diff --git a/src/common/ssl.c b/src/common/ssl.c index f4e23665..31b3062e 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -152,9 +152,9 @@ int _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl) { X509 *peer_cert; + X509_PUBKEY *key; + X509_ALGOR *algor = NULL; EVP_PKEY *peer_pkey; - /* EVP_PKEY *ca_pkey; */ - /* EVP_PKEY *tmp_pkey; */ char notBefore[64]; char notAfter[64]; int alg; @@ -171,7 +171,11 @@ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl) broke_oneline (cert_info->subject, cert_info->subject_word); broke_oneline (cert_info->issuer, cert_info->issuer_word); - alg = OBJ_obj2nid (peer_cert->cert_info->key->algor->algorithm); + key = X509_get_X509_PUBKEY(peer_cert); + if (!X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key)) + return 1; + + alg = OBJ_obj2nid (algor->algorithm); sign_alg = OBJ_obj2nid (peer_cert->sig_alg->algorithm); ASN1_TIME_snprintf (notBefore, sizeof (notBefore), X509_get_notBefore (peer_cert)); @@ -297,7 +301,7 @@ _SSL_socket (SSL_CTX *ctx, int sd) __SSL_critical_error ("SSL_new"); SSL_set_fd (ssl, sd); - if (ctx->method == SSLv23_client_method()) + if (SSL_CTX_get_ssl_method (ctx) == SSLv23_client_method()) SSL_set_connect_state (ssl); else SSL_set_accept_state(ssl);