diff options
author | William Ahern <william@25thandclement.com> | 2016-12-08 18:13:22 -0800 |
---|---|---|
committer | William Ahern <william@25thandclement.com> | 2016-12-08 18:13:22 -0800 |
commit | e9ecd299628b2af6a8aa74ce7956bb7ae902f69d (patch) | |
tree | 57cac1a9a0f54e35e7dbc4a9a9d158511f134505 | |
parent | 028873f1fde5b91a3b8d2f80f350ca1682146029 (diff) | |
download | luaossl-e9ecd299628b2af6a8aa74ce7956bb7ae902f69d.tar.gz luaossl-e9ecd299628b2af6a8aa74ce7956bb7ae902f69d.tar.bz2 luaossl-e9ecd299628b2af6a8aa74ce7956bb7ae902f69d.zip |
manipulation of inh_flags isn't supported by OpenSSL 1.1 API
-rw-r--r-- | src/openssl.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/openssl.c b/src/openssl.c index 7addaa1..3ac0c6d 100644 --- a/src/openssl.c +++ b/src/openssl.c | |||
@@ -8354,17 +8354,25 @@ static int xp_interpose(lua_State *L) { | |||
8354 | } /* xp_interpose() */ | 8354 | } /* xp_interpose() */ |
8355 | 8355 | ||
8356 | 8356 | ||
8357 | /* | ||
8358 | * NB: Per the OpenSSL source, "[t]he 'inh_flags' field determines how this | ||
8359 | * function behaves". (Referring to X509_VERIFY_PARAM_inherit.) The way to | ||
8360 | * set inh_flags prior to OpenSSL 1.1 was by OR'ing flags into the inh_flags | ||
8361 | * member and restoring it after the call. The OpenSSL 1.1 API makes the | ||
8362 | * X509_VERIFY_PARAM object opaque, X509_VERIFY_PARAM_inherit, and there's | ||
8363 | * no other function to set the flags argument; therefore it's not possible | ||
8364 | * to control the inherit behavior from OpenSSL 1.1. | ||
8365 | * | ||
8366 | * For more details see | ||
8367 | * https://github.com/openssl/openssl/issues/2054 and the original | ||
8368 | * https://github.com/wahern/luaossl/pull/76/commits/db6e414d68c0f94c2497d363f6131b4de1710ba9 | ||
8369 | */ | ||
8357 | static int xp_inherit(lua_State *L) { | 8370 | static int xp_inherit(lua_State *L) { |
8358 | X509_VERIFY_PARAM *dest = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); | 8371 | X509_VERIFY_PARAM *dest = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); |
8359 | X509_VERIFY_PARAM *src = checksimple(L, 2, X509_VERIFY_PARAM_CLASS); | 8372 | X509_VERIFY_PARAM *src = checksimple(L, 2, X509_VERIFY_PARAM_CLASS); |
8360 | int flags = luaL_optinteger(L, 3, 0); | ||
8361 | unsigned long save_flags = dest->inh_flags; | ||
8362 | int ret; | 8373 | int ret; |
8363 | 8374 | ||
8364 | dest->inh_flags |= flags; | ||
8365 | ret = X509_VERIFY_PARAM_inherit(dest, src); | 8375 | ret = X509_VERIFY_PARAM_inherit(dest, src); |
8366 | dest->inh_flags = save_flags; | ||
8367 | |||
8368 | if (!ret) | 8376 | if (!ret) |
8369 | /* Note: openssl doesn't set an error as it should for some cases */ | 8377 | /* Note: openssl doesn't set an error as it should for some cases */ |
8370 | return auxL_error(L, auxL_EOPENSSL, "x509.verify_param:inherit"); | 8378 | return auxL_error(L, auxL_EOPENSSL, "x509.verify_param:inherit"); |