From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 3 May 2016 17:14:48 +0000 (-0400)
Subject: Add k5tls support for OpenSSL 1.1.0
X-Git-Tag: krb5-1.15-beta1~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6de7390454d48f69dac88ada2c67e2835fed965;p=thirdparty%2Fkrb5.git

Add k5tls support for OpenSSL 1.1.0

OpenSSL 1.1 makes the X509 type opaque and removes the M_ASN1_*
macros.  Adjust the k5tls OpenSSL implementation accordingly.

ticket: 8398
---

diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
index c9d270bea3..822632c90e 100644
--- a/src/plugins/tls/k5tls/openssl.c
+++ b/src/plugins/tls/k5tls/openssl.c
@@ -181,13 +181,13 @@ check_cert_address(X509 *x, const char *text)
     struct in6_addr sin6;
 
     /* Parse the IP address into an octet string. */
-    ip = M_ASN1_OCTET_STRING_new();
+    ip = ASN1_OCTET_STRING_new();
     if (ip == NULL)
         return FALSE;
     if (inet_pton(AF_INET, text, &sin)) {
-        M_ASN1_OCTET_STRING_set(ip, &sin, sizeof(sin));
+        ASN1_OCTET_STRING_set(ip, (unsigned char *)&sin, sizeof(sin));
     } else if (inet_pton(AF_INET6, text, &sin6)) {
-        M_ASN1_OCTET_STRING_set(ip, &sin6, sizeof(sin6));
+        ASN1_OCTET_STRING_set(ip, (unsigned char *)&sin6, sizeof(sin6));
     } else {
         ASN1_OCTET_STRING_free(ip);
         return FALSE;
@@ -317,7 +317,7 @@ verify_callback(int preverify_ok, X509_STORE_CTX *store_ctx)
     if (err != X509_V_OK) {
         bio = BIO_new(BIO_s_mem());
         if (bio != NULL) {
-            X509_NAME_print_ex(bio, x->cert_info->subject, 0, 0);
+            X509_NAME_print_ex(bio, X509_get_subject_name(x), 0, 0);
             count = BIO_get_mem_data(bio, &cert);
             errstr = X509_verify_cert_error_string(err);
             TRACE_TLS_CERT_ERROR(context, depth, count, cert, err, errstr);