Fix build with OpenSSL 1.1 and later.

diff --git a/src/certificate.cc b/src/certificate.cc
index fbe3a80d2c2c9b6667f2085a704749d015df82f8..64fb36261b402baa390032e168a880902bd9508f 100644 (file)
--- a/src/certificate.cc
+++ b/src/certificate.cc
@@ -355,6 +355,7 @@ Certificate::serial () const
        return st;
 }
 
+/** @return thumbprint of the to-be-signed portion of this certificate */
 string
 Certificate::thumbprint () const
 {
@@ -362,7 +363,13 @@ Certificate::thumbprint () const
 
        uint8_t buffer[8192];
        uint8_t* p = buffer;
+
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+#warning "Using new OpenSSL API"
+       i2d_re_X509_tbs(_certificate, &p);
+#else
        i2d_X509_CINF (_certificate->cert_info, &p);
+#endif
        unsigned int const length = p - buffer;
        if (length > sizeof (buffer)) {
                throw MiscError ("buffer too small to generate thumbprint");

diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 29ae7feb6148304fcd25d5717df226e666b9111a..f06b2c3e7a40aa89885b0d77381fe0832965f56d 100644 (file)
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -51,6 +51,7 @@
 #include <openssl/bio.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
+#include <openssl/rsa.h>
 #include <boost/filesystem.hpp>
 #include <boost/algorithm/string.hpp>
 #include <boost/foreach.hpp>
@@ -463,7 +464,17 @@ CertificateChain::valid () const
 
        RSA* private_key = PEM_read_bio_RSAPrivateKey (bio, 0, 0, 0);
        RSA* public_key = leaf().public_key ();
+
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+#warning "Using new OpenSSL API"
+       BIGNUM const * private_key_n;
+       RSA_get0_key(private_key, &private_key_n, 0, 0);
+       BIGNUM const * public_key_n;
+       RSA_get0_key(public_key, &public_key_n, 0, 0);
+       bool const valid = !BN_cmp (private_key_n, public_key_n);
+#else
        bool const valid = !BN_cmp (private_key->n, public_key->n);
+#endif
        BIO_free (bio);
 
        return valid;

diff --git a/test/certificates_test.cc b/test/certificates_test.cc
index 8ae01eed6ee615e8583b0a3fad77c50216fe58da..1bec9869f4e3dfd137cb83501d79bc6335bf86fe 100644 (file)
--- a/test/certificates_test.cc
+++ b/test/certificates_test.cc
@@ -44,6 +44,7 @@ BOOST_AUTO_TEST_CASE (certificates1)
 
        /* Leaf */
        BOOST_CHECK_EQUAL (*i, c.leaf ());
+       BOOST_CHECK_EQUAL (i->thumbprint(), "EZg5wDcihccWqwdg59Y8D+IJpYM=");
 
        BOOST_CHECK_EQUAL (
                c.leaf().issuer(),
@@ -58,6 +59,7 @@ BOOST_AUTO_TEST_CASE (certificates1)
        ++i;
 
        /* Intermediate */
+       BOOST_CHECK_EQUAL (i->thumbprint(), "GwM6ex2UVlWclH8f1uV7W1n0EEU=");
        BOOST_CHECK_EQUAL (
                i->issuer(),
                "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"
@@ -72,6 +74,7 @@ BOOST_AUTO_TEST_CASE (certificates1)
 
        /* Root */
        BOOST_CHECK_EQUAL (*i, c.root ());
+       BOOST_CHECK_EQUAL (i->thumbprint(), "zU8NVNwI2PYejmSYRntG7c6sdTw=");
        BOOST_CHECK_EQUAL (
                c.root().issuer(),
                "dnQualifier=DCnRdHFbcv4ANVUq2\\+wMVALFSec=,CN=.smpte-430-2.ROOT.NOT_FOR_PRODUCTION,OU=example.org,O=example.org"