From: Viktor Dukhovni Date: Sat, 20 Aug 2016 04:13:43 +0000 (-0400) Subject: Bitrot: More OpenSSL 1.1.0 API constification X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fbitrot211;p=thirdparty%2Fpostfix.git Bitrot: More OpenSSL 1.1.0 API constification The accessors for ASN1_STRING and X509 before/after dates have new names and now return const data. Deal with the fallout. --- diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h index 0079dc316..a0d923512 100644 --- a/postfix/src/tls/tls.h +++ b/postfix/src/tls/tls.h @@ -94,6 +94,9 @@ extern const NAME_CODE tls_level_table[]; #define X509_STORE_CTX_get0_untrusted(ctx) ((ctx)->untrusted) #define X509_STORE_CTX_set0_untrusted X509_STORE_CTX_set_chain #define X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_trusted_stack +#define ASN1_STRING_get0_data ASN1_STRING_data +#define X509_getm_notBefore X509_get_notBefore +#define X509_getm_notAfter X509_get_notAfter #endif /* SSL_CIPHER_get_name() got constified in 0.9.7g */ diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c index 4038c70f7..88237483e 100644 --- a/postfix/src/tls/tls_dane.c +++ b/postfix/src/tls/tls_dane.c @@ -1461,7 +1461,7 @@ static int add_akid(X509 *cert, AUTHORITY_KEYID *akid) * self-signature checks! */ id = ((akid && akid->keyid) ? akid->keyid : 0); - if (id && ASN1_STRING_length(id) == 1 && *ASN1_STRING_data(id) == c) + if (id && ASN1_STRING_length(id) == 1 && *ASN1_STRING_get0_data(id) == c) c = 1; if ((akid = AUTHORITY_KEYID_new()) != 0 @@ -1579,10 +1579,10 @@ static void wrap_key(TLS_SESS_STATE *TLScontext, int depth, */ if (!X509_set_version(cert, 2) || !set_serial(cert, akid, subject) - || !X509_set_subject_name(cert, name) || !set_issuer_name(cert, akid) - || !X509_gmtime_adj(X509_get_notBefore(cert), -30 * 86400L) - || !X509_gmtime_adj(X509_get_notAfter(cert), 30 * 86400L) + || !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L) + || !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L) + || !X509_set_subject_name(cert, name) || !X509_set_pubkey(cert, key ? key : signkey) || !add_ext(0, cert, NID_basic_constraints, "CA:TRUE") || (key && !add_akid(cert, akid)) diff --git a/postfix/src/tls/tls_verify.c b/postfix/src/tls/tls_verify.c index 42bfc1033..87af0c6f7 100644 --- a/postfix/src/tls/tls_verify.c +++ b/postfix/src/tls/tls_verify.c @@ -440,7 +440,7 @@ const char *tls_dns_name(const GENERAL_NAME * gn, /* * Safe to treat as an ASCII string possibly holding a DNS name */ - dnsname = (char *) ASN1_STRING_data(gn->d.ia5); + dnsname = (const char *) ASN1_STRING_get0_data(gn->d.ia5); len = ASN1_STRING_length(gn->d.ia5); TRIM0(dnsname, len);