This will continue to work even if the OpenSSL developers make the
X509* structure opaque, the current approach will not.
#include <openssl/ssl.h>
#include <openssl/dh.h>
#include <openssl/err.h>
+#include <openssl/evp.h>
#include <openssl/rand.h>
static SSL_CTX *ssl_server_ctx;
res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
{
- memcpy(certfp, cert->sha1_hash, RB_SSL_CERTFP_LEN);
+ unsigned int certfp_length = RB_SSL_CERTFP_LEN;
+ X509_digest(cert, EVP_sha1(), certfp, &certfp_length);
X509_free(cert);
return 1;
}