Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

TLS-SCT: compile on old versions of OpenSSL (1.0.1...)

Browse source
This commit is contained in:
Johanna Amann 2017-03-27 20:13:12 +00:00
parent aec62aeee9
commit b8e81029f8
1 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/file_analysis/analyzer/x509/functions.bif
View file

@ -624,7 +624,9 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
} }
#endif #endif
X509_EXTENSION_free(X509_delete_ext(x, pos)); X509_EXTENSION_free(X509_delete_ext(x, pos));
#ifdef NID_ct_precert_scts
assert( X509_get_ext_by_NID(x, NID_ct_precert_scts, -1) == -1 ); assert( X509_get_ext_by_NID(x, NID_ct_precert_scts, -1) == -1 );
#endif
} }
unsigned char *cert_out = nullptr; unsigned char *cert_out = nullptr;
@ -684,7 +686,14 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
goto sct_verify_err; goto sct_verify_err;
} }
#ifdef NID_ct_precert_scts
success = EVP_DigestVerifyFinal(mdctx, signature->Bytes(), signature->Len()); success = EVP_DigestVerifyFinal(mdctx, signature->Bytes(), signature->Len());
#else
// older versions of OpenSSL use a non-const-char *sigh*
// I don't think they actually manipulate the value though.
// todo - this needs a cmake test
success = EVP_DigestVerifyFinal(mdctx, (unsigned char*) signature->Bytes(), signature->Len());
#endif
EVP_MD_CTX_destroy(mdctx); EVP_MD_CTX_destroy(mdctx);
return new Val(success, TYPE_BOOL); return new Val(success, TYPE_BOOL);