From: Jouni Malinen <j@w1.fi>
Date: Fri, 15 Apr 2022 09:58:03 +0000 (+0300)
Subject: BoringSSL: Use accessor functions for X509 key usage flags
X-Git-Tag: hostap_2_11~2069
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=feed2f9e751ae650a36928886b56039baf29a604;p=thirdparty%2Fhostap.git

BoringSSL: Use accessor functions for X509 key usage flags

BoringSSL commit dddb60eb9700110835ff6e2b429de40a17006429 ("Make most of
crypto/x509 opaque.") broke the direct access to these variables, so use
the accessor functions instead.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/crypto/tls_openssl_ocsp.c b/src/crypto/tls_openssl_ocsp.c
index 12e975c39..2e0334b64 100644
--- a/src/crypto/tls_openssl_ocsp.c
+++ b/src/crypto/tls_openssl_ocsp.c
@@ -663,8 +663,8 @@ enum ocsp_result check_ocsp_resp(SSL_CTX *ssl_ctx, SSL *ssl, X509 *cert,
 
 	if (!signer_trusted) {
 		X509_check_purpose(signer, -1, 0);
-		if ((signer->ex_flags & EXFLAG_XKUSAGE) &&
-		    (signer->ex_xkusage & XKU_OCSP_SIGN)) {
+		if ((X509_get_extension_flags(signer) & EXFLAG_XKUSAGE) &&
+		    (X509_get_extended_key_usage(signer) & XKU_OCSP_SIGN)) {
 			wpa_printf(MSG_DEBUG,
 				   "OpenSSL: OCSP signer certificate delegation OK");
 		} else {