Module: kamailio
Branch: 4.4
Commit: 0f2a129e4f1790f8d6502ac224b480d60126fb09
URL:
https://github.com/kamailio/kamailio/commit/0f2a129e4f1790f8d6502ac224b480d…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org>
Date: 2016-10-27T16:34:27+02:00
auth_identity: switched to use pointer of X509_STORE_CTX
- starting with libssl 1.1.0 the size of X509_STORE_CTX is not known at
compile time, throwing error:
error: storage size of 'ca_ctx' isn't known
X509_STORE_CTX ca_ctx;
- reported by Victor Seva, GH #685
(cherry picked from commit 46f0f1c0f492c45c1b1bbcfd4a0cc63eb56480ea)
---
Modified: modules/auth_identity/auth_crypt.c
---
Diff:
https://github.com/kamailio/kamailio/commit/0f2a129e4f1790f8d6502ac224b480d…
Patch:
https://github.com/kamailio/kamailio/commit/0f2a129e4f1790f8d6502ac224b480d…
---
diff --git a/modules/auth_identity/auth_crypt.c b/modules/auth_identity/auth_crypt.c
index de5b03d..dbb0957 100644
--- a/modules/auth_identity/auth_crypt.c
+++ b/modules/auth_identity/auth_crypt.c
@@ -37,6 +37,7 @@
#include <openssl/sha.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+#include <openssl/crypto.h>
#include <openssl/x509_vfy.h>
#include "../../mem/mem.h"
@@ -115,7 +116,7 @@ int check_x509_subj(X509 *pcert, str* sdom)
if (actname->type == GEN_DNS || actname->type == GEN_URI) {
/* we've found one */
- altptr = (char *)ASN1_STRING_data(actname->d.ia5);
+ altptr = (char *)ASN1_STRING_get0_data(actname->d.ia5);
if (actname->type == GEN_URI) {
if (parse_uri(altptr, strlen(altptr), &suri) != 0) {
continue;
@@ -163,22 +164,30 @@ int check_x509_subj(X509 *pcert, str* sdom)
int verify_x509(X509 *pcert, X509_STORE *pcacerts)
{
- X509_STORE_CTX ca_ctx;
+ X509_STORE_CTX *ca_ctx = NULL;
char *strerr;
+ ca_ctx = X509_STORE_CTX_new();
+ if(ca_ctx==NULL) {
+ LM_ERR("cannot get a x509 context\n");
+ return -1;
+ }
- if (X509_STORE_CTX_init(&ca_ctx, pcacerts, pcert, NULL) != 1) {
+ if (X509_STORE_CTX_init(ca_ctx, pcacerts, pcert, NULL) != 1) {
LOG(L_ERR, "AUTH_IDENTITY:verify_x509: Unable to init X509 store ctx\n");
+ X509_STORE_CTX_free(ca_ctx);
return -1;
}
- if (X509_verify_cert(&ca_ctx) != 1) {
- strerr = (char *) X509_verify_cert_error_string(ca_ctx.error);
+ if (X509_verify_cert(ca_ctx) != 1) {
+ strerr = (char *)X509_verify_cert_error_string(X509_STORE_CTX_get_error(ca_ctx));
LOG(L_ERR, "AUTH_IDENTITY VERIFIER: Certificate verification error: %s\n",
strerr);
- X509_STORE_CTX_cleanup(&ca_ctx);
+ X509_STORE_CTX_cleanup(ca_ctx);
+ X509_STORE_CTX_free(ca_ctx);
return -2;
}
- X509_STORE_CTX_cleanup(&ca_ctx);
+ X509_STORE_CTX_cleanup(ca_ctx);
+ X509_STORE_CTX_free(ca_ctx);
LOG(AUTH_DBG_LEVEL, "AUTH_IDENTITY VERIFIER: Certificate is valid\n");