summaryrefslogtreecommitdiffstats
path: root/tdeio/kssl/ksslcertchain.cc
diff options
context:
space:
mode:
authorSlávek Banko <slavek.banko@axis.cz>2017-01-01 19:35:39 +0100
committerSlávek Banko <slavek.banko@axis.cz>2017-01-01 19:41:30 +0100
commitb8802de2c09b31fce7717a500cd5ffe8bada1b27 (patch)
tree09883851645f923083be5b862eacde360446f727 /tdeio/kssl/ksslcertchain.cc
parent855198315f7a52466fa51368fbd703815cbab429 (diff)
downloadtdelibs-b8802de2c09b31fce7717a500cd5ffe8bada1b27.tar.gz
tdelibs-b8802de2c09b31fce7717a500cd5ffe8bada1b27.zip
Added support for OpenSSL 1.1
Some KOpenSSLProxy methods have been renamed to be consistent with OpenSSL 1.1 API names and to prevent hidden API changes. To ensure API / ABI compatibility, the original methods are still included but have been marked as deprecated. + SSLv23_client_method => TLS_client_method + X509_STORE_CTX_set_chain => X509_STORE_CTX_set0_untrusted + sk_dup => OPENSSL_sk_dup + sk_free => OPENSSL_sk_free + sk_new => OPENSSL_sk_new + sk_num => OPENSSL_sk_num + sk_pop => OPENSSL_sk_pop + sk_push => OPENSSL_sk_push + sk_value => OPENSSL_sk_value Additional methods have been added to KOpenSSLProxy to support the new OpenSSL 1.1 API functions that provide access to the (now) opaque SSL structures. Compatibility with OpenSSL < 1.1 is handled internally in KOpenSSLProxy. + BIO_get_data + DSA_get0_key + DSA_get0_pqg + EVP_PKEY_base_id + EVP_PKEY_get0_DSA + EVP_PKEY_get0_RSA + RSA_get0_key + X509_CRL_get0_lastUpdate + X509_CRL_get0_nextUpdate + X509_OBJECT_get0_X509 + X509_OBJECT_get_type + X509_STORE_CTX_get_current_cert + X509_STORE_CTX_get_error + X509_STORE_CTX_get_error_depth + X509_STORE_CTX_set_error + X509_STORE_get0_objects + X509_STORE_set_verify_cb + X509_get0_signature + X509_getm_notAfter + X509_getm_notBefore + X509_subject_name_cmp + _SSL_session_reused + _SSL_set_options Method "KSSL::setSession" has been renamed to "KSSL::takeSession" and its functionality has changed: the session is now transferred from the argument object to the invoked object. Since it is only used internally in TDE and the functionality is different, the method with the previous name has not been preserved. Signed-off-by: Slávek Banko <slavek.banko@axis.cz> Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it> (cherry picked from commit e1861cb6811f7bac405ece204407ca46c000a453)
Diffstat (limited to 'tdeio/kssl/ksslcertchain.cc')
-rw-r--r--tdeio/kssl/ksslcertchain.cc74
1 files changed, 26 insertions, 48 deletions
diff --git a/tdeio/kssl/ksslcertchain.cc b/tdeio/kssl/ksslcertchain.cc
index a401aec3d..4f14e4be1 100644
--- a/tdeio/kssl/ksslcertchain.cc
+++ b/tdeio/kssl/ksslcertchain.cc
@@ -44,17 +44,6 @@
#include <tqstringlist.h>
-
-#ifdef KSSL_HAVE_SSL
-#define sk_new d->kossl->sk_new
-#define sk_push d->kossl->sk_push
-#define sk_free d->kossl->sk_free
-#define sk_value d->kossl->sk_value
-#define sk_num d->kossl->sk_num
-#define sk_dup d->kossl->sk_dup
-#define sk_pop d->kossl->sk_pop
-#endif
-
class KSSLCertChainPrivate {
public:
KSSLCertChainPrivate() {
@@ -79,11 +68,11 @@ KSSLCertChain::~KSSLCertChain() {
STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
for (;;) {
- X509* x5 = sk_X509_pop(x);
+ X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(x));
if (!x5) break;
d->kossl->X509_free(x5);
}
- sk_X509_free(x);
+ d->kossl->OPENSSL_sk_free(x);
}
#endif
delete d;
@@ -107,7 +96,7 @@ return x;
int KSSLCertChain::depth() {
#ifdef KSSL_HAVE_SSL
- return sk_X509_num((STACK_OF(X509)*)_chain);
+ return d->kossl->OPENSSL_sk_num((STACK_OF(X509)*)_chain);
#endif
return 0;
}
@@ -119,8 +108,8 @@ if (!_chain) return cl;
#ifdef KSSL_HAVE_SSL
STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
- for (int i = 0; i < sk_X509_num(x); i++) {
- X509* x5 = sk_X509_value(x, i);
+ for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) {
+ X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_value(x, i));
if (!x5) continue;
KSSLCertificate *nc = new KSSLCertificate;
nc->setCert(d->kossl->X509_dup(x5));
@@ -138,18 +127,18 @@ if (_chain) {
STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
for (;;) {
- X509* x5 = sk_X509_pop(x);
+ X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(x));
if (!x5) break;
d->kossl->X509_free(x5);
}
- sk_X509_free(x);
+ d->kossl->OPENSSL_sk_free(x);
_chain = NULL;
}
if (chain.count() == 0) return;
- _chain = (void *)sk_new(NULL);
+ _chain = reinterpret_cast<STACK_OF(X509)*>(d->kossl->OPENSSL_sk_new(NULL));
for (KSSLCertificate *x = chain.first(); x != 0; x = chain.next()) {
- sk_X509_push((STACK_OF(X509)*)_chain, d->kossl->X509_dup(x->getCert()));
+ d->kossl->OPENSSL_sk_push((STACK_OF(X509) *)_chain, d->kossl->X509_dup(x->getCert()));
}
#endif
@@ -158,31 +147,31 @@ if (_chain) {
void KSSLCertChain::setChain(void *stack_of_x509) {
#ifdef KSSL_HAVE_SSL
-if (_chain) {
- STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
-
- for (;;) {
- X509* x5 = sk_X509_pop(x);
- if (!x5) break;
- d->kossl->X509_free(x5);
+ if (_chain) {
+ STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
+
+ for (;;) {
+ X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(x));
+ if (!x5) break;
+ d->kossl->X509_free(x5);
+ }
+ d->kossl->OPENSSL_sk_free(x);
+ _chain = NULL;
}
- sk_X509_free(x);
- _chain = NULL;
-}
-if (!stack_of_x509) return;
+ if (!stack_of_x509) return;
-_chain = (void *)sk_new(NULL);
-STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509;
+ _chain = reinterpret_cast<STACK_OF(X509)*>(d->kossl->OPENSSL_sk_new(NULL));
+ STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509;
- for (int i = 0; i < sk_X509_num(x); i++) {
- X509* x5 = sk_X509_value(x, i);
+ for (int i = 0; i < d->kossl->OPENSSL_sk_num(x); i++) {
+ X509* x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_value(x, i));
if (!x5) continue;
- sk_X509_push((STACK_OF(X509)*)_chain,d->kossl->X509_dup(x5));
+ d->kossl->OPENSSL_sk_push((STACK_OF(X509)*)_chain,d->kossl->X509_dup(x5));
}
#else
-_chain = NULL;
+ _chain = NULL;
#endif
}
@@ -203,14 +192,3 @@ void KSSLCertChain::setCertChain(const TQStringList& chain) {
setChain(cl);
}
-
-#ifdef KSSL_HAVE_SSL
-#undef sk_new
-#undef sk_push
-#undef sk_free
-#undef sk_value
-#undef sk_num
-#undef sk_dup
-#undef sk_pop
-#endif
-