From 24c1472944e53124a9ed8f5baef3fd8496632a4f Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 2 Oct 2020 07:53:58 +0000
Subject: Make this test compile against OpenSSL 1.1

The X509_STORE_CTX struct is opaque in OpenSSL 1.1. To avoid reaching
inside it, reuse the trusted certificate store that was just assigned
to it and use X509_STORE_CTX_get0_param(3) to access the verification
parameters.
---
 src/regress/lib/libcrypto/x509/bettertls/verify.c | 32 +++++++++++++++--------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/src/regress/lib/libcrypto/x509/bettertls/verify.c b/src/regress/lib/libcrypto/x509/bettertls/verify.c
index 28dde61641..430fef75b3 100644
--- a/src/regress/lib/libcrypto/x509/bettertls/verify.c
+++ b/src/regress/lib/libcrypto/x509/bettertls/verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: verify.c,v 1.4 2020/09/18 15:23:16 tb Exp $ */
+/* $OpenBSD: verify.c,v 1.5 2020/10/02 07:53:58 tb Exp $ */
 /*
  * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -107,6 +107,7 @@ verify_cert(const char *roots_file, const char *bundle_file,
 	X509_STORE *store = NULL;
 	X509_STORE_CTX *xscip = NULL;
 	X509_STORE *storeip = NULL;
+	X509_VERIFY_PARAM *param, *paramip;
 	X509 *leaf = NULL;
 	unsigned long flags, flagsip;
 
@@ -133,15 +134,20 @@ verify_cert(const char *roots_file, const char *bundle_file,
 		errx(1, "failed to init store context");
 	}
 
-	X509_STORE_set_default_paths(xsc->ctx);
+	X509_STORE_set_default_paths(store);
 
 	if (verbose)
 		X509_STORE_CTX_set_verify_cb(xsc, verify_cert_cb);
 
-	flags = X509_VERIFY_PARAM_get_flags(xsc->param);
-	X509_VERIFY_PARAM_set_flags(xsc->param, flags);
-	X509_VERIFY_PARAM_set_time(xsc->param, 1600000000);
-	X509_VERIFY_PARAM_set1_host(xsc->param,"localhost.local", strlen("localhost.local"));
+	if ((param = X509_STORE_CTX_get0_param(xsc)) == NULL) {
+		ERR_print_errors_fp(stderr);
+		errx(1, "failed to get verify parameters");
+	}
+	flags = X509_VERIFY_PARAM_get_flags(param);
+	X509_VERIFY_PARAM_set_flags(param, flags);
+	X509_VERIFY_PARAM_set_time(param, 1600000000);
+	X509_VERIFY_PARAM_set1_host(param, "localhost.local",
+	    strlen("localhost.local"));
 
 	X509_STORE_CTX_set0_trusted_stack(xsc, roots);
 
@@ -159,15 +165,19 @@ verify_cert(const char *roots_file, const char *bundle_file,
 		errx(1, "failed to init store context");
 	}
 
-	X509_STORE_set_default_paths(xscip->ctx);
+	X509_STORE_set_default_paths(storeip);
 
 	if (verbose)
 		X509_STORE_CTX_set_verify_cb(xscip, verify_cert_cb);
 
-	flagsip = X509_VERIFY_PARAM_get_flags(xscip->param);
-	X509_VERIFY_PARAM_set_flags(xscip->param, flagsip);
-	X509_VERIFY_PARAM_set_time(xscip->param, 1600000000);
-	X509_VERIFY_PARAM_set1_ip_asc(xscip->param,"127.0.0.1");
+	if ((paramip = X509_STORE_CTX_get0_param(xscip)) == NULL) {
+		ERR_print_errors_fp(stderr);
+		errx(1, "failed to get verify parameters");
+	}
+	flagsip = X509_VERIFY_PARAM_get_flags(paramip);
+	X509_VERIFY_PARAM_set_flags(paramip, flagsip);
+	X509_VERIFY_PARAM_set_time(paramip, 1600000000);
+	X509_VERIFY_PARAM_set1_ip_asc(paramip, "127.0.0.1");
 
 	X509_STORE_CTX_set0_trusted_stack(xscip, roots);
 
-- 
cgit v1.2.3-55-g6feb