Move away from deprecated X509_CRL_get_* functions when setting values

Use X509_CRL_set1_* instead which perform a copy (which means we have to allocate and destroy an ASN1_TIME) Part of #96
author: daurnimator <quae@daurnimator.com> 2017-08-31 02:27:31 +1000
committer: daurnimator <quae@daurnimator.com> 2017-08-31 02:28:25 +1000
commit: dbb042053c531d7df2d4254f273ffb9dae269f58 (patch)
tree: cde4e27e504b904b9042a71e436cd6ccc9e4c269
parent: b8f81f0afb16aec1c82ce01223f87ebd6872f81f (diff)
download: luaossl-dbb042053c531d7df2d4254f273ffb9dae269f58.tar.gz
luaossl-dbb042053c531d7df2d4254f273ffb9dae269f58.tar.bz2
luaossl-dbb042053c531d7df2d4254f273ffb9dae269f58.zip
1 files changed, 44 insertions, 21 deletions
diff --git a/src/openssl.c b/src/openssl.c
index 6e4600a..1ef10e1 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -358,6 +358,14 @@
 #define HAVE_X509_CRL_GET0_NEXTUPDATE OPENSSL_PREREQ(1,1,0)
 #endif
+#ifndef HAVE_X509_CRL_SET1_LASTUPDATE
+#define HAVE_X509_CRL_SET1_LASTUPDATE OPENSSL_PREREQ(1,1,0)
+#endif
+#ifndef HAVE_X509_CRL_SET1_NEXTUPDATE
+#define HAVE_X509_CRL_SET1_NEXTUPDATE OPENSSL_PREREQ(1,1,0)
+#endif
 #ifndef HAVE_X509_GET_SIGNATURE_NID
 #define HAVE_X509_GET_SIGNATURE_NID OPENSSL_PREREQ(1,0,2)
 #endif
@@ -1769,6 +1777,14 @@ static int compat_SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) {
 #define X509_CRL_get0_nextUpdate(crl) ((const ASN1_TIME*)X509_CRL_get_nextUpdate(crl))
 #endif
+#if !HAVE_X509_CRL_SET1_LASTUPDATE
+#define X509_CRL_set1_lastUpdate(crl, s) X509_CRL_set_lastUpdate((crl), (ASN1_TIME*)(s))
+#endif
+#if !HAVE_X509_CRL_SET1_NEXTUPDATE
+#define X509_CRL_set1_nextUpdate(crl, s) X509_CRL_set_nextUpdate((crl), (ASN1_TIME*)(s))
+#endif
 #if !HAVE_X509_EXTENSION_GET0_OBJECT
 #define X509_EXTENSION_get0_object(ext) X509_EXTENSION_get_object((ext))
 #endif
@@ -6855,10 +6871,21 @@ static int xx_new(lua_State *L) {
                if (!ok)
                        return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
        } else {
+                ASN1_TIME *tm;
                if (!(*ud = X509_CRL_new()))
                        return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
-                X509_gmtime_adj(X509_CRL_get_lastUpdate(*ud), 0);
+                /* initialize last updated time to now */
+                if (!(tm = ASN1_TIME_set(NULL, time(NULL))))
+                        return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
+                if (!X509_CRL_set1_lastUpdate(*ud, tm)) {
+                        ASN1_TIME_free(tm);
+                        return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
+                }
+                ASN1_TIME_free(tm);
        }
        return 1;
@@ -6912,14 +6939,21 @@ static int xx_getLastUpdate(lua_State *L) {
 static int xx_setLastUpdate(lua_State *L) {
        X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
        double updated = luaL_checknumber(L, 2);
+        ASN1_TIME *time;
-        /* lastUpdate always present */
+        if (!(time = ASN1_TIME_set(NULL, updated)))
-        if (!ASN1_TIME_set(X509_CRL_get_lastUpdate(crl), updated))
+                goto error;
-                return auxL_error(L, auxL_EOPENSSL, "x509.crl:setLastUpdate");
+        if (!X509_CRL_set1_lastUpdate(crl, time))
+                goto error;
        lua_pushboolean(L, 1);
        return 1;
+error:
+        ASN1_TIME_free(time);
