Upgrade tips, from OpenSSL 0.9.6l to 0.9.8

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Upgrade tips, from OpenSSL 0.9.6l to 0.9.8

Naomaru Itoi

First of all, thank you and congratulations for your continuous good
work for OpenSSL 0.9.8.

I have upgraded my software from using OpenSSL 0.9.6l to 0.9.8.  As I
was not able to find a document on how to do this (excuse me if it
exists), I decided to write down the steps I needed to take.  I hope
it would help somebody with a similar task, although I cannot
guarantee your success.  If you can add some tips (e.g. pointing out
what I did wrong), that would be great.  My development platform is
Windows XP SP2.

1. Add "const" to function and variable declarations

A lot of "constification" has happened between 0.9.6m and 0.9.8.
Compilation would fail because of this.  I added "const" to function
and variable declarations.  I also casted arguments to constant
values.  For example,

  d2i_X509(NULL, (unsigned char **)&cert, certLen)
  d2i_X509(NULL, (const unsigned char **)&cert, certLen)

2. Replace ERR_file_name with __FILE__

There used to be this line in err.h:

  #define ERR_file_name   __FILE__

but it does not seem to exist anymore.  I replaced ERR_file_name in my
code with __FILE__.

3. RSA_new_method(RSA_METHOD *meth), DSA_new_method(DSA_METHOD *meth)

Functions RSA_new_method() and DSA_new_method() used to take
RSA_METHOD* and DSA_METHOD*, respectably.  However, now it takes only
ENGINE*.  As a result, compilation on RSA_new_method(RSA_METHOD *meth)
would fail.  I worked around it like this.

  rsaKey = RSA_new_method(rsa_meth);
  rsaKey = RSA_new_method(NULL);
  if (rsa_meth != NULL) {
    RSA_set_method(rsaKey, rsa_meth);

Same can be used for DSA_new_method.  


This may be only me, but I used to access big numbers in BN_CTX
structure directly, i.e.,

  BIGNUM *r0 = &(ctx->bn[0]);

This fails with 0.9.8 because the new BN_CTX is based on a linked list
rather than an array.  I rewrote my code with BN_CTX_get().

  BIGNUM *r0 = BN_CTX_get(ctx);

5. X509 definitions

Some X509 definitions now seems to be in wincrypt.h, rather than in
openssl/e_os.h.  I replaced this:

    #include <openssl/e_os.h>

with this:
    #include <windows.h>
    #include <wincrypt.h>


Some of the header files in 0.9.8 wants to include krb5.h, but this
file does not seem to be in the package.  I worked around this by
compiling my code with a compile option OPENSSL_NO_KRB5.

7. X509_STORE_CTX.purpose

X509_STORE_CTX structure does not have a member "purpose" anymore.  It
is now under another member, "X509_VERIFY_PARAM *param".  I replaced

  X509_check_purpose(ctx->cert, ctx->purpose, 0)

with this:

  X509_check_purpose(ctx->cert, ctx->param->purpose, 0)

8. SSL_CTX_set_cert_verify_callback()

The callback argument fed to SSL_CTX_set_cert_verify_callback() now
takes an additional parameter.  As I did not use this additional
parameter, I added a dummy parameter to the callback definition.

  static int callback(X509_STORE_CTX * ctx)
  static int callback(X509_STORE_CTX * ctx, void *dummy)
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]