curl-library
OpenSSL OCSP API breakage
Date: Fri, 20 Mar 2015 11:21:42 +0100 (CET)
Hey
Just a heads up here. And a chance for me to whine a little bit.
Yesterday after the recent OpenSSL security announcement I updated to the
latest OpenSSL git master in a local build of mine, only to realize that
they've changed the API in HEAD and as a consequence libcurl no longer builds
with the latest OpenSSL code.
The OpenSSL commit 6ef869d7d0a9d is the offender, and it was made quite
deliberately: "Make OCSP structures opaque."
I figure we should replace the struct references with the proper function
invokes but after having read our code and the latest OpenSSL headers it isn't
really clear to me which ones to use.
Here's a sample of how this tastes:
vtls/openssl.c: In function 'verifystatus':
vtls/openssl.c:1371:44: error: dereferencing pointer to incomplete type
if(sk_X509_num(ch) >= 2 && sk_X509_num(br->certs) >= 1) {
^
vtls/openssl.c:1372:39: error: dereferencing pointer to incomplete type
X509 *responder = sk_X509_value(br->certs, sk_X509_num(br->certs) - 1);
^
vtls/openssl.c:1399:36: error: dereferencing pointer to incomplete type
if(!sk_OCSP_SINGLERESP_value(br->tbsResponseData->responses, i))
^
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2015-03-20