summaryrefslogtreecommitdiffstats
path: root/tdeio/kssl/ksslcertificate.cc
diff options
context:
space:
mode:
Diffstat (limited to 'tdeio/kssl/ksslcertificate.cc')
-rw-r--r--tdeio/kssl/ksslcertificate.cc104
1 files changed, 64 insertions, 40 deletions
diff --git a/tdeio/kssl/ksslcertificate.cc b/tdeio/kssl/ksslcertificate.cc
index 2b7bed2bb..2df78fef7 100644
--- a/tdeio/kssl/ksslcertificate.cc
+++ b/tdeio/kssl/ksslcertificate.cc
@@ -198,7 +198,7 @@ TQString rc = "";
if (!t)
return rc;
rc = t;
- d->kossl->OPENSSL_free(t);
+ d->kossl->CRYPTO_free(t);
#endif
return rc;
}
@@ -225,14 +225,17 @@ TQString rc = "";
char *s;
int n, i;
- i = d->kossl->OBJ_obj2nid(d->m_cert->sig_alg->algorithm);
+ const ASN1_BIT_STRING *signature = 0L;
+ const X509_ALGOR *sig_alg = 0L;
+ d->kossl->X509_get0_signature(&signature, &sig_alg, d->m_cert);
+ i = d->kossl->OBJ_obj2nid(sig_alg->algorithm);
rc = i18n("Signature Algorithm: ");
rc += (i == NID_undef)?i18n("Unknown"):TQString(d->kossl->OBJ_nid2ln(i));
rc += "\n";
rc += i18n("Signature Contents:");
- n = d->m_cert->signature->length;
- s = (char *)d->m_cert->signature->data;
+ n = signature->length;
+ s = (char *)signature->data;
for (i = 0; i < n; i++) {
if (i%20 != 0) rc += ":";
else rc += "\n";
@@ -254,8 +257,8 @@ void KSSLCertificate::getEmails(TQStringList &to) const {
STACK *s = d->kossl->X509_get1_email(d->m_cert);
if (s) {
- for(int n=0; n < s->num; n++) {
- to.append(d->kossl->sk_value(s,n));
+ for(int n=0; n < d->kossl->OPENSSL_sk_num(s); n++) {
+ to.append(d->kossl->OPENSSL_sk_value(s,n));
}
d->kossl->X509_email_free(s);
}
@@ -336,12 +339,12 @@ TQString rc = "";
EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert);
if (pkey) {
#ifndef NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
+ if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA)
rc = "RSA";
else
#endif
#ifndef NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
+ if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA)
rc = "DSA";
else
#endif
@@ -364,10 +367,14 @@ char *x = NULL;
if (pkey) {
rc = i18n("Unknown", "Unknown key algorithm");
#ifndef NO_RSA
- if (pkey->type == EVP_PKEY_RSA) {
+ if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) {
rc = i18n("Key type: RSA (%1 bit)") + "\n";
- x = d->kossl->BN_bn2hex(pkey->pkey.rsa->n);
+ RSA *pkey_rsa = d->kossl->EVP_PKEY_get0_RSA(pkey);
+ const BIGNUM *bn_n = 0L;
+ const BIGNUM *bn_e = 0L;
+ d->kossl->RSA_get0_key(pkey_rsa, &bn_n, &bn_e, NULL);
+ x = d->kossl->BN_bn2hex(bn_n);
rc += i18n("Modulus: ");
rc = rc.arg(strlen(x)*4);
for (unsigned int i = 0; i < strlen(x); i++) {
@@ -378,18 +385,26 @@ char *x = NULL;
rc += x[i];
}
rc += "\n";
- d->kossl->OPENSSL_free(x);
+ d->kossl->CRYPTO_free(x);
- x = d->kossl->BN_bn2hex(pkey->pkey.rsa->e);
+ x = d->kossl->BN_bn2hex(bn_e);
rc += i18n("Exponent: 0x") + x + "\n";
- d->kossl->OPENSSL_free(x);
+ d->kossl->CRYPTO_free(x);
}
#endif
#ifndef NO_DSA
- if (pkey->type == EVP_PKEY_DSA) {
+ if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) {
rc = i18n("Key type: DSA (%1 bit)") + "\n";
- x = d->kossl->BN_bn2hex(pkey->pkey.dsa->p);
+ DSA *pkey_dsa = d->kossl->EVP_PKEY_get0_DSA(pkey);
+ const BIGNUM *bn_p = 0L;
