File ssl-fix-100.patch of Package dba-apache-2065
Index: modules/ssl/ssl_engine_init.c
===================================================================
--- modules/ssl/ssl_engine_init.c (revision 681645)
+++ modules/ssl/ssl_engine_init.c (working copy)
@@ -573,7 +573,7 @@ static void ssl_init_ctx_verify(server_r
ssl_die();
}
- SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list);
+ SSL_CTX_set_client_CA_list(ctx, ca_list);
}
/*
@@ -1130,7 +1130,8 @@ static int ssl_init_FindCAList_X509NameC
return(X509_NAME_cmp((void*)*a, (void*)*b));
}
#else
-static int ssl_init_FindCAList_X509NameCmp(X509_NAME **a, X509_NAME **b)
+static int ssl_init_FindCAList_X509NameCmp(const X509_NAME * const *a,
+ const X509_NAME * const *b)
{
return(X509_NAME_cmp(*a, *b));
}
Index: modules/ssl/ssl_util_ssl.c
===================================================================
--- modules/ssl/ssl_util_ssl.c (revision 681645)
+++ modules/ssl/ssl_util_ssl.c (working copy)
@@ -294,7 +294,7 @@ BOOL SSL_X509_isSGC(X509 *cert)
#ifdef HAVE_SSL_X509V3_EXT_d2i
X509_EXTENSION *ext;
int ext_nid;
- STACK *sk;
+ EXTENDED_KEY_USAGE *eku;
BOOL is_sgc;
int idx;
int i;
@@ -303,9 +303,9 @@ BOOL SSL_X509_isSGC(X509 *cert)
idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1);
if (idx >= 0) {
ext = X509_get_ext(cert, idx);
- if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) {
- for (i = 0; i < sk_num(sk); i++) {
- ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_value(sk, i));
+ if ((eku = X509V3_EXT_d2i(ext)) != NULL) {
+ for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+ ext_nid = OBJ_obj2nid(sk_ASN1_OBJECT_value(eku, i));
if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
is_sgc = TRUE;
break;
@@ -467,7 +467,7 @@ int SSL_CTX_use_certificate_chain(
X509 *x509;
unsigned long err;
int n;
- STACK *extra_certs;
+ STACK_OF(X509) *extra_certs;
if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
return -1;
Index: modules/ssl/ssl_engine_kernel.c
===================================================================
--- modules/ssl/ssl_engine_kernel.c (revision 681645)
+++ modules/ssl/ssl_engine_kernel.c (working copy)
@@ -648,7 +686,7 @@ int ssl_hook_Access(request_rec *r)
* sk_X509_shift-ed the peer cert out of the chain.
* we put it back here for the purpose of quick_renegotiation.
*/
- cert_stack = sk_new_null();
+ cert_stack = (STACK_OF(X509) *)sk_new_null();
sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
}
