]> git.ipfire.org Git - thirdparty/openvpn.git/commitdiff
projects / thirdparty / openvpn.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 252a728)
The new function extract_x509_field_ssl tends to break
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Sun, 17 Feb 2008 08:21:28 +0000 (08:21 +0000)
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Sun, 17 Feb 2008 08:21:28 +0000 (08:21 +0000)
in early versions of OpenSSL 0.9.6.  Now we will fall
back to the old function extract_x509_field for OpenSSL
0.9.6.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2749 e7ae566f-a301-0410-adde-c780ea21d3b5

crypto.h patch | blob | blame | history
ssl.c patch | blob | blame | history

diff --git a/crypto.h b/crypto.h
index 655e499e08d473d9bf0da8db1184688f2b3137a8..8996fc612c051723c22cca0143fdf7348668dd5e 100644 (file)
--- a/crypto.h
+++ b/crypto.h
@@ -69,6 +69,9 @@
 
 #if SSLEAY_VERSION_NUMBER < 0x00907000L
 
+/* Workaround: OpenSSL 0.9.6 breaks extract_x509_field_ssl function */
+#define USE_OLD_EXTRACT_X509_FIELD
+
 /* Workaround: EVP_CIPHER_mode is defined wrong in OpenSSL 0.9.6 but is fixed in 0.9.7 */
 #undef EVP_CIPHER_mode
 #define EVP_CIPHER_mode(e)                (((e)->flags) & EVP_CIPH_MODE)
diff --git a/ssl.c b/ssl.c
index ea3212b6de770832e0df92e3c59fa866e5ec0b1c..c587b8cff61ca008ad1248814d4b271e48284f82 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -344,6 +344,8 @@ tmp_rsa_cb (SSL * s, int is_export, int keylength)
   return (rsa_tmp);
 }
 
+#ifdef USE_OLD_EXTRACT_X509_FIELD
+
 /*
  * Extract a field from an X509 subject name.
  *
@@ -378,6 +380,8 @@ extract_x509_field (const char *x509, const char *field_name, char *out, int siz
     }
 }
 
+#else
+
 /*
  * Extract a field from an X509 subject name.
  *
@@ -423,6 +427,8 @@ extract_x509_field_ssl (X509_NAME *x509, const char *field_name, char *out, int
   OPENSSL_free(buf);
 }
 
+#endif
+
 static void
 setenv_untrusted (struct tls_session *session)
 {
@@ -583,8 +589,12 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
   string_mod (subject, X509_NAME_CHAR_CLASS, 0, '_');
 
   /* extract the common name */
+#ifdef USE_OLD_EXTRACT_X509_FIELD
+  extract_x509_field (subject, "CN", common_name, TLS_CN_LEN);
+#else
   extract_x509_field_ssl (X509_get_subject_name (ctx->current_cert), "CN", common_name, TLS_CN_LEN);
-  //extract_x509_field (subject, "CN", common_name, TLS_CN_LEN);
+#endif
+
   string_mod (common_name, COMMON_NAME_CHAR_CLASS, 0, '_');
 
 #if 0 /* print some debugging info */
Mirror of https://github.com/OpenVPN/openvpn.git