+ const BIGNUM *bn_q = 0L;
+ const BIGNUM *bn_g = 0L;
+ const BIGNUM *bn_pub_key = 0L;
+ d->kossl->DSA_get0_pqg(pkey_dsa, &bn_p, &bn_q, &bn_g);
+ d->kossl->DSA_get0_key(pkey_dsa, &bn_pub_key, NULL);
+
+ x = d->kossl->BN_bn2hex(bn_p);
rc += i18n("Prime: ");
// hack - this may not be always accurate
rc = rc.arg(strlen(x)*4) ;
@@ -401,9 +416,9 @@ char *x = NULL;
rc += x[i];
}
rc += "\n";
- d->kossl->OPENSSL_free(x);
+ d->kossl->CRYPTO_free(x);
- x = d->kossl->BN_bn2hex(pkey->pkey.dsa->q);
+ x = d->kossl->BN_bn2hex(bn_q);
rc += i18n("160 bit prime factor: ");
for (unsigned int i = 0; i < strlen(x); i++) {
if (i%40 != 0 && i%2 == 0)
@@ -413,9 +428,9 @@ char *x = NULL;
rc += x[i];
}
rc += "\n";
- d->kossl->OPENSSL_free(x);
+ d->kossl->CRYPTO_free(x);
- x = d->kossl->BN_bn2hex(pkey->pkey.dsa->g);
+ x = d->kossl->BN_bn2hex(bn_g);
rc += TQString("g: ");
for (unsigned int i = 0; i < strlen(x); i++) {
if (i%40 != 0 && i%2 == 0)
@@ -425,9 +440,9 @@ char *x = NULL;
rc += x[i];
}
rc += "\n";
- d->kossl->OPENSSL_free(x);
+ d->kossl->CRYPTO_free(x);
- x = d->kossl->BN_bn2hex(pkey->pkey.dsa->pub_key);
+ x = d->kossl->BN_bn2hex(bn_pub_key);
rc += i18n("Public key: ");
for (unsigned int i = 0; i < strlen(x); i++) {
if (i%40 != 0 && i%2 == 0)
@@ -437,7 +452,7 @@ char *x = NULL;
rc += x[i];
}
rc += "\n";
- d->kossl->OPENSSL_free(x);
+ d->kossl->CRYPTO_free(x);
}
#endif
d->kossl->EVP_PKEY_free(pkey);
@@ -459,7 +474,7 @@ TQString rc = "";
return rc;
rc = t;
- d->kossl->OPENSSL_free(t);
+ d->kossl->CRYPTO_free(t);
#endif
return rc;
@@ -696,7 +711,7 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi
return errors;
}
- X509_STORE_set_verify_cb_func(certStore, X509Callback);
+ d->kossl->X509_STORE_set_verify_cb(certStore, X509Callback);
certLookup = d->kossl->X509_STORE_add_lookup(certStore, d->kossl->X509_LOOKUP_file());
if (!certLookup) {
@@ -727,7 +742,7 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi
d->kossl->X509_STORE_CTX_init(certStoreCTX, certStore, d->m_cert, NULL);
if (d->_chain.isValid()) {
- d->kossl->X509_STORE_CTX_set_chain(certStoreCTX, (STACK_OF(X509)*)d->_chain.rawChain());
+ d->kossl->X509_STORE_CTX_set0_untrusted(certStoreCTX, (STACK_OF(X509)*)d->_chain.rawChain());
}
//kdDebug(7029) << "KSSL setting CRL.............." << endl;
@@ -738,9 +753,9 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi
KSSL_X509CallBack_ca = ca ? ca->d->m_cert : 0;
KSSL_X509CallBack_ca_found = false;
- certStoreCTX->error = X509_V_OK;
+ d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK);
d->kossl->X509_verify_cert(certStoreCTX);
- int errcode = certStoreCTX->error;
+ int errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX);
if (ca && !KSSL_X509CallBack_ca_found) {
ksslv = KSSLCertificate::Irrelevant;
} else {
@@ -753,9 +768,9 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi
d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX,
X509_PURPOSE_NS_SSL_SERVER);
- certStoreCTX->error = X509_V_OK;
+ d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK);
d->kossl->X509_verify_cert(certStoreCTX);
- errcode = certStoreCTX->error;
+ errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX);
ksslv = processError(errcode);
}
