v4.30-9700-beta

SoftEtherVPN · Jul 14, 2019 · a81e4c2 · a81e4c2
1 parent 9686292
commit a81e4c2
Show file tree

Hide file tree

Showing 9 changed files with 155 additions and 151 deletions.
diff --git a/src/Cedar/Cedar.h b/src/Cedar/Cedar.h
@@ -129,7 +129,7 @@
 #define	CEDAR_VER					430
 
 // Build Number
-#define	CEDAR_BUILD					9696
+#define	CEDAR_BUILD					9700
 
 // Beta number
 //#define	BETA_NUMBER					3
@@ -150,10 +150,10 @@
 // Specifies the build date
 #define	BUILD_DATE_Y		2019
 #define	BUILD_DATE_M		7
-#define	BUILD_DATE_D		8
-#define	BUILD_DATE_HO		12
-#define	BUILD_DATE_MI		9
-#define	BUILD_DATE_SE		40
+#define	BUILD_DATE_D		13
+#define	BUILD_DATE_HO		21
+#define	BUILD_DATE_MI		37
+#define	BUILD_DATE_SE		51
 
 // Tolerable time difference
 #define	ALLOW_TIMESTAMP_DIFF		(UINT64)(3 * 24 * 60 * 60 * 1000)

diff --git a/src/CurrentBuild.txt b/src/CurrentBuild.txt
@@ -1,4 +1,4 @@
-BUILD_NUMBER 9696
+BUILD_NUMBER 9700
 VERSION 430
 BUILD_NAME beta
-BUILD_DATE 20190708_120940
+BUILD_DATE 20190713_213751
diff --git a/src/Mayaqua/Network.c b/src/Mayaqua/Network.c
@@ -5946,34 +5946,38 @@ int cb_test(int a, X509_STORE_CTX *ctx)
 	return 1;
 }
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define X509_STORE_CTX_get0_cert(o) ((o)->cert)
+#endif
+
 // Verify client SSL certificate during TLS handshake.
 //
 // (actually, only save the certificate for later authentication in Protocol.c)
 int SslCertVerifyCallback(int preverify_ok, X509_STORE_CTX *ctx)
 {
 	SSL *ssl;
 	struct SslClientCertInfo *clientcert;
+	X509 *cert;
 
 	ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
 	clientcert = SSL_get_ex_data(ssl, GetSslClientCertIndex());
 
 	if (clientcert != NULL)
 	{
-		clientcert->PreverifyErr = 0;
+		clientcert->PreverifyErr = X509_STORE_CTX_get_error(ctx);
 		clientcert->PreverifyErrMessage[0] = '\0';
 		if (!preverify_ok)
 		{
-			char *msg;
-			clientcert->PreverifyErr = X509_STORE_CTX_get_error(ctx);
-			msg = (char *)X509_verify_cert_error_string(clientcert->PreverifyErr);
-			StrCpy(clientcert->PreverifyErrMessage, PREVERIFY_ERR_MESSAGE_SIZE, msg);
+			const char *msg = X509_verify_cert_error_string(clientcert->PreverifyErr);
+			StrCpy(clientcert->PreverifyErrMessage, PREVERIFY_ERR_MESSAGE_SIZE, (char *)msg);
 			Debug("SslCertVerifyCallback preverify error: '%s'\n", msg);
 		}
 		else
 		{
-			if (ctx->cert != NULL)
+			cert = X509_STORE_CTX_get0_cert(ctx);
+			if (cert != NULL)
 			{
-				X *tmpX = X509ToX(ctx->cert); // this only wraps ctx->cert, but we need to make a copy
+				X *tmpX = X509ToX(cert); // this only wraps cert, but we need to make a copy
 				X *copyX = CloneX(tmpX);
 				tmpX->do_not_free = true; // do not release inner X509 object
 				FreeX(tmpX);