This is an automated email from the ASF dual-hosted git repository.
wzhou pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
The following commit(s) were added to refs/heads/master by this push:
new 7550eb607 IMPALA-12559 (part 2): Fix build issue for different
versions of openssl
7550eb607 is described below
commit 7550eb607c2b92b1367dc5cf5667b681d59a8915
Author: wzhou-code <[email protected]>
AuthorDate: Wed May 15 17:14:26 2024 -0700
IMPALA-12559 (part 2): Fix build issue for different versions of openssl
Previous patch calls OpenSSL API X509_get0_tbs_sigalg() which is not
available in the version of OpenSSL in ToolChain. It causes build
failures.
This patch fixes the issue by calling X509_get_signature_nid().
Testing:
- Passed jwt-test unit-test and end-end unit-test.
Change-Id: I62b9f0c00f91c2b13be30c415e3f1ebd0e1bd2bc
Reviewed-on: http://gerrit.cloudera.org:8080/21432
Reviewed-by: gaurav singh <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>
Reviewed-by: Abhishek Rawat <[email protected]>
---
be/src/util/jwt-util.cc | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/be/src/util/jwt-util.cc b/be/src/util/jwt-util.cc
index 45837276b..96a2b4424 100644
--- a/be/src/util/jwt-util.cc
+++ b/be/src/util/jwt-util.cc
@@ -386,8 +386,14 @@ Status RSAJWTPublicKeyBuilder::CreateJWKPublicKey(
BIO_free(bio);
return Status(Substitute("Invalid x5c certificate"));
}
- auto alg = X509_get0_tbs_sigalg(cert);
- int pkey_nid = OBJ_obj2nid(alg->algorithm);
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ int pkey_nid = X509_get_signature_nid(cert);
+#else
+ // Older version of OpenSSL appear not to have a public way to get the
+ // signature digest method from a certificate. Instead, we reach into the
+ // 'private' internals.
+ int pkey_nid = OBJ_obj2nid(cert->sig_alg->algorithm);
+#endif
std::string sigalg(OBJ_nid2ln(pkey_nid));
if (sigalg == "sha256WithRSAEncryption") {
algorithm = "rs256";
