Re: [Linux] bootstrap fails with compilation error

To: pkgsrc-users <pkgsrc-users%netbsd.org@localhost>
Subject: Re: [Linux] bootstrap fails with compilation error
From: maya%netbsd.org@localhost
Date: Sun, 2 Jul 2017 17:28:49 +0000

Please try the attached diff.

Index: lib/pkcs7.c
===================================================================
RCS file: /cvsroot/pkgsrc/pkgtools/pkg_install/files/lib/pkcs7.c,v
retrieving revision 1.5
diff -u -r1.5 pkcs7.c
--- lib/pkcs7.c	2 Aug 2009 17:56:45 -0000	1.5
+++ lib/pkcs7.c	2 Jul 2017 17:27:34 -0000
@@ -55,25 +55,11 @@
 #define NS_ANY_CA		(NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
 #endif
 
-static const unsigned int pkg_key_usage = XKU_CODE_SIGN | XKU_SMIME;
+#if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#define X509_get_extended_key_usage(x) x->ex_xkusage
+#endif
 
-static int
-check_ca(X509 *cert)
-{
-	if ((cert->ex_flags & EXFLAG_KUSAGE) != 0 &&
-	    (cert->ex_kusage & KU_KEY_CERT_SIGN) != KU_KEY_CERT_SIGN)
-		return 0;
-	if ((cert->ex_flags & EXFLAG_BCONS) != 0)
-		return (cert->ex_flags & EXFLAG_CA) == EXFLAG_CA;
-	if ((cert->ex_flags & (EXFLAG_V1|EXFLAG_SS)) == (EXFLAG_V1|EXFLAG_SS))
-		return 1;
-	if ((cert->ex_flags & EXFLAG_KUSAGE) != 0)
-		return 1;
-	if ((cert->ex_flags & EXFLAG_NSCERT) != 0 &&
-	    (cert->ex_nscert & NS_ANY_CA) != 0)
-		return 1;
-	return 0;
-}
+static const unsigned int pkg_key_usage = XKU_CODE_SIGN | XKU_SMIME;
 
 static STACK_OF(X509) *
 file_to_certs(const char *file)
@@ -180,18 +166,18 @@
 		/* Compute ex_xkusage */
 		X509_check_purpose(sk_X509_value(signers, i), -1, -1);
 
-		if (check_ca(sk_X509_value(signers, i))) {
+		if (X509_check_ca(sk_X509_value(signers, i))) {
 			warnx("CA keys are not valid for signatures");
 			goto cleanup;
 		}
 		if (is_pkg) {
-			if (sk_X509_value(signers, i)->ex_xkusage != pkg_key_usage) {
+			if (X509_get_extended_key_usage(sk_X509_value(signers, i)) != pkg_key_usage) {
 				warnx("Certificate must have CODE SIGNING "
 				    "and EMAIL PROTECTION property");
 				goto cleanup;
 			}
 		} else {
-			if (sk_X509_value(signers, i)->ex_xkusage != 0) {
+			if (X509_get_extended_key_usage(sk_X509_value(signers, i)) != 0) {
 				warnx("Certificate must not have any property");
 				goto cleanup;
 			}
@@ -271,12 +257,12 @@
 	/* Compute ex_kusage */
 	X509_check_purpose(certificate, -1, 0);
 
-	if (check_ca(certificate)) {
+	if (X509_check_ca(certificate)) {
 		warnx("CA keys are not valid for signatures");
 		goto cleanup;
 	}
 
-	if (certificate->ex_xkusage != pkg_key_usage) {
+	if (X509_get_extended_key_usage(certificate) != pkg_key_usage) {
 		warnx("Certificate must have CODE SIGNING "
 		    "and EMAIL PROTECTION property");
 		goto cleanup;

Follow-Ups:
- Re: [Linux] bootstrap fails with compilation error
  - From: Mayuresh

References:
- [Linux] bootstrap fails with compilation error
  - From: Mayuresh

Prev by Date: Re: [Linux] bootstrap fails with compilation error
Next by Date: Re: [Linux] bootstrap fails with compilation error
Previous by Thread: Re: [Linux] bootstrap fails with compilation error
Next by Thread: Re: [Linux] bootstrap fails with compilation error
Indexes:

Home | Main Index | Thread Index | Old Index