LILiK
/
openwrt-packages-dist


								--- a/modules/md/md_crypt.c

								+++ b/modules/md/md_crypt.c

								@@ -1139,23 +1139,23 @@ const char *md_cert_get_serial_number(co


								 int md_cert_is_valid_now(const md_cert_t *cert)

								 {

								-    return ((X509_cmp_current_time(X509_get_notBefore(cert->x509)) < 0)

								-            && (X509_cmp_current_time(X509_get_notAfter(cert->x509)) > 0));

								+    return ((X509_cmp_current_time(X509_get0_notBefore(cert->x509)) < 0)

								+            && (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) > 0));

								 }


								 int md_cert_has_expired(const md_cert_t *cert)

								 {

								-    return (X509_cmp_current_time(X509_get_notAfter(cert->x509)) <= 0);

								+    return (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) <= 0);

								 }


								 apr_time_t md_cert_get_not_after(const md_cert_t *cert)

								 {

								-    return md_asn1_time_get(X509_get_notAfter(cert->x509));

								+    return md_asn1_time_get(X509_get0_notAfter(cert->x509));

								 }


								 apr_time_t md_cert_get_not_before(const md_cert_t *cert)

								 {

								-    return md_asn1_time_get(X509_get_notBefore(cert->x509));

								+    return md_asn1_time_get(X509_get0_notBefore(cert->x509));

								 }


								 md_timeperiod_t md_cert_get_valid(const md_cert_t *cert)

								--- a/modules/ssl/ssl_engine_init.c

								+++ b/modules/ssl/ssl_engine_init.c

								@@ -231,7 +231,7 @@ apr_status_t ssl_init_Module(apr_pool_t

								     apr_status_t rv;

								     apr_array_header_t *pphrases;


								-    if (SSLeay() < MODSSL_LIBRARY_VERSION) {

								+    if (OpenSSL_version_num() < MODSSL_LIBRARY_VERSION) {

								         ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882)

								                      "Init: this version of mod_ssl was compiled against "

								                      "a newer library (%s, version currently loaded is %s)"

								--- a/modules/ssl/ssl_engine_io.c

								+++ b/modules/ssl/ssl_engine_io.c

								@@ -1316,9 +1316,9 @@ static apr_status_t ssl_io_filter_handsh

								         if (dc->proxy->ssl_check_peer_expire != FALSE) {

								             if (!cert

								                 || (X509_cmp_current_time(

								-                     X509_get_notBefore(cert)) >= 0)

								+                     X509_get0_notBefore(cert)) >= 0)

								                 || (X509_cmp_current_time(

								-                     X509_get_notAfter(cert)) <= 0)) {

								+                     X509_get0_notAfter(cert)) <= 0)) {

								                 proxy_ssl_check_peer_ok = FALSE;

								                 ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02004)

								                               "SSL Proxy: Peer certificate is expired");

								--- a/modules/ssl/ssl_engine_log.c

								+++ b/modules/ssl/ssl_engine_log.c

								@@ -171,10 +171,10 @@ static void ssl_log_cert_error(const cha

								                 BIO_puts(bio, "(ERROR)");


								             BIO_puts(bio, " / notbefore: ");

								-            ASN1_TIME_print(bio, X509_get_notBefore(cert));

								+            ASN1_TIME_print(bio, X509_get0_notBefore(cert));


								             BIO_puts(bio, " / notafter: ");

								-            ASN1_TIME_print(bio, X509_get_notAfter(cert));

								+            ASN1_TIME_print(bio, X509_get0_notAfter(cert));


								             BIO_puts(bio, "]");


								--- a/modules/ssl/ssl_engine_vars.c

								+++ b/modules/ssl/ssl_engine_vars.c

								@@ -490,13 +490,13 @@ static char *ssl_var_lookup_ssl_cert(apr

								         result = ssl_var_lookup_ssl_cert_serial(p, xs);

								     }

								     else if (strcEQ(var, "V_START")) {

								-        result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));

								+        result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notBefore(xs));

								     }

								     else if (strcEQ(var, "V_END")) {

								-        result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));

								+        result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notAfter(xs));

								     }

								     else if (strcEQ(var, "V_REMAIN")) {

								-        result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs));

								+        result = ssl_var_lookup_ssl_cert_remain(p, X509_get0_notAfter(xs));

								         resdup = FALSE;

								     }

								     else if (*var && strcEQ(var+1, "_DN")) {

								--- a/modules/ssl/ssl_private.h

								+++ b/modules/ssl/ssl_private.h

								@@ -102,6 +102,9 @@

								 #include <openssl/x509v3.h>

								 #include <openssl/x509_vfy.h>

								 #include <openssl/ocsp.h>

								+#include <openssl/dh.h>

								+#include <openssl/bn.h>

								+#include <openssl/ui.h>


								 /* Avoid tripping over an engine build installed globally and detected

								  * when the user points at an explicit non-engine flavor of OpenSSL

								--- a/support/ab.c

								+++ b/support/ab.c

								@@ -652,11 +652,11 @@ static void ssl_print_cert_info(BIO *bio


								     BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1);

								     BIO_printf(bio,"Valid from: ");

								-    ASN1_UTCTIME_print(bio, X509_get_notBefore(cert));

								+    ASN1_UTCTIME_print(bio, X509_get0_notBefore(cert));

								     BIO_printf(bio,"\n");


								     BIO_printf(bio,"Valid to  : ");

								-    ASN1_UTCTIME_print(bio, X509_get_notAfter(cert));

								+    ASN1_UTCTIME_print(bio, X509_get0_notAfter(cert));

								     BIO_printf(bio,"\n");


								     pk = X509_get_pubkey(cert);

								@@ -2634,8 +2634,10 @@ int main(int argc, const char * const ar

								     CRYPTO_malloc_init();

								 #endif

								 #endif

								+#if OPENSSL_VERSION_NUMBER < 0x10100000L

								     SSL_load_error_strings();

								     SSL_library_init();

								+#endif

								     bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);

								     bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);