From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Fri, 18 Nov 2016 18:08:49 +0000 (+0200)
Subject: Do not try to access private OpenSSL structs
X-Git-Tag: release_3_0_13~92^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1e139b554c19dd88a1d904144b3eae243d41eee;p=thirdparty%2Ffreeradius-server.git

Do not try to access private OpenSSL structs

Some more OpenSSL structures were made private in v1.1 and accessor
functions were added instead. Switch to using accessor functions to fix
the build.
---

diff --git a/src/main/tls.c b/src/main/tls.c
index 5e3457d6060..dfdb259a6e1 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1911,7 +1911,6 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 	char		cn_str[1024];
 	char		buf[64];
 	X509		*client_cert;
-	X509_CINF	*client_inf;
 	STACK_OF(X509_EXTENSION) *ext_list;
 	SSL		*ssl;
 	int		err, depth, lookup, loc;
@@ -2017,7 +2016,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 		rdebug_pair(L_DBG_LVL_2, request, vp, NULL);
 	}
 
-	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer,
+	X509_NAME_oneline(X509_get_issuer_name(client_cert), issuer,
 			  sizeof(issuer));
 	issuer[sizeof(issuer) - 1] = '\0';
 	if (certs && identity && (lookup <= 1) && issuer[0]) {
@@ -2110,8 +2109,13 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 	}
 
 	if (lookup == 0) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		ext_list = X509_get0_extensions(client_cert);
+#else
+		X509_CINF	*client_inf;
 		client_inf = client_cert->cert_info;
 		ext_list = client_inf->extensions;
+#endif
 	} else {
 		ext_list = NULL;
 	}
@@ -2171,7 +2175,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 
 	REXDENT();
 
-	switch (ctx->error) {
+	switch (X509_STORE_CTX_get_error(ctx)) {
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
 		RERROR("issuer=%s", issuer);
 		break;
diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c
index 63de855246a..549183e4c50 100644
--- a/src/modules/rlm_eap/libeap/mppe_keys.c
+++ b/src/modules/rlm_eap/libeap/mppe_keys.c
@@ -266,9 +266,9 @@ void eap_fast_tls_gen_challenge(SSL *s, uint8_t *buffer, uint8_t *scratch, size_
 	p = seed;
 	memcpy(p, prf_label, len);
 	p += len;
-	memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+	SSL_get_server_random(s, p, SSL3_RANDOM_SIZE);
 	p += SSL3_RANDOM_SIZE;
-	memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+	SSL_get_client_random(s, p, SSL3_RANDOM_SIZE);
 	p += SSL3_RANDOM_SIZE;
 
 	master_key_len = SSL_SESSION_get_master_key(SSL_get_session(s), master_key, sizeof(master_key));