Am 03.01.18 um 09:19 schrieb Steffan Karger:
> On 03-01-18 03:22, Selva Nair wrote:
>> This is with openssl 1.0.1 and that could be the problem -- it may not
>> have EVP_PKEY_get0_RSA() in which case the compatibility interface in
>> use is probably not smart enough...
>
> Exactly this is the case I think. The following should solve the issue:
>
> --- a/src/openvpn/openssl_compat.h
> +++ b/src/openvpn/openssl_compat.h
> @@ -240,7 +240,7 @@ X509_OBJECT_get_type(const X509_OBJECT *obj)
> static inline RSA *
> EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
> {
> - return pkey ? pkey->pkey.rsa : NULL;
> + return (pkey && pkey->type == EVP_PKEY_RSA) ? pkey->pkey.rsa : NULL;
> }
> #endif
>
> (No time to properly test and send a patch now, will look into it more
> later if nobody else does.)
You are right. This is also what OpenSSL 1.1.0 does:
RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
{
if (pkey->type != EVP_PKEY_RSA) {
EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
return NULL;
}
return pkey->pkey.rsa;
}
Arne
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
