On Fri, Jul 5, 2024 at 3:05 PM Ruediger Pluem <rpl...@apache.org> wrote:
>
> >>>> md_crypt.c: In function 'md_cert_get_ct_scts':
> >>>> md_crypt.c:2071:5: error: unknown type name 'SCT'
> >>>> SCT *sct_handle;
>
> This one is caused by r1918195 in >= 2.4.60. Before r1918195 OPENSSL_NO_CT
> was defined when openssl was < 1.1.1. Now it is not any
> longer and hence md_cert_get_ct_scts gets a real function body as
>
> #ifndef OPENSSL_NO_CT
>
> (line 2068) is now true. Hence we error out on the non presence of the SCT
> struct (line 2071).
Maybe something like the attached patch for this one too (which could
avoid configure tricks for both..).
Index: modules/md/md_crypt.c
===================================================================
--- modules/md/md_crypt.c (revision 1918881)
+++ modules/md/md_crypt.c (working copy)
@@ -57,12 +57,14 @@
#include <process.h>
#endif
-#if !defined(OPENSSL_NO_CT) \
- && OPENSSL_VERSION_NUMBER >= 0x10100000L \
- && (!defined(LIBRESSL_VERSION_NUMBER) \
- || LIBRESSL_VERSION_NUMBER >= 0x3050000fL)
+#if defined(OPENSSL_NO_CT)
+#define MD_NO_CT
+#elif (OPENSSL_VERSION_NUMBER >= 0x10100000L \
+ && (!defined(LIBRESSL_VERSION_NUMBER) \
+ || LIBRESSL_VERSION_NUMBER >= 0x3050000fL))
/* Missing from LibreSSL < 3.5.0 and only available since OpenSSL v1.1.x */
#include <openssl/ct.h>
+#undef MD_NO_CT
#endif
static int initialized;
@@ -2037,11 +2059,10 @@ out:
return rv;
}
+#ifndef MD_NO_CT
#define MD_OID_CT_SCTS_NUM "1.3.6.1.4.1.11129.2.4.2"
#define MD_OID_CT_SCTS_SNAME "CT-SCTs"
#define MD_OID_CT_SCTS_LNAME "CT Certificate SCTs"
-
-#ifndef OPENSSL_NO_CT
static int get_ct_scts_nid(void)
{
int nid = OBJ_txt2nid(MD_OID_CT_SCTS_NUM);
@@ -2065,7 +2086,7 @@ const char *md_nid_get_lname(int nid)
apr_status_t md_cert_get_ct_scts(apr_array_header_t *scts, apr_pool_t *p, const md_cert_t *cert)
{
-#ifndef OPENSSL_NO_CT
+#ifndef MD_NO_CT
int nid, i, idx, critical;
STACK_OF(SCT) *sct_list;
SCT *sct_handle;
