+++ /dev/null
---- a/modules/md/md_crypt.c
-+++ b/modules/md/md_crypt.c
-@@ -1194,23 +1194,23 @@ int md_certs_are_equal(const md_cert_t *
-
- int md_cert_is_valid_now(const md_cert_t *cert)
- {
-- return ((X509_cmp_current_time(X509_get_notBefore(cert->x509)) < 0)
-- && (X509_cmp_current_time(X509_get_notAfter(cert->x509)) > 0));
-+ return ((X509_cmp_current_time(X509_get0_notBefore(cert->x509)) < 0)
-+ && (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) > 0));
- }
-
- int md_cert_has_expired(const md_cert_t *cert)
- {
-- return (X509_cmp_current_time(X509_get_notAfter(cert->x509)) <= 0);
-+ return (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) <= 0);
- }
-
- apr_time_t md_cert_get_not_after(const md_cert_t *cert)
- {
-- return md_asn1_time_get(X509_get_notAfter(cert->x509));
-+ return md_asn1_time_get(X509_get0_notAfter(cert->x509));
- }
-
- apr_time_t md_cert_get_not_before(const md_cert_t *cert)
- {
-- return md_asn1_time_get(X509_get_notBefore(cert->x509));
-+ return md_asn1_time_get(X509_get0_notBefore(cert->x509));
- }
-
- md_timeperiod_t md_cert_get_valid(const md_cert_t *cert)
---- a/modules/ssl/ssl_engine_init.c
-+++ b/modules/ssl/ssl_engine_init.c
-@@ -231,7 +231,7 @@ apr_status_t ssl_init_Module(apr_pool_t
- apr_status_t rv;
- apr_array_header_t *pphrases;
-
-- if (SSLeay() < MODSSL_LIBRARY_VERSION) {
-+ if (OpenSSL_version_num() < MODSSL_LIBRARY_VERSION) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882)
- "Init: this version of mod_ssl was compiled against "
- "a newer library (%s, version currently loaded is %s)"
---- a/modules/ssl/ssl_engine_io.c
-+++ b/modules/ssl/ssl_engine_io.c
-@@ -1316,9 +1316,9 @@ static apr_status_t ssl_io_filter_handsh
- if (dc->proxy->ssl_check_peer_expire != FALSE) {
- if (!cert
- || (X509_cmp_current_time(
-- X509_get_notBefore(cert)) >= 0)
-+ X509_get0_notBefore(cert)) >= 0)
- || (X509_cmp_current_time(
-- X509_get_notAfter(cert)) <= 0)) {
-+ X509_get0_notAfter(cert)) <= 0)) {
- proxy_ssl_check_peer_ok = FALSE;
- ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02004)
- "SSL Proxy: Peer certificate is expired");
---- a/modules/ssl/ssl_engine_log.c
-+++ b/modules/ssl/ssl_engine_log.c
-@@ -171,10 +171,10 @@ static void ssl_log_cert_error(const cha
- BIO_puts(bio, "(ERROR)");
-
- BIO_puts(bio, " / notbefore: ");
-- ASN1_TIME_print(bio, X509_get_notBefore(cert));
-+ ASN1_TIME_print(bio, X509_get0_notBefore(cert));
-
- BIO_puts(bio, " / notafter: ");
-- ASN1_TIME_print(bio, X509_get_notAfter(cert));
-+ ASN1_TIME_print(bio, X509_get0_notAfter(cert));
-
- BIO_puts(bio, "]");
-
---- a/modules/ssl/ssl_engine_vars.c
-+++ b/modules/ssl/ssl_engine_vars.c
-@@ -490,13 +490,13 @@ static char *ssl_var_lookup_ssl_cert(apr
- result = ssl_var_lookup_ssl_cert_serial(p, xs);
- }
- else if (strcEQ(var, "V_START")) {
-- result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));
-+ result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notBefore(xs));
- }
- else if (strcEQ(var, "V_END")) {
-- result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
-+ result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notAfter(xs));
- }
- else if (strcEQ(var, "V_REMAIN")) {
-- result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs));
-+ result = ssl_var_lookup_ssl_cert_remain(p, X509_get0_notAfter(xs));
- resdup = FALSE;
- }
- else if (*var && strcEQ(var+1, "_DN")) {
---- a/modules/ssl/ssl_private.h
-+++ b/modules/ssl/ssl_private.h
-@@ -102,6 +102,9 @@
- #include <openssl/x509v3.h>
- #include <openssl/x509_vfy.h>
- #include <openssl/ocsp.h>
-+#include <openssl/dh.h>
-+#include <openssl/bn.h>
-+#include <openssl/ui.h>
-
- /* Avoid tripping over an engine build installed globally and detected
- * when the user points at an explicit non-engine flavor of OpenSSL
---- a/support/ab.c
-+++ b/support/ab.c
-@@ -665,11 +665,11 @@ static void ssl_print_cert_info(BIO *bio
-
- BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1);
- BIO_printf(bio,"Valid from: ");
-- ASN1_UTCTIME_print(bio, X509_get_notBefore(cert));
-+ ASN1_UTCTIME_print(bio, X509_get0_notBefore(cert));
- BIO_printf(bio,"\n");
-
- BIO_printf(bio,"Valid to : ");
-- ASN1_UTCTIME_print(bio, X509_get_notAfter(cert));
-+ ASN1_UTCTIME_print(bio, X509_get0_notAfter(cert));
- BIO_printf(bio,"\n");
-
- pk = X509_get_pubkey(cert);
-@@ -2647,8 +2647,10 @@ int main(int argc, const char * const ar
- CRYPTO_malloc_init();
- #endif
- #endif
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- SSL_load_error_strings();
- SSL_library_init();
-+#endif
- bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
projects / feed / packages.git / commitdiff