1 files changed, 15 insertions, 7 deletions

diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
index 3aa695a5ea..50d70dbb88 100644
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@@ -180,6 +180,7 @@ static VALUE
 ossl_x509crl_get_signature_algorithm(VALUE self)
 {
     X509_CRL *crl;
+    X509_ALGOR *alg;
     BIO *out;
     BUF_MEM *buf;
     VALUE str;
@@ -188,7 +189,8 @@ ossl_x509crl_get_signature_algorithm(VALUE self)
     if (!(out = BIO_new(BIO_s_mem()))) {
 	ossl_raise(eX509CRLError, NULL);
     }
-    if (!i2a_ASN1_OBJECT(out, crl->sig_alg->algorithm)) {
+    X509_CRL_get0_signature(NULL, &alg, crl);
+    if (!i2a_ASN1_OBJECT(out, alg->algorithm)) {
 	BIO_free(out);
 	ossl_raise(eX509CRLError, NULL);
     }
@@ -239,7 +241,7 @@ ossl_x509crl_set_last_update(VALUE self, VALUE time)
 
     sec = time_to_time_t(time);
     GetX509CRL(self, crl);
-    if (!X509_time_adj(crl->crl->lastUpdate, 0, &sec)) {
+    if (!X509_time_adj(X509_CRL_get_lastUpdate(crl), 0, &sec)) {
 	ossl_raise(eX509CRLError, NULL);
     }
 
@@ -260,14 +262,18 @@ static VALUE
 ossl_x509crl_set_next_update(VALUE self, VALUE time)
 {
     X509_CRL *crl;
+    ASN1_TIME *tm;
     time_t sec;
 
     sec = time_to_time_t(time);
     GetX509CRL(self, crl);
     /* This must be some thinko in OpenSSL */
-    if (!(crl->crl->nextUpdate = X509_time_adj(crl->crl->nextUpdate, 0, &sec))){
+    tm = X509_time_adj(X509_CRL_get_nextUpdate(crl), 0, &sec);
+    if (!X509_CRL_set_nextUpdate(crl, tm)) {
+	ASN1_TIME_free(tm);
 	ossl_raise(eX509CRLError, NULL);
     }
+    ASN1_TIME_free(tm);
 
     return time;
 }
@@ -302,6 +308,7 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
 {
     X509_CRL *crl;
     X509_REVOKED *rev;
+    STACK_OF(X509_REVOKED) *rev_stack;
     long i;
 
     Check_Type(ary, T_ARRAY);
@@ -310,8 +317,9 @@ ossl_x509crl_set_revoked(VALUE self, VALUE ary)
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Rev);
     }
     GetX509CRL(self, crl);
-    sk_X509_REVOKED_pop_free(crl->crl->revoked, X509_REVOKED_free);
-    crl->crl->revoked = NULL;
+    rev_stack = X509_CRL_get_REVOKED(crl);
+    while ((rev = sk_X509_REVOKED_delete(rev_stack, 0)))
+	X509_REVOKED_free(rev);
     for (i=0; i<RARRAY_LEN(ary); i++) {
 	rev = DupX509RevokedPtr(RARRAY_AREF(ary, i));
 	if (!X509_CRL_add0_revoked(crl, rev)) { /* NO DUP - don't free! */
@@ -484,8 +492,8 @@ ossl_x509crl_set_extensions(VALUE self, VALUE ary)
 	OSSL_Check_Kind(RARRAY_AREF(ary, i), cX509Ext);
     }
     GetX509CRL(self, crl);
-    sk_X509_EXTENSION_pop_free(crl->crl->extensions, X509_EXTENSION_free);
-    crl->crl->extensions = NULL;
+    while ((ext = X509_CRL_delete_ext(crl, 0)))
+	X509_EXTENSION_free(ext);
     for (i=0; i<RARRAY_LEN(ary); i++) {
 	ext = DupX509ExtPtr(RARRAY_AREF(ary, i));
 	if(!X509_CRL_add_ext(crl, ext, -1)) { /* DUPs ext - FREE it */