Hi, On Fri, Jan 13, 2017 at 12:12:50PM +0100, Christophe Fergeau wrote: > From: Sebastian Andrzej Siewior <sebastian@xxxxxxxxxxxxx> > > The latter is deprecated, so might be removed at some point in the > future. This also adds a compatibility wrapper for OpenSSL < 1.1.0. > > Signed-off-by: Sebastian Andrzej Siewior <sebastian@xxxxxxxxxxxxx> > --- > common/ssl_verify.c | 20 ++++++++++++++------ > 1 file changed, 14 insertions(+), 6 deletions(-) > > diff --git a/common/ssl_verify.c b/common/ssl_verify.c > index 601252e..b6a96a7 100644 > --- a/common/ssl_verify.c > +++ b/common/ssl_verify.c > @@ -33,6 +33,14 @@ > #include <string.h> > #include <gio/gio.h> > I would include a FIXME here, to require >= 1.1.0 in the future, just make it easier to track this. I don't have 1.1.0 here to test, but this matches the description at [0], so Acked-by: Victor Toso <victortoso@xxxxxxxxxx> [0] https://github.com/openssl/openssl/commit/17ebf85abda18c3875b1ba6670fe7b393bc1f297 > +#if OPENSSL_VERSION_NUMBER < 0x10100000 > + > +static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1) > +{ > + return M_ASN1_STRING_data(asn1); > +} > +#endif > + > static int verify_pubkey(X509* cert, const char *key, size_t key_size) > { > EVP_PKEY* cert_pubkey = NULL; > @@ -182,10 +190,10 @@ static int verify_hostname(X509* cert, const char *hostname) > const GENERAL_NAME* name = sk_GENERAL_NAME_value(subject_alt_names, i); > if (name->type == GEN_DNS) { > found_dns_name = 1; > - if (_gnutls_hostname_compare((char *)ASN1_STRING_data(name->d.dNSName), > + if (_gnutls_hostname_compare((const char *)ASN1_STRING_get0_data(name->d.dNSName), > ASN1_STRING_length(name->d.dNSName), > hostname)) { > - spice_debug("alt name match=%s", ASN1_STRING_data(name->d.dNSName)); > + spice_debug("alt name match=%s", ASN1_STRING_get0_data(name->d.dNSName)); > GENERAL_NAMES_free(subject_alt_names); > return 1; > } > @@ -208,11 +216,11 @@ static int verify_hostname(X509* cert, const char *hostname) > alt_ip_len = ASN1_STRING_length(name->d.iPAddress); > > if ((ip_len == alt_ip_len) && > - (memcmp(ASN1_STRING_data(name->d.iPAddress), ip_binary, ip_len)) == 0) { > + (memcmp(ASN1_STRING_get0_data(name->d.iPAddress), ip_binary, ip_len)) == 0) { > GInetAddress * alt_ip = NULL; > gchar * alt_ip_string = NULL; > > - alt_ip = g_inet_address_new_from_bytes(ASN1_STRING_data(name->d.iPAddress), > + alt_ip = g_inet_address_new_from_bytes(ASN1_STRING_get0_data(name->d.iPAddress), > g_inet_address_get_family(ip)); > alt_ip_string = g_inet_address_to_string(alt_ip); > spice_debug("alt name IP match=%s", alt_ip_string); > @@ -253,10 +261,10 @@ static int verify_hostname(X509* cert, const char *hostname) > continue; > } > > - if (_gnutls_hostname_compare((char*)ASN1_STRING_data(cn_asn1), > + if (_gnutls_hostname_compare((const char*)ASN1_STRING_get0_data(cn_asn1), > ASN1_STRING_length(cn_asn1), > hostname)) { > - spice_debug("common name match=%s", (char*)ASN1_STRING_data(cn_asn1)); > + spice_debug("common name match=%s", (char*)ASN1_STRING_get0_data(cn_asn1)); > cn_match = 1; > break; > } > -- > 2.9.3 > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/spice-devel
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel