diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2021-10-13 18:09:43 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2021-10-13 18:09:43 +0000 |
commit | 68d986a2f256c78aa38f5614680c1fc7b8d61f96 (patch) | |
tree | 89fa01bacb199c30f2dc92bb0677575ac87ec942 /usr.sbin | |
parent | 441fad48776a246792fb88574b6c1979cde489a8 (diff) |
acme-client: stop reaching into X509
Prepare for an upcoming change in libcrypto and retrieve the stack
of extensions via X509_get0_extensions(). Simplify the for loop by
relying on the fact that empty or NULL stacks have an sk_num() of 0
and -1, respectively, so the loop won't be entered and the extsz
dance is unnecessary.
ok florian
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/acme-client/revokeproc.c | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c index e3cab0cd5a2..9280b2c334f 100644 --- a/usr.sbin/acme-client/revokeproc.c +++ b/usr.sbin/acme-client/revokeproc.c @@ -1,4 +1,4 @@ -/* $Id: revokeproc.c,v 1.17 2021/01/02 19:04:21 sthen Exp $ */ +/* $Id: revokeproc.c,v 1.18 2021/10/13 18:09:42 tb Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -94,19 +94,20 @@ int revokeproc(int fd, const char *certfile, int force, int revocate, const char *const *alts, size_t altsz) { - char *der = NULL, *dercp, *der64 = NULL; - char *san = NULL, *str, *tok; - int rc = 0, cc, i, extsz, ssz, len; - size_t *found = NULL; - BIO *bio = NULL; - FILE *f = NULL; - X509 *x = NULL; - long lval; - enum revokeop op, rop; - time_t t; - X509_EXTENSION *ex; - ASN1_OBJECT *obj; - size_t j; + char *der = NULL, *dercp, *der64 = NULL; + char *san = NULL, *str, *tok; + int rc = 0, cc, i, ssz, len; + size_t *found = NULL; + BIO *bio = NULL; + FILE *f = NULL; + X509 *x = NULL; + long lval; + enum revokeop op, rop; + time_t t; + const STACK_OF(X509_EXTENSION) *exts; + X509_EXTENSION *ex; + ASN1_OBJECT *obj; + size_t j; /* * First try to open the certificate before we drop privileges @@ -164,13 +165,12 @@ revokeproc(int fd, const char *certfile, int force, * command line. */ - extsz = x->cert_info->extensions != NULL ? - sk_X509_EXTENSION_num(x->cert_info->extensions) : 0; + exts = X509_get0_extensions(x); /* Scan til we find the SAN NID. */ - for (i = 0; i < extsz; i++) { - ex = sk_X509_EXTENSION_value(x->cert_info->extensions, i); + for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { + ex = sk_X509_EXTENSION_value(exts, i); assert(ex != NULL); obj = X509_EXTENSION_get_object(ex); assert(obj != NULL); |