adapt to API changes in OpenSSL 0.9.8h

2 files changed, 9 insertions, 3 deletions

diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index dfbf6446017..6ee753ad1ae 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.111 2007/09/02 15:19:24 deraadt Exp $	 */
+/* $OpenBSD: x509.c,v 1.112 2008/09/06 12:22:57 djm Exp $	 */
 /* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $	 */
 
 /*
@@ -832,7 +832,13 @@ x509_cert_validate(void *scert)
 	 * we trust.
 	 */
 	X509_STORE_CTX_init(&csc, x509_cas, cert, NULL);
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+	/* XXX See comment in x509_read_crls_from_dir.  */
+	if (x509_cas->param->flags & X509_V_FLAG_CRL_CHECK) {
+		X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK);
+		X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL);
+	}
+#elif OPENSSL_VERSION_NUMBER >= 0x00907000L
 	/* XXX See comment in x509_read_crls_from_dir.  */
 	if (x509_cas->flags & X509_V_FLAG_CRL_CHECK) {
 		X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK);
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_pphrase.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_pphrase.c
index 9ece827f54a..78f4ec4a83e 100644
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_pphrase.c
+++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_pphrase.c
@@ -489,7 +489,7 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify)
         prompt = "Enter pass phrase:";
         for (;;) {
             if ((i = EVP_read_pw_string(buf, bufsize, prompt, FALSE)) != 0) {
-                PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
+                PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
                 memset(buf, 0, (unsigned int)bufsize);
                 return (-1);
             }