aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-02-17 08:21:28 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2008-02-17 08:21:28 +0000
commit522fccc3f07cb80b1a7719eefe26befbe067c7c6 (patch)
tree5d66803931b1bf80fcfec68086d227c9dddf7986
parentCleanup IP address for persistence interfaces for tap and also using (diff)
downloadopenvpn-522fccc3f07cb80b1a7719eefe26befbe067c7c6.tar.xz
The new function extract_x509_field_ssl tends to break
in early versions of OpenSSL 0.9.6. Now we will fall back to the old function extract_x509_field for OpenSSL 0.9.6. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2749 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r--crypto.h3
-rw-r--r--ssl.c12
2 files changed, 14 insertions, 1 deletions
diff --git a/crypto.h b/crypto.h
index 655e499..8996fc6 100644
--- a/crypto.h
+++ b/crypto.h
@@ -69,6 +69,9 @@
#if SSLEAY_VERSION_NUMBER < 0x00907000L
+/* Workaround: OpenSSL 0.9.6 breaks extract_x509_field_ssl function */
+#define USE_OLD_EXTRACT_X509_FIELD
+
/* Workaround: EVP_CIPHER_mode is defined wrong in OpenSSL 0.9.6 but is fixed in 0.9.7 */
#undef EVP_CIPHER_mode
#define EVP_CIPHER_mode(e) (((e)->flags) & EVP_CIPH_MODE)
diff --git a/ssl.c b/ssl.c
index ea3212b..c587b8c 100644
--- a/ssl.c
+++ b/ssl.c
@@ -344,6 +344,8 @@ tmp_rsa_cb (SSL * s, int is_export, int keylength)
return (rsa_tmp);
}
+#ifdef USE_OLD_EXTRACT_X509_FIELD
+
/*
* Extract a field from an X509 subject name.
*
@@ -378,6 +380,8 @@ extract_x509_field (const char *x509, const char *field_name, char *out, int siz
}
}
+#else
+
/*
* Extract a field from an X509 subject name.
*
@@ -423,6 +427,8 @@ extract_x509_field_ssl (X509_NAME *x509, const char *field_name, char *out, int
OPENSSL_free(buf);
}
+#endif
+
static void
setenv_untrusted (struct tls_session *session)
{
@@ -583,8 +589,12 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
string_mod (subject, X509_NAME_CHAR_CLASS, 0, '_');
/* extract the common name */
+#ifdef USE_OLD_EXTRACT_X509_FIELD
+ extract_x509_field (subject, "CN", common_name, TLS_CN_LEN);
+#else
extract_x509_field_ssl (X509_get_subject_name (ctx->current_cert), "CN", common_name, TLS_CN_LEN);
- //extract_x509_field (subject, "CN", common_name, TLS_CN_LEN);
+#endif
+
string_mod (common_name, COMMON_NAME_CHAR_CLASS, 0, '_');
#if 0 /* print some debugging info */