+        return auxL_error(L, auxL_EOPENSSL, "x509.crl:setLastUpdate");
 } /* xx_setLastUpdate() */
@@ -6943,30 +6977,19 @@ static int xx_getNextUpdate(lua_State *L) {
 static int xx_setNextUpdate(lua_State *L) {
        X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
        double updateby = luaL_checknumber(L, 2);
-        ASN1_TIME *time = NULL;
+        ASN1_TIME *time;
-        if (X509_CRL_get0_nextUpdate(crl)) {
-                if (!ASN1_TIME_set(X509_CRL_get_nextUpdate(crl), updateby))
-                        goto error;
-        } else {
-                if (!(time = ASN1_TIME_new()))
-                        goto error;
-                if (!(ASN1_TIME_set(time, updateby)))
-                        goto error;
-                if (!X509_CRL_set_nextUpdate(crl, time))
+        if (!(time = ASN1_TIME_set(NULL, updateby)))
-                        goto error;
+                goto error;
-                time = NULL;
+        if (!X509_CRL_set1_nextUpdate(crl, time))
-        }
+                goto error;
        lua_pushboolean(L, 1);
        return 1;
 error:
-        if (time)
+        ASN1_TIME_free(time);
-                ASN1_TIME_free(time);
        return auxL_error(L, auxL_EOPENSSL, "x509.crl:setNextUpdate");
 } /* xx_setNextUpdate() */
author	daurnimator <quae@daurnimator.com>	2017-08-31 02:27:31 +1000
committer	daurnimator <quae@daurnimator.com>	2017-08-31 02:28:25 +1000
commit	dbb042053c531d7df2d4254f273ffb9dae269f58 (patch)
tree	cde4e27e504b904b9042a71e436cd6ccc9e4c269
parent	b8f81f0afb16aec1c82ce01223f87ebd6872f81f (diff)
download	luaossl-dbb042053c531d7df2d4254f273ffb9dae269f58.tar.gz luaossl-dbb042053c531d7df2d4254f273ffb9dae269f58.tar.bz2 luaossl-dbb042053c531d7df2d4254f273ffb9dae269f58.zip

diff --git a/src/openssl.c b/src/openssl.c index 6e4600a..1ef10e1 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -358,6 +358,14 @@
358	#define HAVE_X509_CRL_GET0_NEXTUPDATE OPENSSL_PREREQ(1,1,0)	358	#define HAVE_X509_CRL_GET0_NEXTUPDATE OPENSSL_PREREQ(1,1,0)
359	#endif	359	#endif
360		360
		361	#ifndef HAVE_X509_CRL_SET1_LASTUPDATE
		362	#define HAVE_X509_CRL_SET1_LASTUPDATE OPENSSL_PREREQ(1,1,0)
		363	#endif
		364
		365	#ifndef HAVE_X509_CRL_SET1_NEXTUPDATE
		366	#define HAVE_X509_CRL_SET1_NEXTUPDATE OPENSSL_PREREQ(1,1,0)
		367	#endif
		368
361	#ifndef HAVE_X509_GET_SIGNATURE_NID	369	#ifndef HAVE_X509_GET_SIGNATURE_NID
362	#define HAVE_X509_GET_SIGNATURE_NID OPENSSL_PREREQ(1,0,2)	370	#define HAVE_X509_GET_SIGNATURE_NID OPENSSL_PREREQ(1,0,2)
363	#endif	371	#endif
@@ -1769,6 +1777,14 @@ static int compat_SSL_CTX_set1_param(SSL_CTX ctx, X509_VERIFY_PARAM vpm) {
1769	#define X509_CRL_get0_nextUpdate(crl) ((const ASN1_TIME*)X509_CRL_get_nextUpdate(crl))	1777	#define X509_CRL_get0_nextUpdate(crl) ((const ASN1_TIME*)X509_CRL_get_nextUpdate(crl))
1770	#endif	1778	#endif
1771		1779
		1780	#if !HAVE_X509_CRL_SET1_LASTUPDATE
		1781	#define X509_CRL_set1_lastUpdate(crl, s) X509_CRL_set_lastUpdate((crl), (ASN1_TIME*)(s))
		1782	#endif
		1783
		1784	#if !HAVE_X509_CRL_SET1_NEXTUPDATE
		1785	#define X509_CRL_set1_nextUpdate(crl, s) X509_CRL_set_nextUpdate((crl), (ASN1_TIME*)(s))
		1786	#endif
		1787
1772	#if !HAVE_X509_EXTENSION_GET0_OBJECT	1788	#if !HAVE_X509_EXTENSION_GET0_OBJECT
1773	#define X509_EXTENSION_get0_object(ext) X509_EXTENSION_get_object((ext))	1789	#define X509_EXTENSION_get0_object(ext) X509_EXTENSION_get_object((ext))
