From 139607100b53c42bbde83e5047587930ad8bb63b Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Thu, 5 May 2016 16:22:59 +0900
Subject: ext/openssl: OCSP_SINGLERESP and OCSP_CERTID are also made opaque

---
 ext/openssl/extconf.rb        |  1 +
 ext/openssl/openssl_missing.h |  4 ++++
 ext/openssl/ossl_ocsp.c       | 10 ++++++----
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 83b1381b5d..a8fb2a7875 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -111,6 +111,7 @@ have_func("HMAC_CTX_reset")
 OpenSSL.check_func("RAND_pseudo_bytes", "openssl/rand.h") # deprecated
 have_func("X509_STORE_get_ex_data")
 have_func("X509_STORE_set_ex_data")
+have_func("OCSP_SINGLERESP_get0_id")
 OpenSSL.check_func_or_macro("SSL_CTX_set_min_proto_version", "openssl/ssl.h")
 
 have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h")
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 1ada5c37ca..2242eee05a 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -80,4 +80,8 @@ int HMAC_CTX_reset(HMAC_CTX *ctx);
 	CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
 #endif
 
+#if !defined(HAVE_OCSP_SINGLERESP_GET0_ID)
+#  define OCSP_SINGLERESP_get0_id(s) ((s)->certId)
+#endif
+
 #endif /* _OSSL_OPENSSL_MISSING_H_ */
diff --git a/ext/openssl/ossl_ocsp.c b/ext/openssl/ossl_ocsp.c
index 9f44bc202b..ae15d93bfa 100644
--- a/ext/openssl/ossl_ocsp.c
+++ b/ext/openssl/ossl_ocsp.c
@@ -708,8 +708,8 @@ ossl_ocspbres_add_status(VALUE self, VALUE cid, VALUE status,
 
     if(!NIL_P(ext)){
 	X509_EXTENSION *x509ext;
-	sk_X509_EXTENSION_pop_free(single->singleExtensions, X509_EXTENSION_free);
-	single->singleExtensions = NULL;
+	while ((x509ext = OCSP_SINGLERESP_delete_ext(single, 0)))
+	    X509_EXTENSION_free(x509ext);
 	for(i = 0; i < RARRAY_LEN(ext); i++){
 	    x509ext = DupX509ExtPtr(RARRAY_AREF(ext, i));
 	    if(!OCSP_SINGLERESP_add_ext(single, x509ext, -1)){
@@ -764,7 +764,7 @@ ossl_ocspbres_get_status(VALUE self)
 	status = OCSP_single_get0_status(single, &reason, &revtime,
 					 &thisupd, &nextupd);
 	if(status < 0) continue;
-	if(!(cid = OCSP_CERTID_dup(single->certId)))
+	if(!(cid = OCSP_CERTID_dup(OCSP_SINGLERESP_get0_id(single))))
 	    ossl_raise(eOCSPError, NULL);
 	ary = rb_ary_new();
 	rb_ary_push(ary, ossl_ocspcertid_new(cid));
@@ -963,10 +963,12 @@ static VALUE
 ossl_ocspcid_get_serial(VALUE self)
 {
     OCSP_CERTID *id;
+    ASN1_INTEGER *serial;
 
     GetOCSPCertId(self, id);
+    OCSP_id_get0_info(NULL, NULL, NULL, &serial, id);
 
-    return asn1integer_to_num(id->serialNumber);
+    return asn1integer_to_num(serial);
 }
 
 void
-- 
cgit v1.2.3