--- a/modules/md/md_crypt.c +++ b/modules/md/md_crypt.c @@ -708,23 +708,23 @@ const char *md_cert_get_serial_number(co int md_cert_is_valid_now(const md_cert_t *cert) { - return ((X509_cmp_current_time(X509_get_notBefore(cert->x509)) < 0) - && (X509_cmp_current_time(X509_get_notAfter(cert->x509)) > 0)); + return ((X509_cmp_current_time(X509_get0_notBefore(cert->x509)) < 0) + && (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) > 0)); } int md_cert_has_expired(const md_cert_t *cert) { - return (X509_cmp_current_time(X509_get_notAfter(cert->x509)) <= 0); + return (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) <= 0); } apr_time_t md_cert_get_not_after(const md_cert_t *cert) { - return md_asn1_time_get(X509_get_notAfter(cert->x509)); + return md_asn1_time_get(X509_get0_notAfter(cert->x509)); } apr_time_t md_cert_get_not_before(const md_cert_t *cert) { - return md_asn1_time_get(X509_get_notBefore(cert->x509)); + return md_asn1_time_get(X509_get0_notBefore(cert->x509)); } int md_cert_covers_domain(md_cert_t *cert, const char *domain_name) --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -226,7 +226,7 @@ apr_status_t ssl_init_Module(apr_pool_t apr_status_t rv; apr_array_header_t *pphrases; - if (SSLeay() < MODSSL_LIBRARY_VERSION) { + if (OpenSSL_version_num() < MODSSL_LIBRARY_VERSION) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882) "Init: this version of mod_ssl was compiled against " "a newer library (%s, version currently loaded is %s)" --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -1255,9 +1255,9 @@ static apr_status_t ssl_io_filter_handsh if (dc->proxy->ssl_check_peer_expire != FALSE) { if (!cert || (X509_cmp_current_time( - X509_get_notBefore(cert)) >= 0) + X509_get0_notBefore(cert)) >= 0) || (X509_cmp_current_time( - X509_get_notAfter(cert)) <= 0)) { + X509_get0_notAfter(cert)) <= 0)) { proxy_ssl_check_peer_ok = FALSE; ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02004) "SSL Proxy: Peer certificate is expired"); --- a/modules/ssl/ssl_engine_log.c +++ b/modules/ssl/ssl_engine_log.c @@ -161,10 +161,10 @@ static void ssl_log_cert_error(const cha BIO_puts(bio, "(ERROR)"); BIO_puts(bio, " / notbefore: "); - ASN1_TIME_print(bio, X509_get_notBefore(cert)); + ASN1_TIME_print(bio, X509_get0_notBefore(cert)); BIO_puts(bio, " / notafter: "); - ASN1_TIME_print(bio, X509_get_notAfter(cert)); + ASN1_TIME_print(bio, X509_get0_notAfter(cert)); BIO_puts(bio, "]"); --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -490,13 +490,13 @@ static char *ssl_var_lookup_ssl_cert(apr result = ssl_var_lookup_ssl_cert_serial(p, xs); } else if (strcEQ(var, "V_START")) { - result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs)); + result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notBefore(xs)); } else if (strcEQ(var, "V_END")) { - result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs)); + result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notAfter(xs)); } else if (strcEQ(var, "V_REMAIN")) { - result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs)); + result = ssl_var_lookup_ssl_cert_remain(p, X509_get0_notAfter(xs)); resdup = FALSE; } else if (*var && strcEQ(var+1, "_DN")) { --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -98,6 +98,9 @@ #include #include #include +#include +#include +#include /* Avoid tripping over an engine build installed globally and detected * when the user points at an explicit non-engine flavor of OpenSSL --- a/support/ab.c +++ b/support/ab.c @@ -652,11 +652,11 @@ static void ssl_print_cert_info(BIO *bio BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1); BIO_printf(bio,"Valid from: "); - ASN1_UTCTIME_print(bio, X509_get_notBefore(cert)); + ASN1_UTCTIME_print(bio, X509_get0_notBefore(cert)); BIO_printf(bio,"\n"); BIO_printf(bio,"Valid to : "); - ASN1_UTCTIME_print(bio, X509_get_notAfter(cert)); + ASN1_UTCTIME_print(bio, X509_get0_notAfter(cert)); BIO_printf(bio,"\n"); pk = X509_get_pubkey(cert); @@ -2634,8 +2634,10 @@ int main(int argc, const char * const ar CRYPTO_malloc_init(); #endif #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_load_error_strings(); SSL_library_init(); +#endif bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);