From 0daf1d9750b8e6f96f51261bbec87c5eb51c0598 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 16 Mar 2017 16:39:46 +0100
Subject: [PATCH] Port pkinit debug code to OpenSSL 1.1.0 API

[ghudson@mit.edu: added intermediate variables to simplify code]
---
 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 8bd8aa52a2..b583ff0f16 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -3572,12 +3572,14 @@ openssl_callback(int ok, X509_STORE_CTX * ctx)
 {
 #ifdef DEBUG
     if (!ok) {
+        X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
+        int err = X509_STORE_CTX_get_error(ctx);
+        const char *errmsg = X509_verify_cert_error_string(err);
         char buf[DN_BUF_LEN];
 
-        X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, sizeof(buf));
+        X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
         pkiDebug("cert = %s\n", buf);
-        pkiDebug("callback function: %d (%s)\n", ctx->error,
-                 X509_verify_cert_error_string(ctx->error));
+        pkiDebug("callback function: %d (%s)\n", err, errmsg);
     }
 #endif
     return ok;
-- 
2.47.2