ITS#8353 more for OpenSSL 1.1 compat

tmp_rsa callback has been removed from OpenSSL 1.1 Use new X509_NAME accessor function to retrieve DER bytes
2026-01-10 08:53:27 -05:00 · 2016-01-31 03:29:28 +00:00 · 2016-01-31 03:29:28 +00:00 · 6bb6d5e3c6
commit 6bb6d5e3c6
parent 6c4d6c880b
1 changed files with 24 additions and 0 deletions
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@ -57,7 +57,9 @@ static void tlso_report_error( void );
 static void tlso_info_cb( const SSL *ssl, int where, int ret );
 static int tlso_verify_cb( int ok, X509_STORE_CTX *ctx );
 static int tlso_verify_ok( int ok, X509_STORE_CTX *ctx );
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length );
+#endif

 static int tlso_seed_PRNG( const char *randfile );

@ -374,7 +376,9 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
 	SSL_CTX_set_verify( ctx, i,
 		lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW ?
 		tlso_verify_ok : tlso_verify_cb );
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 	SSL_CTX_set_tmp_rsa_callback( ctx, tlso_tmp_rsa_cb );
+#endif
 #ifdef HAVE_OPENSSL_CRL
 	if ( lo->ldo_tls_crlcheck ) {
 		X509_STORE *x509_s = SSL_CTX_get_cert_store( ctx );
@ -469,8 +473,17 @@ tlso_session_my_dn( tls_session *sess, struct berval *der_dn )
 	if (!x) return LDAP_INVALID_CREDENTIALS;
 	
 	xn = X509_get_subject_name(x);
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
 	der_dn->bv_val = xn->bytes->data;
+#else
+	{
+		size_t len = 0;
+		der_dn->bv_val = NULL;
+		X509_NAME_get0_der( (const unsigned char **)&der_dn->bv_val, &len, xn );
+		der_dn->bv_len = len;
+	}
+#endif
 	/* Don't X509_free, the session is still using it */
 	return 0;
 }
@ -496,8 +509,17 @@ tlso_session_peer_dn( tls_session *sess, struct berval *der_dn )
 		return LDAP_INVALID_CREDENTIALS;

 	xn = X509_get_subject_name(x);
+#if OPENSSL_VERSION_NUMBER < 0x10100000
 	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
 	der_dn->bv_val = xn->bytes->data;
+#else
+	{
+		size_t len = 0;
+		der_dn->bv_val = NULL;
+		X509_NAME_get0_der( (const unsigned char **)&der_dn->bv_val, &len, xn );
+		der_dn->bv_len = len;
+	}
+#endif
 	X509_free(x);
 	return 0;
 }
@ -1149,6 +1171,7 @@ tlso_report_error( void )
 	}
 }

+#if OPENSSL_VERSION_NUMBER < 0x10100000
 static RSA *
 tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
 {
@ -1179,6 +1202,7 @@ tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
 	}
 	return tmp_rsa;
 }
+#endif /* OPENSSL_VERSION_NUMBER < 1.1 */

 static int
 tlso_seed_PRNG( const char *randfile )