Improve compatibility with OpenSSL 1.1.0

* add missing headers
* stop using deprecated APIs
This commit is contained in:
quentin
2018-02-26 02:43:41 +01:00
parent 38ce95cf1c
commit c8372f27d7
4 changed files with 36 additions and 1 deletions
+23 -1
View File
@@ -43,10 +43,12 @@
#endif
#include "openssl-compat.h"
#include <openssl/bn.h>
#include <openssl/des.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>
#include "cmdline.h"
#include "util.h"
@@ -868,11 +870,19 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
fprintf(stderr, "Failed to set certificate serial.\n");
goto selfsign_out;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
if(!X509_gmtime_adj(X509_get_notBefore(x509), 0)) {
#else
if(!X509_gmtime_adj(X509_getm_notBefore(x509), 0)) {
#endif
fprintf(stderr, "Failed to set certificate notBefore.\n");
goto selfsign_out;
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
if(!X509_gmtime_adj(X509_get_notAfter(x509), 60L * 60L * 24L * validDays)) {
#else
if(!X509_gmtime_adj(X509_getm_notAfter(x509), 60L * 60L * 24L * validDays)) {
#endif
fprintf(stderr, "Failed to set certificate notAfter.\n");
goto selfsign_out;
}
@@ -1241,7 +1251,7 @@ static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_M
if(*ptr++ == 0x70) {
unsigned int md_len = sizeof(data);
ASN1_TIME *not_before, *not_after;
const ASN1_TIME *not_before, *not_after;
ptr += get_length(ptr, &cert_len);
x509 = X509_new();
@@ -1299,13 +1309,21 @@ static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_M
dump_data(data, md_len, output, false, format_arg_hex);
bio = BIO_new_fp(output, BIO_NOCLOSE | BIO_FP_TEXT);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
not_before = X509_get_notBefore(x509);
#else
not_before = X509_get0_notBefore(x509);
#endif
if(not_before) {
fprintf(output, "\tNot Before:\t");
ASN1_TIME_print(bio, not_before);
fprintf(output, "\n");
}
#if OPENSSL_VERSION_NUMBER < 0x10100000L
not_after = X509_get_notAfter(x509);
#else
not_after = X509_get0_notAfter(x509);
#endif
if(not_after) {
fprintf(output, "\tNot After:\t");
ASN1_TIME_print(bio, not_after);
@@ -1950,7 +1968,9 @@ int main(int argc, char *argv[]) {
/* openssl setup.. */
#if OPENSSL_VERSION_NUMBER < 0x10100000L
OpenSSL_add_all_algorithms();
#endif
for(i = 0; i < args_info.action_given; i++) {
@@ -2191,6 +2211,8 @@ int main(int argc, char *argv[]) {
}
ykpiv_done(state);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_cleanup();
#endif
return ret;
}