Skip to content

Commit

Permalink
fix(x509.extension) correct X509V3_CTX size for OpenSSL 3.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@fffonion
fffonion committed Apr 14, 2022
1 parent e3590cf commit 0946c59
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 9 deletions.
28 changes: 25 additions & 3 deletions lib/resty/openssl/include/x509/extension.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,41 @@ require "resty.openssl.include.ossl_typ"
require "resty.openssl.include.x509v3"
require "resty.openssl.include.x509"
local asn1_macro = require "resty.openssl.include.asn1"
local OPENSSL_30 = require("resty.openssl.version").OPENSSL_30

asn1_macro.declare_asn1_functions("X509_EXTENSION")

ffi.cdef [[
struct v3_ext_ctx {
if OPENSSL_30 then
ffi.cdef [[
struct v3_ext_ctx {
int flags;
X509 *issuer_cert;
X509 *subject_cert;
X509_REQ *subject_req;
X509_CRL *crl;
/*X509V3_CONF_METHOD*/ void *db_meth;
void *db;
EVP_PKEY *issuer_pkey;
};

int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey);
]]

else
ffi.cdef [[
struct v3_ext_ctx {
int flags;
X509 *issuer_cert;
X509 *subject_cert;
X509_REQ *subject_req;
X509_CRL *crl;
/*X509V3_CONF_METHOD*/ void *db_meth;
void *db;
};
};
]]
end

ffi.cdef [[
int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
]]
9 changes: 3 additions & 6 deletions t/openssl/helper.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,9 @@ local function create_self_signed(key_opts, names, is_ca, signing_key, issuing_n
assert(cert:add_extension(extension.new("extendedKeyUsage",
"serverAuth,clientAuth")))

-- XXX seems broken in OpenSSL 3.0.2 with a double free, disabling for now
if not OPENSSL_30 then
assert(cert:add_extension(assert(extension.new("subjectKeyIdentifier", "hash", {
subject = cert,
}))))
end
assert(cert:add_extension(assert(extension.new("subjectKeyIdentifier", "hash", {
subject = cert,
}))))
end

local dgst
Expand Down

0 comments on commit 0946c59

Please sign in to comment.