summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordaurnimator <quae@daurnimator.com>2017-08-31 02:27:31 +1000
committerdaurnimator <quae@daurnimator.com>2017-08-31 02:28:25 +1000
commitdbb042053c531d7df2d4254f273ffb9dae269f58 (patch)
treecde4e27e504b904b9042a71e436cd6ccc9e4c269
parentb8f81f0afb16aec1c82ce01223f87ebd6872f81f (diff)
downloadluaossl-dbb042053c531d7df2d4254f273ffb9dae269f58.tar.gz
luaossl-dbb042053c531d7df2d4254f273ffb9dae269f58.tar.bz2
luaossl-dbb042053c531d7df2d4254f273ffb9dae269f58.zip
Move away from deprecated X509_CRL_get_* functions when setting values
Use X509_CRL_set1_* instead which perform a copy (which means we have to allocate and destroy an ASN1_TIME) Part of #96
-rw-r--r--src/openssl.c65
1 files changed, 44 insertions, 21 deletions
diff --git a/src/openssl.c b/src/openssl.c
index 6e4600a..1ef10e1 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -358,6 +358,14 @@
358#define HAVE_X509_CRL_GET0_NEXTUPDATE OPENSSL_PREREQ(1,1,0) 358#define HAVE_X509_CRL_GET0_NEXTUPDATE OPENSSL_PREREQ(1,1,0)
359#endif 359#endif
360 360
361#ifndef HAVE_X509_CRL_SET1_LASTUPDATE
362#define HAVE_X509_CRL_SET1_LASTUPDATE OPENSSL_PREREQ(1,1,0)
363#endif
364
365#ifndef HAVE_X509_CRL_SET1_NEXTUPDATE
366#define HAVE_X509_CRL_SET1_NEXTUPDATE OPENSSL_PREREQ(1,1,0)
367#endif
368
361#ifndef HAVE_X509_GET_SIGNATURE_NID 369#ifndef HAVE_X509_GET_SIGNATURE_NID
362#define HAVE_X509_GET_SIGNATURE_NID OPENSSL_PREREQ(1,0,2) 370#define HAVE_X509_GET_SIGNATURE_NID OPENSSL_PREREQ(1,0,2)
363#endif 371#endif
@@ -1769,6 +1777,14 @@ static int compat_SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) {
1769#define X509_CRL_get0_nextUpdate(crl) ((const ASN1_TIME*)X509_CRL_get_nextUpdate(crl)) 1777#define X509_CRL_get0_nextUpdate(crl) ((const ASN1_TIME*)X509_CRL_get_nextUpdate(crl))
1770#endif 1778#endif
1771 1779
1780#if !HAVE_X509_CRL_SET1_LASTUPDATE
1781#define X509_CRL_set1_lastUpdate(crl, s) X509_CRL_set_lastUpdate((crl), (ASN1_TIME*)(s))
1782#endif
1783
1784#if !HAVE_X509_CRL_SET1_NEXTUPDATE
1785#define X509_CRL_set1_nextUpdate(crl, s) X509_CRL_set_nextUpdate((crl), (ASN1_TIME*)(s))
1786#endif
1787
1772#if !HAVE_X509_EXTENSION_GET0_OBJECT 1788#if !HAVE_X509_EXTENSION_GET0_OBJECT
1773#define X509_EXTENSION_get0_object(ext) X509_EXTENSION_get_object((ext)) 1789#define X509_EXTENSION_get0_object(ext) X509_EXTENSION_get_object((ext))
1774#endif 1790#endif
@@ -6855,10 +6871,21 @@ static int xx_new(lua_State *L) {
6855 if (!ok) 6871 if (!ok)
6856 return auxL_error(L, auxL_EOPENSSL, "x509.crl.new"); 6872 return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
6857 } else { 6873 } else {
6874 ASN1_TIME *tm;
6875
6858 if (!(*ud = X509_CRL_new())) 6876 if (!(*ud = X509_CRL_new()))
6859 return auxL_error(L, auxL_EOPENSSL, "x509.crl.new"); 6877 return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
6860 6878
6861 X509_gmtime_adj(X509_CRL_get_lastUpdate(*ud), 0); 6879 /* initialize last updated time to now */
6880 if (!(tm = ASN1_TIME_set(NULL, time(NULL))))
6881 return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
6882
6883 if (!X509_CRL_set1_lastUpdate(*ud, tm)) {
6884 ASN1_TIME_free(tm);
6885 return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
6886 }
6887
6888 ASN1_TIME_free(tm);
6862 } 6889 }
6863 6890
6864 return 1; 6891 return 1;
@@ -6912,14 +6939,21 @@ static int xx_getLastUpdate(lua_State *L) {
6912static int xx_setLastUpdate(lua_State *L) { 6939static int xx_setLastUpdate(lua_State *L) {
6913 X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); 6940 X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
6914 double updated = luaL_checknumber(L, 2); 6941 double updated = luaL_checknumber(L, 2);
6942 ASN1_TIME *time;
6915 6943
6916 /* lastUpdate always present */ 6944 if (!(time = ASN1_TIME_set(NULL, updated)))
6917 if (!ASN1_TIME_set(X509_CRL_get_lastUpdate(crl), updated)) 6945 goto error;
6918 return auxL_error(L, auxL_EOPENSSL, "x509.crl:setLastUpdate"); 6946
6947 if (!X509_CRL_set1_lastUpdate(crl, time))
6948 goto error;
6919 6949
6920 lua_pushboolean(L, 1); 6950 lua_pushboolean(L, 1);
6921 6951
6922 return 1; 6952 return 1;
6953error:
6954 ASN1_TIME_free(time);
6955
6956 return auxL_error(L, auxL_EOPENSSL, "x509.crl:setLastUpdate");
6923} /* xx_setLastUpdate() */ 6957} /* xx_setLastUpdate() */
6924 6958
6925 6959
@@ -6943,30 +6977,19 @@ static int xx_getNextUpdate(lua_State *L) {
6943static int xx_setNextUpdate(lua_State *L) { 6977static int xx_setNextUpdate(lua_State *L) {
6944 X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS); 6978 X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
6945 double updateby = luaL_checknumber(L, 2); 6979 double updateby = luaL_checknumber(L, 2);
6946 ASN1_TIME *time = NULL; 6980 ASN1_TIME *time;
6947
6948 if (X509_CRL_get0_nextUpdate(crl)) {
6949 if (!ASN1_TIME_set(X509_CRL_get_nextUpdate(crl), updateby))
6950 goto error;
6951 } else {
6952 if (!(time = ASN1_TIME_new()))
6953 goto error;
6954
6955 if (!(ASN1_TIME_set(time, updateby)))
6956 goto error;
6957 6981
6958 if (!X509_CRL_set_nextUpdate(crl, time)) 6982 if (!(time = ASN1_TIME_set(NULL, updateby)))
6959 goto error; 6983 goto error;
6960 6984
6961 time = NULL; 6985 if (!X509_CRL_set1_nextUpdate(crl, time))
6962 } 6986 goto error;
6963 6987
6964 lua_pushboolean(L, 1); 6988 lua_pushboolean(L, 1);
6965 6989
6966 return 1; 6990 return 1;
6967error: 6991error:
6968 if (time) 6992 ASN1_TIME_free(time);
6969 ASN1_TIME_free(time);
6970 6993
6971 return auxL_error(L, auxL_EOPENSSL, "x509.crl:setNextUpdate"); 6994 return auxL_error(L, auxL_EOPENSSL, "x509.crl:setNextUpdate");
6972} /* xx_setNextUpdate() */ 6995} /* xx_setNextUpdate() */