Upgrade tips, from OpenSSL 0.9.6l to 0.9.8

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Upgrade tips, from OpenSSL 0.9.6l to 0.9.8

Naomaru Itoi
Hi,

First of all, thank you and congratulations for your continuous good
work for OpenSSL 0.9.8.

I have upgraded my software from using OpenSSL 0.9.6l to 0.9.8.  As I
was not able to find a document on how to do this (excuse me if it
exists), I decided to write down the steps I needed to take.  I hope
it would help somebody with a similar task, although I cannot
guarantee your success.  If you can add some tips (e.g. pointing out
what I did wrong), that would be great.  My development platform is
Windows XP SP2.

1. Add "const" to function and variable declarations

A lot of "constification" has happened between 0.9.6m and 0.9.8.
Compilation would fail because of this.  I added "const" to function
and variable declarations.  I also casted arguments to constant
values.  For example,

  d2i_X509(NULL, (unsigned char **)&cert, certLen)
  ->
  d2i_X509(NULL, (const unsigned char **)&cert, certLen)


2. Replace ERR_file_name with __FILE__

There used to be this line in err.h:

  #define ERR_file_name   __FILE__

but it does not seem to exist anymore.  I replaced ERR_file_name in my
code with __FILE__.


3. RSA_new_method(RSA_METHOD *meth), DSA_new_method(DSA_METHOD *meth)

Functions RSA_new_method() and DSA_new_method() used to take
RSA_METHOD* and DSA_METHOD*, respectably.  However, now it takes only
ENGINE*.  As a result, compilation on RSA_new_method(RSA_METHOD *meth)
would fail.  I worked around it like this.

  rsaKey = RSA_new_method(rsa_meth);
  ->
  rsaKey = RSA_new_method(NULL);
  if (rsa_meth != NULL) {
    RSA_set_method(rsaKey, rsa_meth);
  }

Same can be used for DSA_new_method.  


4. BN_CTX

This may be only me, but I used to access big numbers in BN_CTX
structure directly, i.e.,

  ctx=BN_CTX_new();
  BIGNUM *r0 = &(ctx->bn[0]);
  ...
  BN_CTX_free(ctx);

This fails with 0.9.8 because the new BN_CTX is based on a linked list
rather than an array.  I rewrote my code with BN_CTX_get().

  ctx=BN_CTX_new();    
  BN_CTX_start(ctx);
  BIGNUM *r0 = BN_CTX_get(ctx);
  ...
  BN_CTX_end(ctx);
  BN_CTX_free(ctx);
       

5. X509 definitions

Some X509 definitions now seems to be in wincrypt.h, rather than in
openssl/e_os.h.  I replaced this:

    #include <openssl/e_os.h>

with this:
   
    #include <windows.h>
    #include <wincrypt.h>


6. OPENSSL_NO_KRB5

Some of the header files in 0.9.8 wants to include krb5.h, but this
file does not seem to be in the package.  I worked around this by
compiling my code with a compile option OPENSSL_NO_KRB5.


7. X509_STORE_CTX.purpose

X509_STORE_CTX structure does not have a member "purpose" anymore.  It
is now under another member, "X509_VERIFY_PARAM *param".  I replaced
this:

  X509_check_purpose(ctx->cert, ctx->purpose, 0)

with this:

  X509_check_purpose(ctx->cert, ctx->param->purpose, 0)
 

8. SSL_CTX_set_cert_verify_callback()

The callback argument fed to SSL_CTX_set_cert_verify_callback() now
takes an additional parameter.  As I did not use this additional
parameter, I added a dummy parameter to the callback definition.

  static int callback(X509_STORE_CTX * ctx)
  ->
  static int callback(X509_STORE_CTX * ctx, void *dummy)
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]