Module: kamailio Branch: 4.4 Commit: 0f2a129e4f1790f8d6502ac224b480d60126fb09 URL: https://github.com/kamailio/kamailio/commit/0f2a129e4f1790f8d6502ac224b480d… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Victor Seva &lt;linuxmaniac(a)torreviejawireless.org&gt; Date: 2016-10-27T16:34:27+02:00 auth_identity: switched to use pointer of X509_STORE_CTX - starting with libssl 1.1.0 the size of X509_STORE_CTX is not known at compile time, throwing error: error: storage size of 'ca_ctx' isn't known X509_STORE_CTX ca_ctx; - reported by Victor Seva, GH #685 (cherry picked from commit 46f0f1c0f492c45c1b1bbcfd4a0cc63eb56480ea) --- Modified: modules/auth_identity/auth_crypt.c --- Diff: https://github.com/kamailio/kamailio/commit/0f2a129e4f1790f8d6502ac224b480d… Patch: https://github.com/kamailio/kamailio/commit/0f2a129e4f1790f8d6502ac224b480d… --- diff --git a/modules/auth_identity/auth_crypt.c b/modules/auth_identity/auth_crypt.c index de5b03d..dbb0957 100644 --- a/modules/auth_identity/auth_crypt.c +++ b/modules/auth_identity/auth_crypt.c @@ -37,6 +37,7 @@ #include <openssl/sha.h> #include <openssl/x509.h> #include <openssl/x509v3.h> +#include <openssl/crypto.h> #include <openssl/x509_vfy.h> #include "../../mem/mem.h" @@ -115,7 +116,7 @@ int check_x509_subj(X509 *pcert, str* sdom) if (actname->type == GEN_DNS || actname->type == GEN_URI) { /* we've found one */ - altptr = (char *)ASN1_STRING_data(actname->d.ia5); + altptr = (char *)ASN1_STRING_get0_data(actname->d.ia5); if (actname->type == GEN_URI) { if (parse_uri(altptr, strlen(altptr), &suri) != 0) { continue; @@ -163,22 +164,30 @@ int check_x509_subj(X509 *pcert, str* sdom) int verify_x509(X509 *pcert, X509_STORE *pcacerts) { - X509_STORE_CTX ca_ctx; + X509_STORE_CTX *ca_ctx = NULL; char *strerr; + ca_ctx = X509_STORE_CTX_new(); + if(ca_ctx==NULL) { + LM_ERR("cannot get a x509 context\n"); + return -1; + } - if (X509_STORE_CTX_init(&ca_ctx, pcacerts, pcert, NULL) != 1) { + if (X509_STORE_CTX_init(ca_ctx, pcacerts, pcert, NULL) != 1) { LOG(L_ERR, "AUTH_IDENTITY:verify_x509: Unable to init X509 store ctx\n"); + X509_STORE_CTX_free(ca_ctx); return -1; } - if (X509_verify_cert(&ca_ctx) != 1) { - strerr = (char *) X509_verify_cert_error_string(ca_ctx.error); + if (X509_verify_cert(ca_ctx) != 1) { + strerr = (char *)X509_verify_cert_error_string(X509_STORE_CTX_get_error(ca_ctx)); LOG(L_ERR, "AUTH_IDENTITY VERIFIER: Certificate verification error: %s\n", strerr); - X509_STORE_CTX_cleanup(&ca_ctx); + X509_STORE_CTX_cleanup(ca_ctx); + X509_STORE_CTX_free(ca_ctx); return -2; } - X509_STORE_CTX_cleanup(&ca_ctx); + X509_STORE_CTX_cleanup(ca_ctx); + X509_STORE_CTX_free(ca_ctx); LOG(AUTH_DBG_LEVEL, "AUTH_IDENTITY VERIFIER: Certificate is valid\n");