From 78acaba6a15b54a1b47185295cef2520761bfadf Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 6 Oct 2017 15:26:19 +0200
Subject: openssl: Fix call of X509_CRL_get0_signature() with OpenSSL 1.1.0

The order of arguments in X509_CRL_get0_signature() is not the same as that
of X509_get0_signature().

Fixes: 989ba4b6cd16 ("openssl: Update CRL API to OpenSSL 1.1.0")
---
 src/libstrongswan/plugins/openssl/openssl_crl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index e8b58c759..503f7bf27 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -50,7 +50,7 @@
 #include <credentials/certificates/x509.h>
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-static inline void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509_CRL *crl) {
+static inline void X509_CRL_get0_signature(const X509_CRL *crl, ASN1_BIT_STRING **psig, X509_ALGOR **palg) {
 	if (psig) { *psig = crl->signature; }
 	if (palg) { *palg = crl->sig_alg; }
 }
@@ -331,7 +331,7 @@ METHOD(certificate_t, issued_by, bool,
 #else
 	tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl);
 #endif
-	X509_CRL_get0_signature(&sig, NULL, this->crl);
+	X509_CRL_get0_signature(this->crl, &sig, NULL);
 	valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig));
 	free(tbs.ptr);
 	key->destroy(key);
@@ -575,7 +575,7 @@ static bool parse_crl(private_openssl_crl_t *this)
 		return FALSE;
 	}
 
-	X509_CRL_get0_signature(NULL, &alg, this->crl);
+	X509_CRL_get0_signature(this->crl, NULL, &alg);
 	X509_ALGOR_get0(&oid, NULL, NULL, alg);
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 	if (!chunk_equals(
-- 
cgit v1.2.3