From ab7cae45bc3243b93f2889896204faa24c7efbbf Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Fri, 30 Sep 2016 22:22:58 +0200
Subject: [PATCH] ssl: Use ASN1_STRING_get0_data instead of ASN1_STRING_data

The latter is deprecated, so might be removed at  some point in the
future. This also adds a compatibility wrapper for OpenSSL < 1.1.0.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
---
 common/ssl_verify.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index 601252e..a9ed650 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -33,6 +33,13 @@
 #include <string.h>
 #include <gio/gio.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+static const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *asn1)
+{
+    return M_ASN1_STRING_data(asn1);
+}
+#endif
+
 static int verify_pubkey(X509* cert, const char *key, size_t key_size)
 {
     EVP_PKEY* cert_pubkey = NULL;
@@ -182,10 +189,10 @@ static int verify_hostname(X509* cert, const char *hostname)
             const GENERAL_NAME* name = sk_GENERAL_NAME_value(subject_alt_names, i);
             if (name->type == GEN_DNS) {
                 found_dns_name = 1;
-                if (_gnutls_hostname_compare((char *)ASN1_STRING_data(name->d.dNSName),
+                if (_gnutls_hostname_compare((const char *)ASN1_STRING_get0_data(name->d.dNSName),
                                              ASN1_STRING_length(name->d.dNSName),
                                              hostname)) {
-                    spice_debug("alt name match=%s", ASN1_STRING_data(name->d.dNSName));
+                    spice_debug("alt name match=%s", ASN1_STRING_get0_data(name->d.dNSName));
                     GENERAL_NAMES_free(subject_alt_names);
                     return 1;
                 }
@@ -208,11 +215,11 @@ static int verify_hostname(X509* cert, const char *hostname)
                 alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
 
                 if ((ip_len == alt_ip_len) &&
-                   (memcmp(ASN1_STRING_data(name->d.iPAddress), ip_binary, ip_len)) == 0) {
+                   (memcmp(ASN1_STRING_get0_data(name->d.iPAddress), ip_binary, ip_len)) == 0) {
                     GInetAddress * alt_ip = NULL;
                     gchar * alt_ip_string = NULL;
 
-                    alt_ip = g_inet_address_new_from_bytes(ASN1_STRING_data(name->d.iPAddress),
+                    alt_ip = g_inet_address_new_from_bytes(ASN1_STRING_get0_data(name->d.iPAddress),
                                                            g_inet_address_get_family(ip));
                     alt_ip_string = g_inet_address_to_string(alt_ip);
                     spice_debug("alt name IP match=%s", alt_ip_string);
@@ -253,10 +260,10 @@ static int verify_hostname(X509* cert, const char *hostname)
                 continue;
             }
 
-            if (_gnutls_hostname_compare((char*)ASN1_STRING_data(cn_asn1),
+            if (_gnutls_hostname_compare((const char*)ASN1_STRING_get0_data(cn_asn1),
                                          ASN1_STRING_length(cn_asn1),
                                          hostname)) {
-                spice_debug("common name match=%s", (char*)ASN1_STRING_data(cn_asn1));
+                spice_debug("common name match=%s", (char*)ASN1_STRING_get0_data(cn_asn1));
                 cn_match = 1;
                 break;
             }