1774	#endif	1790	#endif
@@ -6855,10 +6871,21 @@ static int xx_new(lua_State *L) {
6855	if (!ok)	6871	if (!ok)
6856	return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");	6872	return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
6857	} else {	6873	} else {
		6874	ASN1_TIME *tm;
		6875
6858	if (!(*ud = X509_CRL_new()))	6876	if (!(*ud = X509_CRL_new()))
6859	return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");	6877	return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
6860		6878
6861	X509_gmtime_adj(X509_CRL_get_lastUpdate(*ud), 0);	6879	/* initialize last updated time to now */
		6880	if (!(tm = ASN1_TIME_set(NULL, time(NULL))))
		6881	return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
		6882
		6883	if (!X509_CRL_set1_lastUpdate(*ud, tm)) {
		6884	ASN1_TIME_free(tm);
		6885	return auxL_error(L, auxL_EOPENSSL, "x509.crl.new");
		6886	}
		6887
		6888	ASN1_TIME_free(tm);
6862	}	6889	}
6863		6890
6864	return 1;	6891	return 1;
@@ -6912,14 +6939,21 @@ static int xx_getLastUpdate(lua_State *L) {
6912	static int xx_setLastUpdate(lua_State *L) {	6939	static int xx_setLastUpdate(lua_State *L) {
6913	X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);	6940	X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
6914	double updated = luaL_checknumber(L, 2);	6941	double updated = luaL_checknumber(L, 2);
		6942	ASN1_TIME *time;
6915		6943
6916	/* lastUpdate always present */	6944	if (!(time = ASN1_TIME_set(NULL, updated)))
6917	if (!ASN1_TIME_set(X509_CRL_get_lastUpdate(crl), updated))	6945	goto error;
6918	return auxL_error(L, auxL_EOPENSSL, "x509.crl:setLastUpdate");	6946
		6947	if (!X509_CRL_set1_lastUpdate(crl, time))
		6948	goto error;
6919		6949
6920	lua_pushboolean(L, 1);	6950	lua_pushboolean(L, 1);
6921		6951
6922	return 1;	6952	return 1;
		6953	error:
		6954	ASN1_TIME_free(time);
		6955
		6956	return auxL_error(L, auxL_EOPENSSL, "x509.crl:setLastUpdate");
6923	} /* xx_setLastUpdate() */	6957	} /* xx_setLastUpdate() */
6924		6958
6925		6959
@@ -6943,30 +6977,19 @@ static int xx_getNextUpdate(lua_State *L) {
6943	static int xx_setNextUpdate(lua_State *L) {	6977	static int xx_setNextUpdate(lua_State *L) {
6944	X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);	6978	X509_CRL *crl = checksimple(L, 1, X509_CRL_CLASS);
6945	double updateby = luaL_checknumber(L, 2);	6979	double updateby = luaL_checknumber(L, 2);
6946	ASN1_TIME *time = NULL;	6980	ASN1_TIME *time;
6947
6948	if (X509_CRL_get0_nextUpdate(crl)) {
6949	if (!ASN1_TIME_set(X509_CRL_get_nextUpdate(crl), updateby))
6950	goto error;
6951	} else {
6952	if (!(time = ASN1_TIME_new()))
6953	goto error;
6954
6955	if (!(ASN1_TIME_set(time, updateby)))
6956	goto error;
6957		6981
6958	if (!X509_CRL_set_nextUpdate(crl, time))	6982	if (!(time = ASN1_TIME_set(NULL, updateby)))
6959	goto error;	6983	goto error;
6960		6984
6961	time = NULL;	6985	if (!X509_CRL_set1_nextUpdate(crl, time))
6962	}	6986	goto error;
6963		6987
6964	lua_pushboolean(L, 1);	6988	lua_pushboolean(L, 1);
6965		6989
6966	return 1;	6990	return 1;
6967	error:	6991	error:
6968	if (time)	6992	ASN1_TIME_free(time);
6969	ASN1_TIME_free(time);
6970		6993
6971	return auxL_error(L, auxL_EOPENSSL, "x509.crl:setNextUpdate");	6994	return auxL_error(L, auxL_EOPENSSL, "x509.crl:setNextUpdate");
6972	} /* xx_setNextUpdate() */	6995	} /* xx_setNextUpdate() */