BUILD/MINOR: ssl: Fix compilation with OpenSSL 1.0.2
The following functions used in CA/CRL file hot update were not defined
in OpenSSL 1.0.2 so they need to be defined in openssl-compat :
- X509_CRL_get_signature_nid
- X509_CRL_get0_lastUpdate
- X509_CRL_get0_nextUpdate
- X509_REVOKED_get0_serialNumber
- X509_REVOKED_get0_revocationDate
diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h
index 96a0bf3..8e1b94b 100644
--- a/include/haproxy/openssl-compat.h
+++ b/include/haproxy/openssl-compat.h
@@ -261,6 +261,31 @@
{
CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
}
+
+static inline int X509_CRL_get_signature_nid(const X509_CRL *crl)
+{
+ return OBJ_obj2nid(crl->sig_alg->algorithm);
+}
+
+static inline const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl)
+{
+ return X509_CRL_get_lastUpdate(crl);
+}
+
+static inline const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
+{
+ return X509_CRL_get_nextUpdate(crl);
+}
+
+static inline const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
+{
+ return x->serialNumber;
+}
+
+static inline const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
+{
+ return x->revocationDate;
+}
#endif
#if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) || (LIBRESSL_VERSION_NUMBER >= 0x2070200fL)
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index bbd83aa..f59c212 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -3327,7 +3327,7 @@
if (BIO_reset(bio) == -1)
goto end;
BIO_printf(bio , " Serial Number: ");
- i2a_ASN1_INTEGER(bio, X509_REVOKED_get0_serialNumber(rev_entry));
+ i2a_ASN1_INTEGER(bio, (ASN1_INTEGER*)X509_REVOKED_get0_serialNumber(rev_entry));
BIO_printf(bio, "\n Revocation Date: ");
ASN1_TIME_print(bio, X509_REVOKED_get0_revocationDate(rev_entry));
BIO_printf(bio, "\n");