diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 7c58e365f1..d2c60915d8 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -576,7 +576,7 @@ static void ssl_init_ctx_verify(server_rec *s, ssl_die(); } - SSL_CTX_set_client_CA_list(ctx, (STACK *)ca_list); + SSL_CTX_set_client_CA_list(ctx, (STACK_OF(X509_NAME) *)ca_list); } /* diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 229fc27d3f..ab5fb0db4e 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -250,7 +250,7 @@ int ssl_hook_Access(request_rec *r) X509_STORE *cert_store = NULL; X509_STORE_CTX cert_store_ctx; STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL; - SSL_CIPHER *cipher = NULL; + const SSL_CIPHER *cipher = NULL; int depth, verify_old, verify, n; if (ssl) { @@ -657,7 +657,7 @@ int ssl_hook_Access(request_rec *r) * sk_X509_shift-ed the peer cert out of the chain. * we put it back here for the purpose of quick_renegotiation. */ - cert_stack = sk_new_null(); + cert_stack = sk_X509_new_null(); sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert); } diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index 27fac9fdd5..8d64147227 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -632,7 +632,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var) ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize); if (ssl && strEQ(var, "")) { - SSL_CIPHER *cipher = SSL_get_current_cipher(ssl); + const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl); result = (cipher != NULL ? (char *)SSL_CIPHER_get_name(cipher) : NULL); } else if (strcEQ(var, "_EXPORT")) @@ -653,7 +653,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var) static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize) { - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; *usekeysize = 0; *algkeysize = 0; diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c index 1b5df13b33..a06b65047a 100644 --- a/modules/ssl/ssl_util_ssl.c +++ b/modules/ssl/ssl_util_ssl.c @@ -294,7 +294,7 @@ BOOL SSL_X509_isSGC(X509 *cert) #ifdef HAVE_SSL_X509V3_EXT_d2i X509_EXTENSION *ext; int ext_nid; - STACK *sk; + EXTENDED_KEY_USAGE *sk; BOOL is_sgc; int idx; int i; @@ -303,9 +303,9 @@ BOOL SSL_X509_isSGC(X509 *cert) idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1); if (idx >= 0) { ext = X509_get_ext(cert, idx); - if ((sk = (STACK *)X509V3_EXT_d2i(ext)) != NULL) { - for (i = 0; i < sk_num(sk); i++) { - ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_value(sk, i)); + if ((sk = (EXTENDED_KEY_USAGE *)X509V3_EXT_d2i(ext)) != NULL) { + for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) { + ext_nid = OBJ_obj2nid((ASN1_OBJECT *)sk_ASN1_OBJECT_value(sk, i)); if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) { is_sgc = TRUE; break; @@ -467,7 +467,7 @@ int SSL_CTX_use_certificate_chain( X509 *x509; unsigned long err; int n; - STACK *extra_certs; + STACK_OF(X509) *extra_certs; if ((bio = BIO_new(BIO_s_file_internal())) == NULL) return -1; diff --git a/support/ab.c b/support/ab.c index 4a35903228..94e8772479 100644 --- a/support/ab.c +++ b/support/ab.c @@ -480,7 +480,7 @@ static void ssl_rand_seed(void) static int ssl_print_connection_info(BIO *bio, SSL *ssl) { - SSL_CIPHER *c; + const SSL_CIPHER *c; int alg_bits,bits; c = SSL_get_current_cipher(ssl); @@ -566,7 +566,7 @@ static void ssl_proceed_handshake(struct connection *c) if (verbosity >= 2) ssl_print_info(c); if (ssl_info == NULL) { - SSL_CIPHER *ci; + const SSL_CIPHER *ci; X509 *cert; int sk_bits, pk_bits, swork; @@ -1979,7 +1979,7 @@ int main(int argc, const char * const argv[]) const char *optarg; char c; #ifdef USE_SSL - SSL_METHOD *meth = SSLv23_client_method(); + const SSL_METHOD *meth = SSLv23_client_method(); #endif /* table defaults */