cURL / Mailing Lists / curl-library / Single Mail

curl-library

OpenSSL OCSP API breakage

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 20 Mar 2015 11:21:42 +0100 (CET)

Hey

Just a heads up here. And a chance for me to whine a little bit.

Yesterday after the recent OpenSSL security announcement I updated to the
latest OpenSSL git master in a local build of mine, only to realize that
they've changed the API in HEAD and as a consequence libcurl no longer builds
with the latest OpenSSL code.

The OpenSSL commit 6ef869d7d0a9d is the offender, and it was made quite
deliberately: "Make OCSP structures opaque."

I figure we should replace the struct references with the proper function
invokes but after having read our code and the latest OpenSSL headers it isn't
really clear to me which ones to use.

Here's a sample of how this tastes:

vtls/openssl.c: In function 'verifystatus':
vtls/openssl.c:1371:44: error: dereferencing pointer to incomplete type
    if(sk_X509_num(ch) >= 2 && sk_X509_num(br->certs) >= 1) {
                                             ^
vtls/openssl.c:1372:39: error: dereferencing pointer to incomplete type
      X509 *responder = sk_X509_value(br->certs, sk_X509_num(br->certs) - 1);
                                        ^
vtls/openssl.c:1399:36: error: dereferencing pointer to incomplete type
      if(!sk_OCSP_SINGLERESP_value(br->tbsResponseData->responses, i))
                                     ^

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2015-03-20