+++ /dev/null
---- a/mutt_ssl.c
-+++ b/mutt_ssl.c
-@@ -28,6 +28,14 @@
- #include <openssl/rand.h>
- #include <openssl/evp.h>
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#define X509_get0_notBefore X509_get_notBefore
-+#define X509_get0_notAfter X509_get_notAfter
-+#define X509_getm_notBefore X509_get_notBefore
-+#define X509_getm_notAfter X509_get_notAfter
-+#define X509_STORE_CTX_get0_chain X509_STORE_CTX_get_chain
-+#endif
-+
- #undef _
-
- #include <string.h>
-@@ -121,8 +129,8 @@ static int ssl_load_certificates (SSL_CTX *ctx)
-
- while (NULL != PEM_read_X509 (fp, &cert, NULL, NULL))
- {
-- if ((X509_cmp_current_time (X509_get_notBefore (cert)) >= 0) ||
-- (X509_cmp_current_time (X509_get_notAfter (cert)) <= 0))
-+ if ((X509_cmp_current_time (X509_get0_notBefore (cert)) >= 0) ||
-+ (X509_cmp_current_time (X509_get0_notAfter (cert)) <= 0))
- {
- dprint (2, (debugfile, "ssl_load_certificates: filtering expired cert: %s\n",
- X509_NAME_oneline (X509_get_subject_name (cert), buf, sizeof (buf))));
-@@ -331,10 +339,12 @@ static int ssl_init (void)
- }
- }
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- /* I don't think you can do this just before reading the error. The call
- * itself might clobber the last SSL error. */
- SSL_load_error_strings();
- SSL_library_init();
-+#endif
- init_complete = 1;
- return 0;
- }
-@@ -811,7 +821,7 @@ static int check_certificate_expiration (X509 *peercert, int silent)
- {
- if (option (OPTSSLVERIFYDATES) != MUTT_NO)
- {
-- if (X509_cmp_current_time (X509_get_notBefore (peercert)) >= 0)
-+ if (X509_cmp_current_time (X509_get0_notBefore (peercert)) >= 0)
- {
- if (!silent)
- {
-@@ -821,7 +831,7 @@ static int check_certificate_expiration (X509 *peercert, int silent)
- }
- return 0;
- }
-- if (X509_cmp_current_time (X509_get_notAfter (peercert)) <= 0)
-+ if (X509_cmp_current_time (X509_get0_notAfter (peercert)) <= 0)
- {
- if (!silent)
- {
-@@ -1069,7 +1079,7 @@ static int ssl_verify_callback (int preverify_ok, X509_STORE_CTX *ctx)
-
- cert = X509_STORE_CTX_get_current_cert (ctx);
- pos = X509_STORE_CTX_get_error_depth (ctx);
-- len = sk_X509_num (X509_STORE_CTX_get_chain (ctx));
-+ len = sk_X509_num (X509_STORE_CTX_get0_chain (ctx));
-
- dprint (1, (debugfile,
- "ssl_verify_callback: checking cert chain entry %s (preverify: %d skipmode: %d)\n",
-@@ -1198,9 +1208,9 @@ static int interactive_check_cert (X509 *cert, int idx, int len, SSL *ssl, int a
- row++;
- snprintf (menu->dialog[row++], SHORT_STRING, "%s", _("This certificate is valid"));
- snprintf (menu->dialog[row++], SHORT_STRING, _(" from %s"),
-- asn1time_to_string (X509_get_notBefore (cert)));
-+ asn1time_to_string (X509_getm_notBefore (cert)));
- snprintf (menu->dialog[row++], SHORT_STRING, _(" to %s"),
-- asn1time_to_string (X509_get_notAfter (cert)));
-+ asn1time_to_string (X509_getm_notAfter (cert)));
-
- row++;
- buf[0] = '\0';
projects / feed / packages.git / commitdiff