summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2020-10-02 07:53:58 +0000
committertb <>2020-10-02 07:53:58 +0000
commit24c1472944e53124a9ed8f5baef3fd8496632a4f (patch)
tree171c880ed1ae900612fa2110e465b37f713fd8a4
parent47ae43c59d54927c866d98e2249318f5de880b4a (diff)
downloadopenbsd-24c1472944e53124a9ed8f5baef3fd8496632a4f.tar.gz
openbsd-24c1472944e53124a9ed8f5baef3fd8496632a4f.tar.bz2
openbsd-24c1472944e53124a9ed8f5baef3fd8496632a4f.zip
Make this test compile against OpenSSL 1.1
The X509_STORE_CTX struct is opaque in OpenSSL 1.1. To avoid reaching inside it, reuse the trusted certificate store that was just assigned to it and use X509_STORE_CTX_get0_param(3) to access the verification parameters.
Diffstat (limited to '')
-rw-r--r--src/regress/lib/libcrypto/x509/bettertls/verify.c32
1 files changed, 21 insertions, 11 deletions
diff --git a/src/regress/lib/libcrypto/x509/bettertls/verify.c b/src/regress/lib/libcrypto/x509/bettertls/verify.c
index 28dde61641..430fef75b3 100644
--- a/src/regress/lib/libcrypto/x509/bettertls/verify.c
+++ b/src/regress/lib/libcrypto/x509/bettertls/verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: verify.c,v 1.4 2020/09/18 15:23:16 tb Exp $ */ 1/* $OpenBSD: verify.c,v 1.5 2020/10/02 07:53:58 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -107,6 +107,7 @@ verify_cert(const char *roots_file, const char *bundle_file,
107 X509_STORE *store = NULL; 107 X509_STORE *store = NULL;
108 X509_STORE_CTX *xscip = NULL; 108 X509_STORE_CTX *xscip = NULL;
109 X509_STORE *storeip = NULL; 109 X509_STORE *storeip = NULL;
110 X509_VERIFY_PARAM *param, *paramip;
110 X509 *leaf = NULL; 111 X509 *leaf = NULL;
111 unsigned long flags, flagsip; 112 unsigned long flags, flagsip;
112 113
@@ -133,15 +134,20 @@ verify_cert(const char *roots_file, const char *bundle_file,
133 errx(1, "failed to init store context"); 134 errx(1, "failed to init store context");
134 } 135 }
135 136
136 X509_STORE_set_default_paths(xsc->ctx); 137 X509_STORE_set_default_paths(store);
137 138
138 if (verbose) 139 if (verbose)
139 X509_STORE_CTX_set_verify_cb(xsc, verify_cert_cb); 140 X509_STORE_CTX_set_verify_cb(xsc, verify_cert_cb);
140 141
141 flags = X509_VERIFY_PARAM_get_flags(xsc->param); 142 if ((param = X509_STORE_CTX_get0_param(xsc)) == NULL) {
142 X509_VERIFY_PARAM_set_flags(xsc->param, flags); 143 ERR_print_errors_fp(stderr);
143 X509_VERIFY_PARAM_set_time(xsc->param, 1600000000); 144 errx(1, "failed to get verify parameters");
144 X509_VERIFY_PARAM_set1_host(xsc->param,"localhost.local", strlen("localhost.local")); 145 }
146 flags = X509_VERIFY_PARAM_get_flags(param);
147 X509_VERIFY_PARAM_set_flags(param, flags);
148 X509_VERIFY_PARAM_set_time(param, 1600000000);
149 X509_VERIFY_PARAM_set1_host(param, "localhost.local",
150 strlen("localhost.local"));
145 151
146 X509_STORE_CTX_set0_trusted_stack(xsc, roots); 152 X509_STORE_CTX_set0_trusted_stack(xsc, roots);
147 153
@@ -159,15 +165,19 @@ verify_cert(const char *roots_file, const char *bundle_file,
159 errx(1, "failed to init store context"); 165 errx(1, "failed to init store context");
160 } 166 }
161 167
162 X509_STORE_set_default_paths(xscip->ctx); 168 X509_STORE_set_default_paths(storeip);
163 169
164 if (verbose) 170 if (verbose)
165 X509_STORE_CTX_set_verify_cb(xscip, verify_cert_cb); 171 X509_STORE_CTX_set_verify_cb(xscip, verify_cert_cb);
166 172
167 flagsip = X509_VERIFY_PARAM_get_flags(xscip->param); 173 if ((paramip = X509_STORE_CTX_get0_param(xscip)) == NULL) {
168 X509_VERIFY_PARAM_set_flags(xscip->param, flagsip); 174 ERR_print_errors_fp(stderr);
169 X509_VERIFY_PARAM_set_time(xscip->param, 1600000000); 175 errx(1, "failed to get verify parameters");
170 X509_VERIFY_PARAM_set1_ip_asc(xscip->param,"127.0.0.1"); 176 }
177 flagsip = X509_VERIFY_PARAM_get_flags(paramip);
178 X509_VERIFY_PARAM_set_flags(paramip, flagsip);
179 X509_VERIFY_PARAM_set_time(paramip, 1600000000);
180 X509_VERIFY_PARAM_set1_ip_asc(paramip, "127.0.0.1");
171 181
172 X509_STORE_CTX_set0_trusted_stack(xscip, roots); 182 X509_STORE_CTX_set0_trusted_stack(xscip, roots);
173 183
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 12:04:23 +0000