* Fixed a compile time issue with OpenSSL 1.0.2 in the new OCSP code.

* adjusted error string expectation for current boulder behaviour
icing · Nov 19, 2019 · 301c28b · 301c28b
1 parent 0916aca
commit 301c28b
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 4 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,6 @@
+ * Fixed a compile time issue with OpenSSL 1.0.2 in the new OCSP code.
+ * Skip port checks for domain server_rec selection when "tls-alpn-01" is configured
+   explicitly (related to #133). [@mkauf]
  * Added a sample scripts/md_message.sh on how to use `MDMessageCmd`.
 
 v2.2.3

diff --git a/configure.ac b/configure.ac
@@ -14,7 +14,7 @@
 #
 
 AC_PREREQ([2.69])
-AC_INIT([mod_md], [2.2.3], [[email protected]])
+AC_INIT([mod_md], [2.2.4], [[email protected]])
 
 LT_PREREQ([2.2.6])
 LT_INIT()

diff --git a/src/md_ocsp.c b/src/md_ocsp.c
@@ -32,6 +32,13 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 
+#if defined(LIBRESSL_VERSION_NUMBER)
+/* Missing from LibreSSL */
+#define MD_USE_OPENSSL_PRE_1_1_API (LIBRESSL_VERSION_NUMBER < 0x2070000f)
+#else /* defined(LIBRESSL_VERSION_NUMBER) */
+#define MD_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#endif
+
 #include "md.h"
 #include "md_crypt.h"
 #include "md_json.h"
@@ -566,7 +573,11 @@ static const char *single_resp_summary(OCSP_SINGLERESP* resp, apr_pool_t *p)
     ASN1_GENERALIZEDTIME *bup = NULL, *bnextup = NULL;
     md_timeperiod_t valid;
 
+#if MD_USE_OPENSSL_PRE_1_1_API
+    certid = resp->certId;
+#else
     certid = OCSP_SINGLERESP_get0_id(resp);
+#endif
     status = OCSP_single_get0_status(resp, &reason, NULL, &bup, &bnextup);
     valid.start = bup? md_asn1_generalized_time_get(bup) : apr_time_now();
     valid.end = md_asn1_generalized_time_get(bnextup);

diff --git a/src/md_version.h b/src/md_version.h
@@ -27,15 +27,15 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "2.2.3-git"
+#define MOD_MD_VERSION "2.2.4-git"
 
 /**
  * @macro
  * Numerical representation of the version number of the md module
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x020203
+#define MOD_MD_VERSION_NUM 0x020204
 
 #define MD_ACME_DEF_URL    "https://acme-v02.api.letsencrypt.org/directory"
 

diff --git a/test/test_0740_acme_errors.py b/test/test_0740_acme_errors.py
@@ -55,7 +55,7 @@ def test_740_000(self):
         assert md
         assert md['renewal']['errors'] > 0
         assert md['renewal']['last']['problem'] == 'urn:ietf:params:acme:error:rejectedIdentifier'
-        assert md['renewal']['last']['detail'] == ("Error creating new order :: Cannot issue for \"%s\": Invalid character in DNS name" % (domains[1]))
+        assert md['renewal']['last']['detail'] == ("Error creating new order :: Cannot issue for \"%s\": Domain name contains an invalid character" % (domains[1]))
 
     # test case: MD with 3 names, 2 invalid
     #