[rs-commit] r23 - in /mod_ca/trunk: ChangeLog Makefile.in mod_ca_disk.c mod_ca_engine.c mod_ca_ldap.c mod_ca_simple.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Sat Mar 30 12:48:14 CET 2019
Author: minfrin at redwax.eu
Date: Sat Mar 30 12:48:12 2019
New Revision: 23
Log:
Add a workaround for https://github.com/openssl/openssl/issues/8618
that causes PKCS7 DER encoded objects to not be decoded correctly.
Modified:
mod_ca/trunk/ChangeLog
mod_ca/trunk/Makefile.in
mod_ca/trunk/mod_ca_disk.c
mod_ca/trunk/mod_ca_engine.c
mod_ca/trunk/mod_ca_ldap.c
mod_ca/trunk/mod_ca_simple.c
Modified: mod_ca/trunk/ChangeLog
==============================================================================
--- mod_ca/trunk/ChangeLog (original)
+++ mod_ca/trunk/ChangeLog Sat Mar 30 12:48:12 2019
@@ -1,5 +1,9 @@
Changes with v0.2.0
+
+ *) Add a workaround for https://github.com/openssl/openssl/issues/8618
+ that causes PKCS7 DER encoded objects to not be decoded correctly.
+ [Graham Leggett]
*) Wire through the module names in log messages. [Graham Leggett]
Modified: mod_ca/trunk/Makefile.in
==============================================================================
--- mod_ca/trunk/Makefile.in (original)
+++ mod_ca/trunk/Makefile.in Sat Mar 30 12:48:12 2019
@@ -564,12 +564,12 @@
all-local:
- $(APXS) -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_ca.c
- $(APXS) -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_ca_simple.c
- $(APXS) -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_ca_ldap.c
- $(APXS) -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_ca_crl.c
- $(APXS) -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_ca_disk.c
- $(APXS) -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_ca_engine.c
+ $(APXS) "-Wc,${CFLAGS}" -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_ca.c
+ $(APXS) "-Wc,${CFLAGS}" -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_ca_simple.c
+ $(APXS) "-Wc,${CFLAGS}" -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_ca_ldap.c
+ $(APXS) "-Wc,${CFLAGS}" -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_ca_crl.c
+ $(APXS) "-Wc,${CFLAGS}" -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_ca_disk.c
+ $(APXS) "-Wc,${CFLAGS}" -c $(DEF_LDLIBS) $(AM_CFLAGS) $(AM_LDFLAGS) $(openssl_CFLAGS) $(openssl_LIBS) @srcdir@/mod_ca_engine.c
install-exec-local:
mkdir -p $(DESTDIR)`$(APXS) -q LIBEXECDIR`
Modified: mod_ca/trunk/mod_ca_disk.c
==============================================================================
--- mod_ca/trunk/mod_ca_disk.c (original)
+++ mod_ca/trunk/mod_ca_disk.c Sat Mar 30 12:48:12 2019
@@ -812,6 +812,9 @@
apr_pool_cleanup_null);
}
PKCS7_set_type(p7, NID_pkcs7_signed);
+
+ /* workaround to avoid :BAD OBJECT encoding in i2d_PKCS7 - https://github.com/openssl/openssl/issues/8618 */
+ p7->d.sign->contents->type=OBJ_nid2obj(NID_pkcs7_data);
/* add the generated certificate */
if (!PKCS7_add_certificate(p7, cert)) {
Modified: mod_ca/trunk/mod_ca_engine.c
==============================================================================
--- mod_ca/trunk/mod_ca_engine.c (original)
+++ mod_ca/trunk/mod_ca_engine.c Sat Mar 30 12:48:12 2019
@@ -452,6 +452,9 @@
apr_pool_cleanup_null);
}
PKCS7_set_type(p7, NID_pkcs7_signed);
+
+ /* workaround to avoid :BAD OBJECT encoding in i2d_PKCS7 - https://github.com/openssl/openssl/issues/8618 */
+ p7->d.sign->contents->type=OBJ_nid2obj(NID_pkcs7_data);
/* add the generated certificate */
if (!PKCS7_add_certificate(p7, cert)) {
Modified: mod_ca/trunk/mod_ca_ldap.c
==============================================================================
--- mod_ca/trunk/mod_ca_ldap.c (original)
+++ mod_ca/trunk/mod_ca_ldap.c Sat Mar 30 12:48:12 2019
@@ -480,7 +480,8 @@
tne = X509_NAME_get_entry(subject, j);
val = X509_NAME_ENTRY_get_data(tne);
if (V_ASN1_PRINTABLESTRING == val->type
- || V_ASN1_IA5STRING == val->type) {
+ || V_ASN1_IA5STRING == val->type
+ || V_ASN1_UTF8STRING == val->type) {
filter = apr_pstrcat(r->pool, filter, "(",
conf->attributes[i], "=",
escape_ldap(r->pool,
@@ -493,7 +494,7 @@
else {
log_message(r, APR_SUCCESS,
apr_psprintf(r->pool,
- "Subject name '%s' is not a printable or ia5string (%d instead).",
+ "Subject name '%s' is not a utf8, printable or ia5string (%d instead).",
name, val->type));
apr_pool_destroy(l->pool);
Modified: mod_ca/trunk/mod_ca_simple.c
==============================================================================
--- mod_ca/trunk/mod_ca_simple.c (original)
+++ mod_ca/trunk/mod_ca_simple.c Sat Mar 30 12:48:12 2019
@@ -411,6 +411,9 @@
apr_pool_cleanup_null);
}
PKCS7_set_type(p7, NID_pkcs7_signed);
+
+ /* workaround to avoid :BAD OBJECT encoding in i2d_PKCS7 - https://github.com/openssl/openssl/issues/8618 */
+ p7->d.sign->contents->type=OBJ_nid2obj(NID_pkcs7_data);
/* add the generated certificate */
if (!PKCS7_add_certificate(p7, cert)) {
More information about the rs-commit
mailing list