INN commit: branches/2.6/nnrpd (tls.c)
INN Commit
rra at isc.org
Thu May 5 12:51:25 UTC 2016
Date: Thursday, May 5, 2016 @ 05:51:24
Author: iulius
Revision: 10024
Fix build with OpenSSL 1.1.0 - a few X509_xxx types are now opaque
Check that the current certificate returned by
X509_STORE_CTX_get_current_cert() is not NULL. In the switch part,
err_cert is not NULL though because otherwise the error would have been
different than X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT.
Modified:
branches/2.6/nnrpd/tls.c
-------+
tls.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
Modified: tls.c
===================================================================
--- tls.c 2016-05-05 12:50:56 UTC (rev 10023)
+++ tls.c 2016-05-05 12:51:24 UTC (rev 10024)
@@ -244,9 +244,13 @@
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
- X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
- if ((tls_serveractive) && (tls_loglevel >= 1))
- Printf("Peer cert verify depth=%d %s", depth, buf);
+ if (err_cert != NULL) {
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
+ if ((tls_serveractive) && (tls_loglevel >= 1)) {
+ Printf("Peer cert verify depth=%d %s", depth, buf);
+ }
+ }
+
if (ok==0)
{
syslog(L_NOTICE, "verify error:num=%d:%s", err,
@@ -260,9 +264,10 @@
verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
}
}
- switch (ctx->error) {
+
+ switch (err) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, sizeof(buf));
+ X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof(buf));
syslog(L_NOTICE, "issuer= %s", buf);
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
More information about the inn-committers
mailing list