Bitrot: X509 structure opaque in upcoming OpenSSL 1.1.0

diff --git a/postfix/.indent.pro b/postfix/.indent.pro
index c15aa635347ce43fb7e3480b316b0795993d362b..0e9462f1912127ff19ddf2e925d28e017734d728 100644 (file)
--- a/postfix/.indent.pro
+++ b/postfix/.indent.pro
@@ -404,5 +404,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t

diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h
index 8efb038300e94cbbcf50393216af23d687d4a3b6..11f9b24f7ecb36c5d8f35f8e2624a26cae65c22d 100644 (file)
--- a/postfix/src/tls/tls.h
+++ b/postfix/src/tls/tls.h
@@ -77,7 +77,6 @@ extern const NAME_CODE tls_level_table[];
 
  /* Appease indent(1) */
 #define x509_stack_t STACK_OF(X509)
-#define x509_extension_stack_t STACK_OF(X509_EXTENSION)
 #define general_name_stack_t STACK_OF(GENERAL_NAME)
 #define ssl_cipher_stack_t STACK_OF(SSL_CIPHER)
 #define ssl_comp_stack_t STACK_OF(SSL_COMP)

diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c
index 1e91aa3cbdc4cd8137be17732941ceffe0bdbdf8..bb882f2062c1422d3d6c3b432b4ce395a1d56825 100644 (file)
--- a/postfix/src/tls/tls_dane.c
+++ b/postfix/src/tls/tls_dane.c
@@ -551,7 +551,7 @@ static void ta_cert_insert(TLS_DANE *d, X509 *x)
 {
     TLS_CERTS *new = (TLS_CERTS *) mymalloc(sizeof(*new));
 
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x);
     new->cert = x;
     new->next = d->certs;
     d->certs = new;
@@ -1406,12 +1406,8 @@ int     tls_dane_match(TLS_SESS_STATE *TLScontext, int usage,
 
 static int push_ext(X509 *cert, X509_EXTENSION *ext)
 {
-    x509_extension_stack_t *exts;
-
     if (ext) {
-       if ((exts = cert->cert_info->extensions) == 0)
-           exts = cert->cert_info->extensions = sk_X509_EXTENSION_new_null();
-       if (exts && sk_X509_EXTENSION_push(exts, ext))
+       if (X509_add_ext(cert, ext, -1))
            return 1;
        X509_EXTENSION_free(ext);
     }
@@ -1542,7 +1538,7 @@ static void grow_chain(TLS_SESS_STATE *TLScontext, int trusted, X509 *cert)
     if (cert) {
        if (trusted && !X509_add1_trust_object(cert, serverAuth))
            msg_fatal("out of memory");
-       CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+       X509_up_ref(cert);
        if (!sk_X509_push(*xs, cert))
            msg_fatal("out of memory");
     }

diff --git a/postfix/src/tls/tls_verify.c b/postfix/src/tls/tls_verify.c
index cbaae83ccdbd8156604547e0753193171e1b5469..42bfc1033a96ad5095a8ea0326d3a245d6b35c2f 100644 (file)
--- a/postfix/src/tls/tls_verify.c
+++ b/postfix/src/tls/tls_verify.c
@@ -138,7 +138,7 @@ static void update_error_state(TLS_SESS_STATE *TLScontext, int depth,
     if (TLScontext->errorcert != 0)
        X509_free(TLScontext->errorcert);
     if (errorcert != 0)
-       CRYPTO_add(&errorcert->references, 1, CRYPTO_LOCK_X509);
+       X509_up_ref(errorcert);
     TLScontext->errorcert = errorcert;
     TLScontext->errorcode = errorcode;
     TLScontext->errordepth = depth;