Bitrot: X509 structure opaque in upcoming OpenSSL 1.1.0

diff --git a/postfix/.indent.pro b/postfix/.indent.pro
index 78e0a16ef68808250f094b1cdb737c420bfff84e..e985780ca345bf2ffd40898c9926dedc002516c5 100644 (file)
--- a/postfix/.indent.pro
+++ b/postfix/.indent.pro
@@ -384,5 +384,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t

diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h
index 4df80b8528c0c291ed3356e4f64a63b72b2ed39f..0b009733082a2f751de945dd157d9cace815deb8 100644 (file)
--- a/postfix/src/tls/tls.h
+++ b/postfix/src/tls/tls.h
@@ -75,7 +75,6 @@ extern const NAME_CODE tls_level_table[];
 
  /* Appease indent(1) */
 #define x509_stack_t STACK_OF(X509)
-#define x509_extension_stack_t STACK_OF(X509_EXTENSION)
 #define general_name_stack_t STACK_OF(GENERAL_NAME)
 #define ssl_cipher_stack_t STACK_OF(SSL_CIPHER)
 #define ssl_comp_stack_t STACK_OF(SSL_COMP)

diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c
index ccd006d5214a64110715c2364e776d2d8dcf7ce2..fa254bc4761992f959c435086934bae55b9ea542 100644 (file)
--- a/postfix/src/tls/tls_dane.c
+++ b/postfix/src/tls/tls_dane.c
@@ -547,7 +547,7 @@ static void ta_cert_insert(TLS_DANE *d, X509 *x)
 {
     TLS_CERTS *new = (TLS_CERTS *) mymalloc(sizeof(*new));
 
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+    X509_up_ref(x);
     new->cert = x;
     new->next = d->certs;
     d->certs = new;
@@ -1402,12 +1402,8 @@ int     tls_dane_match(TLS_SESS_STATE *TLScontext, int usage,
 
 static int push_ext(X509 *cert, X509_EXTENSION *ext)
 {
-    x509_extension_stack_t *exts;
-
     if (ext) {
-       if ((exts = cert->cert_info->extensions) == 0)
-           exts = cert->cert_info->extensions = sk_X509_EXTENSION_new_null();
-       if (exts && sk_X509_EXTENSION_push(exts, ext))
+       if (X509_add_ext(cert, ext, -1))
            return 1;
        X509_EXTENSION_free(ext);
     }
@@ -1538,7 +1534,7 @@ static void grow_chain(TLS_SESS_STATE *TLScontext, int trusted, X509 *cert)
     if (cert) {
        if (trusted && !X509_add1_trust_object(cert, serverAuth))
            msg_fatal("out of memory");
-       CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+       X509_up_ref(cert);
        if (!sk_X509_push(*xs, cert))
            msg_fatal("out of memory");
     }

diff --git a/postfix/src/tls/tls_verify.c b/postfix/src/tls/tls_verify.c
index cbaae83ccdbd8156604547e0753193171e1b5469..42bfc1033a96ad5095a8ea0326d3a245d6b35c2f 100644 (file)
--- a/postfix/src/tls/tls_verify.c
+++ b/postfix/src/tls/tls_verify.c
@@ -138,7 +138,7 @@ static void update_error_state(TLS_SESS_STATE *TLScontext, int depth,
     if (TLScontext->errorcert != 0)
        X509_free(TLScontext->errorcert);
     if (errorcert != 0)
-       CRYPTO_add(&errorcert->references, 1, CRYPTO_LOCK_X509);
+       X509_up_ref(errorcert);
     TLScontext->errorcert = errorcert;
     TLScontext->errorcode = errorcode;
     TLScontext->errordepth = depth;