1 --- a/modules/md/md_crypt.c
2 +++ b/modules/md/md_crypt.c
3 @@ -708,23 +708,23 @@ const char *md_cert_get_serial_number(co
5 int md_cert_is_valid_now(const md_cert_t *cert)
7 - return ((X509_cmp_current_time(X509_get_notBefore(cert->x509)) < 0)
8 - && (X509_cmp_current_time(X509_get_notAfter(cert->x509)) > 0));
9 + return ((X509_cmp_current_time(X509_get0_notBefore(cert->x509)) < 0)
10 + && (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) > 0));
13 int md_cert_has_expired(const md_cert_t *cert)
15 - return (X509_cmp_current_time(X509_get_notAfter(cert->x509)) <= 0);
16 + return (X509_cmp_current_time(X509_get0_notAfter(cert->x509)) <= 0);
19 apr_time_t md_cert_get_not_after(const md_cert_t *cert)
21 - return md_asn1_time_get(X509_get_notAfter(cert->x509));
22 + return md_asn1_time_get(X509_get0_notAfter(cert->x509));
25 apr_time_t md_cert_get_not_before(const md_cert_t *cert)
27 - return md_asn1_time_get(X509_get_notBefore(cert->x509));
28 + return md_asn1_time_get(X509_get0_notBefore(cert->x509));
31 int md_cert_covers_domain(md_cert_t *cert, const char *domain_name)
32 --- a/modules/ssl/ssl_engine_init.c
33 +++ b/modules/ssl/ssl_engine_init.c
34 @@ -226,7 +226,7 @@ apr_status_t ssl_init_Module(apr_pool_t
36 apr_array_header_t *pphrases;
38 - if (SSLeay() < MODSSL_LIBRARY_VERSION) {
39 + if (OpenSSL_version_num() < MODSSL_LIBRARY_VERSION) {
40 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882)
41 "Init: this version of mod_ssl was compiled against "
42 "a newer library (%s, version currently loaded is %s)"
43 --- a/modules/ssl/ssl_engine_io.c
44 +++ b/modules/ssl/ssl_engine_io.c
45 @@ -1255,9 +1255,9 @@ static apr_status_t ssl_io_filter_handsh
46 if (dc->proxy->ssl_check_peer_expire != FALSE) {
48 || (X509_cmp_current_time(
49 - X509_get_notBefore(cert)) >= 0)
50 + X509_get0_notBefore(cert)) >= 0)
51 || (X509_cmp_current_time(
52 - X509_get_notAfter(cert)) <= 0)) {
53 + X509_get0_notAfter(cert)) <= 0)) {
54 proxy_ssl_check_peer_ok = FALSE;
55 ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c, APLOGNO(02004)
56 "SSL Proxy: Peer certificate is expired");
57 --- a/modules/ssl/ssl_engine_log.c
58 +++ b/modules/ssl/ssl_engine_log.c
59 @@ -161,10 +161,10 @@ static void ssl_log_cert_error(const cha
60 BIO_puts(bio, "(ERROR)");
62 BIO_puts(bio, " / notbefore: ");
63 - ASN1_TIME_print(bio, X509_get_notBefore(cert));
64 + ASN1_TIME_print(bio, X509_get0_notBefore(cert));
66 BIO_puts(bio, " / notafter: ");
67 - ASN1_TIME_print(bio, X509_get_notAfter(cert));
68 + ASN1_TIME_print(bio, X509_get0_notAfter(cert));
72 --- a/modules/ssl/ssl_engine_vars.c
73 +++ b/modules/ssl/ssl_engine_vars.c
74 @@ -490,13 +490,13 @@ static char *ssl_var_lookup_ssl_cert(apr
75 result = ssl_var_lookup_ssl_cert_serial(p, xs);
77 else if (strcEQ(var, "V_START")) {
78 - result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));
79 + result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notBefore(xs));
81 else if (strcEQ(var, "V_END")) {
82 - result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
83 + result = ssl_var_lookup_ssl_cert_valid(p, X509_get0_notAfter(xs));
85 else if (strcEQ(var, "V_REMAIN")) {
86 - result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs));
87 + result = ssl_var_lookup_ssl_cert_remain(p, X509_get0_notAfter(xs));
90 else if (*var && strcEQ(var+1, "_DN")) {
91 --- a/modules/ssl/ssl_private.h
92 +++ b/modules/ssl/ssl_private.h
94 #include <openssl/x509v3.h>
95 #include <openssl/x509_vfy.h>
96 #include <openssl/ocsp.h>
97 +#include <openssl/dh.h>
98 +#include <openssl/bn.h>
99 +#include <openssl/ui.h>
101 /* Avoid tripping over an engine build installed globally and detected
102 * when the user points at an explicit non-engine flavor of OpenSSL
105 @@ -652,11 +652,11 @@ static void ssl_print_cert_info(BIO *bio
107 BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1);
108 BIO_printf(bio,"Valid from: ");
109 - ASN1_UTCTIME_print(bio, X509_get_notBefore(cert));
110 + ASN1_UTCTIME_print(bio, X509_get0_notBefore(cert));
111 BIO_printf(bio,"\n");
113 BIO_printf(bio,"Valid to : ");
114 - ASN1_UTCTIME_print(bio, X509_get_notAfter(cert));
115 + ASN1_UTCTIME_print(bio, X509_get0_notAfter(cert));
116 BIO_printf(bio,"\n");
118 pk = X509_get_pubkey(cert);
119 @@ -2634,8 +2634,10 @@ int main(int argc, const char * const ar
120 CRYPTO_malloc_init();
123 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
124 SSL_load_error_strings();
127 bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
128 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);