summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWilliam Ahern <william@25thandclement.com>2016-12-08 18:13:22 -0800
committerWilliam Ahern <william@25thandclement.com>2016-12-08 18:13:22 -0800
commite9ecd299628b2af6a8aa74ce7956bb7ae902f69d (patch)
tree57cac1a9a0f54e35e7dbc4a9a9d158511f134505
parent028873f1fde5b91a3b8d2f80f350ca1682146029 (diff)
downloadluaossl-e9ecd299628b2af6a8aa74ce7956bb7ae902f69d.tar.gz
luaossl-e9ecd299628b2af6a8aa74ce7956bb7ae902f69d.tar.bz2
luaossl-e9ecd299628b2af6a8aa74ce7956bb7ae902f69d.zip
manipulation of inh_flags isn't supported by OpenSSL 1.1 API
-rw-r--r--src/openssl.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/openssl.c b/src/openssl.c
index 7addaa1..3ac0c6d 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -8354,17 +8354,25 @@ static int xp_interpose(lua_State *L) {
8354} /* xp_interpose() */ 8354} /* xp_interpose() */
8355 8355
8356 8356
8357/*
8358 * NB: Per the OpenSSL source, "[t]he 'inh_flags' field determines how this
8359 * function behaves". (Referring to X509_VERIFY_PARAM_inherit.) The way to
8360 * set inh_flags prior to OpenSSL 1.1 was by OR'ing flags into the inh_flags
8361 * member and restoring it after the call. The OpenSSL 1.1 API makes the
8362 * X509_VERIFY_PARAM object opaque, X509_VERIFY_PARAM_inherit, and there's
8363 * no other function to set the flags argument; therefore it's not possible
8364 * to control the inherit behavior from OpenSSL 1.1.
8365 *
8366 * For more details see
8367 * https://github.com/openssl/openssl/issues/2054 and the original
8368 * https://github.com/wahern/luaossl/pull/76/commits/db6e414d68c0f94c2497d363f6131b4de1710ba9
8369 */
8357static int xp_inherit(lua_State *L) { 8370static int xp_inherit(lua_State *L) {
8358 X509_VERIFY_PARAM *dest = checksimple(L, 1, X509_VERIFY_PARAM_CLASS); 8371 X509_VERIFY_PARAM *dest = checksimple(L, 1, X509_VERIFY_PARAM_CLASS);
8359 X509_VERIFY_PARAM *src = checksimple(L, 2, X509_VERIFY_PARAM_CLASS); 8372 X509_VERIFY_PARAM *src = checksimple(L, 2, X509_VERIFY_PARAM_CLASS);
8360 int flags = luaL_optinteger(L, 3, 0);
8361 unsigned long save_flags = dest->inh_flags;
8362 int ret; 8373 int ret;
8363 8374
8364 dest->inh_flags |= flags;
8365 ret = X509_VERIFY_PARAM_inherit(dest, src); 8375 ret = X509_VERIFY_PARAM_inherit(dest, src);
8366 dest->inh_flags = save_flags;
8367
8368 if (!ret) 8376 if (!ret)
8369 /* Note: openssl doesn't set an error as it should for some cases */ 8377 /* Note: openssl doesn't set an error as it should for some cases */
8370 return auxL_error(L, auxL_EOPENSSL, "x509.verify_param:inherit"); 8378 return auxL_error(L, auxL_EOPENSSL, "x509.verify_param:inherit");