You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
97 lines
4.1 KiB
97 lines
4.1 KiB
diff -up pegasus/src/Pegasus/Common/SSLContext.cpp.orig pegasus/src/Pegasus/Common/SSLContext.cpp
|
|
--- pegasus/src/Pegasus/Common/SSLContext.cpp.orig 2017-02-28 14:39:49.497066327 +0100
|
|
+++ pegasus/src/Pegasus/Common/SSLContext.cpp 2017-03-01 10:56:06.726453475 +0100
|
|
@@ -225,27 +225,31 @@ int SSLCallback::verificationCRLCallback
|
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, buf);
|
|
|
|
//initialize the CRL store
|
|
- X509_STORE_CTX crlStoreCtx;
|
|
- X509_STORE_CTX_init(&crlStoreCtx, sslCRLStore, NULL, NULL);
|
|
+ X509_STORE_CTX* crlStoreCtx;
|
|
+ crlStoreCtx = X509_STORE_CTX_new();
|
|
+ X509_STORE_CTX_init(crlStoreCtx, sslCRLStore, NULL, NULL);
|
|
|
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
|
|
"---> SSL: Initialized CRL store");
|
|
|
|
//attempt to get a CRL issued by the certificate's issuer
|
|
- X509_OBJECT obj;
|
|
+ X509_OBJECT* obj;
|
|
+ obj = X509_OBJECT_new();
|
|
if (X509_STORE_get_by_subject(
|
|
- &crlStoreCtx, X509_LU_CRL, issuerName, &obj) <= 0)
|
|
+ crlStoreCtx, X509_LU_CRL, issuerName, obj) <= 0)
|
|
{
|
|
- X509_STORE_CTX_cleanup(&crlStoreCtx);
|
|
+ X509_OBJECT_free(obj);
|
|
+ X509_STORE_CTX_cleanup(crlStoreCtx);
|
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3,
|
|
"---> SSL: No CRL by that issuer");
|
|
PEG_METHOD_EXIT();
|
|
return 0;
|
|
}
|
|
- X509_STORE_CTX_cleanup(&crlStoreCtx);
|
|
+ X509_STORE_CTX_cleanup(crlStoreCtx);
|
|
|
|
//get CRL
|
|
- X509_CRL* crl = obj.data.crl;
|
|
+ X509_CRL* crl;
|
|
+ crl = X509_OBJECT_get0_X509_CRL(obj);
|
|
if (crl == NULL)
|
|
{
|
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL is null");
|
|
@@ -272,18 +276,18 @@ int SSLCallback::verificationCRLCallback
|
|
{
|
|
revokedCert = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
|
|
//a matching serial number indicates revocation
|
|
- if (ASN1_INTEGER_cmp(revokedCert->serialNumber, serialNumber) == 0)
|
|
+ if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revokedCert), serialNumber) == 0)
|
|
{
|
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2,
|
|
"---> SSL: Certificate is revoked");
|
|
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
|
|
- X509_CRL_free(crl);
|
|
+ X509_OBJECT_free(obj);
|
|
PEG_METHOD_EXIT();
|
|
return 1;
|
|
}
|
|
}
|
|
|
|
- X509_CRL_free(crl);
|
|
+ X509_OBJECT_free(obj);
|
|
|
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
|
|
"---> SSL: Certificate is not revoked at this level");
|
|
diff -up pegasus/src/Pegasus/Common/SSLContextRep.h.orig pegasus/src/Pegasus/Common/SSLContextRep.h
|
|
--- pegasus/src/Pegasus/Common/SSLContextRep.h.orig 2017-02-28 14:32:44.379013979 +0100
|
|
+++ pegasus/src/Pegasus/Common/SSLContextRep.h 2017-02-28 14:36:38.088039077 +0100
|
|
@@ -104,7 +104,11 @@ public:
|
|
|
|
//important as per following site for
|
|
//http://www.openssl.org/support/faq.html#PROG
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
CRYPTO_malloc_init();
|
|
+#else
|
|
+ OPENSSL_malloc_init();
|
|
+#endif
|
|
SSL_library_init();
|
|
SSL_load_error_strings();
|
|
}
|
|
diff -up pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp
|
|
--- pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig 2017-03-01 10:34:19.367952613 +0100
|
|
+++ pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp 2017-03-01 10:36:18.003931270 +0100
|
|
@@ -531,11 +531,11 @@ inline CIMInstance _getCRLInstance(X509_
|
|
for (int i = 0; i < numRevoked; i++)
|
|
{
|
|
r = sk_X509_REVOKED_value(revoked, i);
|
|
- rawSerialNumber = ASN1_INTEGER_get(r->serialNumber);
|
|
+ rawSerialNumber = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(r));
|
|
sprintf(serial, "%lu", (unsigned long)rawSerialNumber);
|
|
revokedSerialNumbers.append(String(serial));
|
|
|
|
- revocationDate = getDateTime(r->revocationDate);
|
|
+ revocationDate = getDateTime(X509_REVOKED_get0_revocationDate(r));
|
|
revocationDates.append(revocationDate);
|
|
}
|
|
|