You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

129 lines
4.9 KiB

  1. --- a/modules/md/md_crypt.c
  2. +++ b/modules/md/md_crypt.c
  3. @@ -708,23 +708,23 @@ const char *md_cert_get_serial_number(co
  4. int md_cert_is_valid_now(const md_cert_t *cert)
  5. {
  6. - return ((X509_cmp_current_time(X509_get_notBefore(cert->x509)) < 0)
  7. - && (X509_cmp_current_time(X509_get_notAfter(cert->x509)) > 0));
  8. + return ((X509_cmp_current_time(X509_get0_notBefore(cert->x509)) < 0)
  9. + && (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) > 0));
  10. }
  11. int md_cert_has_expired(const md_cert_t *cert)
  12. {
  13. - return (X509_cmp_current_time(X509_get_notAfter(cert->x509)) <= 0);
  14. + return (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) <= 0);
  15. }
  16. apr_time_t md_cert_get_not_after(const md_cert_t *cert)
  17. {
  18. - return md_asn1_time_get(X509_get_notAfter(cert->x509));
  19. + return md_asn1_time_get(X509_get0_notAfter(cert->x509));
  20. }
  21. apr_time_t md_cert_get_not_before(const md_cert_t *cert)
  22. {
  23. - return md_asn1_time_get(X509_get_notBefore(cert->x509));
  24. + return md_asn1_time_get(X509_get0_notBefore(cert->x509));
  25. }
  26. int md_cert_covers_domain(md_cert_t *cert, const char *domain_name)
  27. --- a/modules/ssl/ssl_engine_init.c
  28. +++ b/modules/ssl/ssl_engine_init.c
  29. @@ -226,7 +226,7 @@ apr_status_t ssl_init_Module(apr_pool_t
  30. apr_status_t rv;
  31. apr_array_header_t *pphrases;
  32. - if (SSLeay() < MODSSL_LIBRARY_VERSION) {
  33. + if (OpenSSL_version_num() < MODSSL_LIBRARY_VERSION) {
  34. ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882)
  35. "Init: this version of mod_ssl was compiled against "
  36. "a newer library (%s, version currently loaded is %s)"
  37. --- a/modules/ssl/ssl_engine_io.c
  38. +++ b/modules/ssl/ssl_engine_io.c
  39. @@ -1255,9 +1255,9 @@ static apr_status_t ssl_io_filter_handsh
  40. if (dc->proxy->ssl_check_peer_expire != FALSE) {
  41. if (!cert
  42. || (X509_cmp_current_time(
  43. - X509_get_notBefore(cert)) >= 0)
  44. + X509_get0_notBefore(cert)) >= 0)
  45. || (X509_cmp_current_time(
  46. - X509_get_notAfter(cert)) <= 0)) {
  47. + X509_get0_notAfter(cert)) <= 0)) {
  48. proxy_ssl_check_peer_ok = FALSE;
  49. ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02004)
  50. "SSL Proxy: Peer certificate is expired");
  51. --- a/modules/ssl/ssl_engine_log.c
  52. +++ b/modules/ssl/ssl_engine_log.c
  53. @@ -161,10 +161,10 @@ static void ssl_log_cert_error(const cha
  54. BIO_puts(bio, "(ERROR)");
  55. BIO_puts(bio, " / notbefore: ");
  56. - ASN1_TIME_print(bio, X509_get_notBefore(cert));
  57. + ASN1_TIME_print(bio, X509_get0_notBefore(cert));
  58. BIO_puts(bio, " / notafter: ");
  59. - ASN1_TIME_print(bio, X509_get_notAfter(cert));
  60. + ASN1_TIME_print(bio, X509_get0_notAfter(cert));
  61. BIO_puts(bio, "]");
  62. --- a/modules/ssl/ssl_engine_vars.c
  63. +++ b/modules/ssl/ssl_engine_vars.c
  64. @@ -490,13 +490,13 @@ static char *ssl_var_lookup_ssl_cert(apr
  65. result = ssl_var_lookup_ssl_cert_serial(p, xs);
  66. }
  67. else if (strcEQ(var, "V_START")) {
  68. - result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));
  69. + result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notBefore(xs));
  70. }
  71. else if (strcEQ(var, "V_END")) {
  72. - result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
  73. + result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notAfter(xs));
  74. }
  75. else if (strcEQ(var, "V_REMAIN")) {
  76. - result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs));
  77. + result = ssl_var_lookup_ssl_cert_remain(p, X509_get0_notAfter(xs));
  78. resdup = FALSE;
  79. }
  80. else if (*var && strcEQ(var+1, "_DN")) {
  81. --- a/modules/ssl/ssl_private.h
  82. +++ b/modules/ssl/ssl_private.h
  83. @@ -98,6 +98,9 @@
  84. #include <openssl/x509v3.h>
  85. #include <openssl/x509_vfy.h>
  86. #include <openssl/ocsp.h>
  87. +#include <openssl/dh.h>
  88. +#include <openssl/bn.h>
  89. +#include <openssl/ui.h>
  90. /* Avoid tripping over an engine build installed globally and detected
  91. * when the user points at an explicit non-engine flavor of OpenSSL
  92. --- a/support/ab.c
  93. +++ b/support/ab.c
  94. @@ -652,11 +652,11 @@ static void ssl_print_cert_info(BIO *bio
  95. BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1);
  96. BIO_printf(bio,"Valid from: ");
  97. - ASN1_UTCTIME_print(bio, X509_get_notBefore(cert));
  98. + ASN1_UTCTIME_print(bio, X509_get0_notBefore(cert));
  99. BIO_printf(bio,"\n");
  100. BIO_printf(bio,"Valid to : ");
  101. - ASN1_UTCTIME_print(bio, X509_get_notAfter(cert));
  102. + ASN1_UTCTIME_print(bio, X509_get0_notAfter(cert));
  103. BIO_printf(bio,"\n");
  104. pk = X509_get_pubkey(cert);
  105. @@ -2634,8 +2634,10 @@ int main(int argc, const char * const ar
  106. CRYPTO_malloc_init();
  107. #endif
  108. #endif
  109. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  110. SSL_load_error_strings();
  111. SSL_library_init();
  112. +#endif
  113. bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
  114. bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);