From 72f4c179d26807e1be5a257e8485886eb75a7655 Mon Sep 17 00:00:00 2001 From: Claudio Jeker Date: Wed, 9 Aug 2017 21:31:17 +0000 Subject: Use X509_pubkey_digest() like libtls to hash the keys for the TLS privsep code. This fixes interception mode (since there we rewrite the CERT which would alter the hash of the cert but the keys still remain the same). OK bluhm@ and jsing@ --- usr.sbin/relayd/ca.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'usr.sbin') diff --git a/usr.sbin/relayd/ca.c b/usr.sbin/relayd/ca.c index c4eb9162d17..b5835d503b2 100644 --- a/usr.sbin/relayd/ca.c +++ b/usr.sbin/relayd/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.27 2017/07/28 13:58:52 bluhm Exp $ */ +/* $OpenBSD: ca.c,v 1.28 2017/08/09 21:31:16 claudio Exp $ */ /* * Copyright (c) 2014 Reyk Floeter @@ -90,8 +90,8 @@ hash_x509(X509 *cert, char *hash, size_t hashlen) char digest[EVP_MAX_MD_SIZE]; int dlen, i; - if (X509_digest(cert, EVP_sha256(), digest, &dlen) != 1) - fatalx("%s: X509_digest failed", __func__); + if (X509_pubkey_digest(cert, EVP_sha256(), digest, &dlen) != 1) + fatalx("%s: X509_pubkey_digest failed", __func__); if (hashlen < 2 * dlen + sizeof("SHA256:")) fatalx("%s: hash buffer to small", __func__); -- cgit v1.2.3