diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-10-06 15:26:19 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-10-10 10:09:08 +0200 |
commit | 78acaba6a15b54a1b47185295cef2520761bfadf (patch) | |
tree | 71ab978526b4d6d20c542a2a0387577fa3592075 | |
parent | e1803a208ac6e8045f4f6abaf422980a2306870b (diff) | |
download | strongswan-78acaba6a15b54a1b47185295cef2520761bfadf.tar.bz2 strongswan-78acaba6a15b54a1b47185295cef2520761bfadf.tar.xz |
openssl: Fix call of X509_CRL_get0_signature() with OpenSSL 1.1.0
The order of arguments in X509_CRL_get0_signature() is not the same as that
of X509_get0_signature().
Fixes: 989ba4b6cd16 ("openssl: Update CRL API to OpenSSL 1.1.0")
-rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_crl.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index e8b58c759..503f7bf27 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -50,7 +50,7 @@ #include <credentials/certificates/x509.h> #if OPENSSL_VERSION_NUMBER < 0x10100000L -static inline void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509_CRL *crl) { +static inline void X509_CRL_get0_signature(const X509_CRL *crl, ASN1_BIT_STRING **psig, X509_ALGOR **palg) { if (psig) { *psig = crl->signature; } if (palg) { *palg = crl->sig_alg; } } @@ -331,7 +331,7 @@ METHOD(certificate_t, issued_by, bool, #else tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl); #endif - X509_CRL_get0_signature(&sig, NULL, this->crl); + X509_CRL_get0_signature(this->crl, &sig, NULL); valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig)); free(tbs.ptr); key->destroy(key); @@ -575,7 +575,7 @@ static bool parse_crl(private_openssl_crl_t *this) return FALSE; } - X509_CRL_get0_signature(NULL, &alg, this->crl); + X509_CRL_get0_signature(this->crl, NULL, &alg); X509_ALGOR_get0(&oid, NULL, NULL, alg); #if OPENSSL_VERSION_NUMBER < 0x10100000L if (!chunk_equals( |