@@ -191,7 +191,7 @@ extract_x509_extension(X509 *cert, char *fieldname, char *out, size_t size)
191191 * to contain result is grounds for error).
192192 */
193193static result_t
194- extract_x509_field_ssl (X509_NAME * x509 , const char * field_name , char * out , size_t size )
194+ extract_x509_field_ssl (const X509_NAME * x509 , const char * field_name , char * out , size_t size )
195195{
196196 int lastpos = -1 ;
197197 int tmp = -1 ;
@@ -209,7 +209,12 @@ extract_x509_field_ssl(X509_NAME *x509, const char *field_name, char *out, size_
209209 do
210210 {
211211 lastpos = tmp ;
212+ #if OPENSSL_VERSION_NUMBER >= 0x30000000L
212213 tmp = X509_NAME_get_index_by_OBJ (x509 , field_name_obj , lastpos );
214+ #else
215+ /* OpenSSL 1.1.x has the argument as non-const */
216+ tmp = X509_NAME_get_index_by_OBJ ((X509_NAME * )x509 , field_name_obj , lastpos );
217+ #endif
213218 } while (tmp > -1 );
214219
215220 ASN1_OBJECT_free (field_name_obj );
@@ -269,7 +274,7 @@ backend_x509_get_username(char *common_name, size_t cn_len, char *x509_username_
269274 }
270275 else
271276 {
272- X509_NAME * x509_subject_name = X509_get_subject_name (peer_cert );
277+ const X509_NAME * x509_subject_name = X509_get_subject_name (peer_cert );
273278 if (x509_subject_name == NULL )
274279 {
275280 msg (D_TLS_ERRORS , "X509 subject name is NULL" );
@@ -457,7 +462,12 @@ void
457462x509_setenv_track (const struct x509_track * xt , struct env_set * es , const int depth , X509 * x509 )
458463{
459464 struct gc_arena gc = gc_new ();
465+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
466+ /* OpenSSL 1.1.x APIs all take non-const arguments */
460467 X509_NAME * x509_name = X509_get_subject_name (x509 );
468+ #else
469+ const X509_NAME * x509_name = X509_get_subject_name (x509 );
470+ #endif
461471 const char nullc = '\0' ;
462472
463473 while (xt )
@@ -491,10 +501,10 @@ x509_setenv_track(const struct x509_track *xt, struct env_set *es, const int dep
491501 int i = X509_NAME_get_index_by_NID (x509_name , xt -> nid , -1 );
492502 if (i >= 0 )
493503 {
494- X509_NAME_ENTRY * ent = X509_NAME_get_entry (x509_name , i );
504+ const X509_NAME_ENTRY * ent = X509_NAME_get_entry (x509_name , i );
495505 if (ent )
496506 {
497- ASN1_STRING * val = X509_NAME_ENTRY_get_data (ent );
507+ const ASN1_STRING * val = X509_NAME_ENTRY_get_data (ent );
498508 unsigned char * buf = NULL ;
499509 if (ASN1_STRING_to_UTF8 (& buf , val ) >= 0 )
500510 {
@@ -508,7 +518,11 @@ x509_setenv_track(const struct x509_track *xt, struct env_set *es, const int dep
508518 i = X509_get_ext_by_NID (x509 , xt -> nid , -1 );
509519 if (i >= 0 )
510520 {
521+ #if OPENSSL_VERSION_NUMBER < 0x40000000L
511522 X509_EXTENSION * ext = X509_get_ext (x509 , i );
523+ #else
524+ const X509_EXTENSION * ext = X509_get_ext (x509 , i );
525+ #endif
512526 if (ext )
513527 {
514528 BIO * bio = BIO_new (BIO_s_mem ());
@@ -544,51 +558,43 @@ x509_setenv_track(const struct x509_track *xt, struct env_set *es, const int dep
544558void
545559x509_setenv (struct env_set * es , int cert_depth , openvpn_x509_cert_t * peer_cert )
546560{
547- int i , n ;
548- int fn_nid ;
549- ASN1_OBJECT * fn ;
550- ASN1_STRING * val ;
551- X509_NAME_ENTRY * ent ;
552- const char * objbuf ;
553- unsigned char * buf = NULL ;
554- char * name_expand ;
555- size_t name_expand_size ;
556- X509_NAME * x509 = X509_get_subject_name (peer_cert );
561+ const X509_NAME * x509 = X509_get_subject_name (peer_cert );
557562
558- n = X509_NAME_entry_count (x509 );
559- for (i = 0 ; i < n ; ++ i )
563+ int n = X509_NAME_entry_count (x509 );
564+ for (int i = 0 ; i < n ; ++ i )
560565 {
561- ent = X509_NAME_get_entry (x509 , i );
566+ const X509_NAME_ENTRY * ent = X509_NAME_get_entry (x509 , i );
562567 if (!ent )
563568 {
564569 continue ;
565570 }
566- fn = X509_NAME_ENTRY_get_object (ent );
571+ const ASN1_OBJECT * fn = X509_NAME_ENTRY_get_object (ent );
567572 if (!fn )
568573 {
569574 continue ;
570575 }
571- val = X509_NAME_ENTRY_get_data (ent );
576+ const ASN1_STRING * val = X509_NAME_ENTRY_get_data (ent );
572577 if (!val )
573578 {
574579 continue ;
575580 }
576- fn_nid = OBJ_obj2nid (fn );
581+ int fn_nid = OBJ_obj2nid (fn );
577582 if (fn_nid == NID_undef )
578583 {
579584 continue ;
580585 }
581- objbuf = OBJ_nid2sn (fn_nid );
586+ const char * objbuf = OBJ_nid2sn (fn_nid );
582587 if (!objbuf )
583588 {
584589 continue ;
585590 }
591+ unsigned char * buf = NULL ;
586592 if (ASN1_STRING_to_UTF8 (& buf , val ) < 0 )
587593 {
588594 continue ;
589595 }
590- name_expand_size = 64 + strlen (objbuf );
591- name_expand = ( char * ) malloc (name_expand_size );
596+ size_t name_expand_size = 64 + strlen (objbuf );
597+ char * name_expand = malloc (name_expand_size );
592598 check_malloc_return (name_expand );
593599 snprintf (name_expand , name_expand_size , "X509_%d_%s" , cert_depth , objbuf );
594600 string_mod (name_expand , CC_PRINT , CC_CRLF , '_' );
0 commit comments