chain, which was not actually needed since its get1 equivalent already existed. --- diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index 983ee03fef..eb96703a56 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -291,6 +291,11 @@ static inline const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOK { return x->revocationDate; } + +static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) +{ + return ctx->cert; +} #endif #if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) || (LIBRESSL_VERSION_NUMBER >= 0x2070200fL) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index bc827833da..83003d9d05 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1592,14 +1592,12 @@ int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store) * chain, we might never call this verify callback on the client * certificate's depth (which is 0) so we try to store the * reference right now. */ - if (X509_STORE_CTX_get0_chain(x_store) != NULL) { - certs = X509_STORE_CTX_get1_chain(x_store); - if (certs) { - client_crt = sk_X509_value(certs, 0); - if (client_crt) { - X509_up_ref(client_crt); - SSL_set_ex_data(ssl, ssl_client_crt_ref_index, client_crt); - } + certs = X509_STORE_CTX_get1_chain(x_store); + if (certs) { + client_crt = sk_X509_value(certs, 0); + if (client_crt) { + X509_up_ref(client_crt); + SSL_set_ex_data(ssl, ssl_client_crt_ref_index, client_crt); } sk_X509_pop_free(certs, X509_free); }