d->kossl->X509_STORE_CTX_free(certStoreCTX);
@@ -888,7 +903,7 @@ return rc;
TQString KSSLCertificate::getNotBefore() const {
#ifdef KSSL_HAVE_SSL
-return ASN1_UTCTIME_QString(X509_get_notBefore(d->m_cert));
+return ASN1_UTCTIME_QString(d->kossl->X509_getm_notBefore(d->m_cert));
#else
return TQString::null;
#endif
@@ -897,7 +912,7 @@ return TQString::null;
TQString KSSLCertificate::getNotAfter() const {
#ifdef KSSL_HAVE_SSL
-return ASN1_UTCTIME_QString(X509_get_notAfter(d->m_cert));
+return ASN1_UTCTIME_QString(d->kossl->X509_getm_notAfter(d->m_cert));
#else
return TQString::null;
#endif
@@ -906,7 +921,7 @@ return TQString::null;
TQDateTime KSSLCertificate::getQDTNotBefore() const {
#ifdef KSSL_HAVE_SSL
-return ASN1_UTCTIME_QDateTime(X509_get_notBefore(d->m_cert), NULL);
+return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notBefore(d->m_cert), NULL);
#else
return TQDateTime::currentDateTime();
#endif
@@ -915,7 +930,7 @@ return TQDateTime::currentDateTime();
TQDateTime KSSLCertificate::getQDTNotAfter() const {
#ifdef KSSL_HAVE_SSL
-return ASN1_UTCTIME_QDateTime(X509_get_notAfter(d->m_cert), NULL);
+return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notAfter(d->m_cert), NULL);
#else
return TQDateTime::currentDateTime();
#endif
@@ -924,7 +939,7 @@ return TQDateTime::currentDateTime();
TQDateTime KSSLCertificate::getQDTLastUpdate() const {
#ifdef KSSL_HAVE_SSL
-return ASN1_UTCTIME_QDateTime(X509_CRL_get_lastUpdate(d->m_cert_crl), NULL);
+return ASN1_UTCTIME_QDateTime((ASN1_UTCTIME*)d->kossl->X509_CRL_get0_lastUpdate(d->m_cert_crl), NULL);
#else
return TQDateTime::currentDateTime();
#endif
@@ -933,7 +948,7 @@ return TQDateTime::currentDateTime();
TQDateTime KSSLCertificate::getQDTNextUpdate() const {
#ifdef KSSL_HAVE_SSL
-return ASN1_UTCTIME_QDateTime(X509_CRL_get_nextUpdate(d->m_cert_crl), NULL);
+return ASN1_UTCTIME_QDateTime((ASN1_UTCTIME*)d->kossl->X509_CRL_get0_nextUpdate(d->m_cert_crl), NULL);
#else
return TQDateTime::currentDateTime();
#endif
@@ -1053,6 +1068,15 @@ return qba;
#define NETSCAPE_CERT_HDR "certificate"
+#ifdef KSSL_HAVE_SSL
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+typedef struct NETSCAPE_X509_st
+{
+ ASN1_OCTET_STRING *header;
+ X509 *cert;
+} NETSCAPE_X509;
+#endif
+#endif
// what a piece of crap this is
TQByteArray KSSLCertificate::toNetscape() {
@@ -1062,8 +1086,8 @@ TQByteArray qba;
NETSCAPE_X509 nx;
ASN1_OCTET_STRING hdr;
#else
- ASN1_HEADER ah;
- ASN1_OCTET_STRING os;
+ ASN1_HEADER ah;
+ ASN1_OCTET_STRING os;
#endif
KTempFile ktf;
@@ -1159,10 +1183,10 @@ TQStringList KSSLCertificate::subjAltNames() const {
return rc;
}
- int cnt = d->kossl->sk_GENERAL_NAME_num(names);
+ int cnt = d->kossl->OPENSSL_sk_num(names);
for (int i = 0; i < cnt; i++) {
- const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->sk_value(names, i);
+ const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->OPENSSL_sk_value(names, i);
if (val->type != GEN_DNS) {
continue;
}
@@ -1174,7 +1198,7 @@ TQStringList KSSLCertificate::subjAltNames() const {
rc += s;
}
}
- d->kossl->sk_free(names);
+ d->kossl->OPENSSL_sk_free(names);
#endif
return rc;
}
generated by cgit v1.2.1 (git 2.18.0) at 2024-12-29 05:06:32 +0000