Use X509_digest() instead of memcpy() to obtain cert fingerprint

This will continue to work even if the OpenSSL developers make the
X509* structure opaque, the current approach will not.

diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c
index 850318b2d59784fc5fdb6a42c1210d6e97047e6c..4544ad6bdd2bd8bcc7fc24fa6a19d57b71d2793b 100644 (file)
--- a/libratbox/src/openssl.c
+++ b/libratbox/src/openssl.c
@@ -33,6 +33,7 @@
 #include <openssl/ssl.h>
 #include <openssl/dh.h>
 #include <openssl/err.h>
+#include <openssl/evp.h>
 #include <openssl/rand.h>
 
 static SSL_CTX *ssl_server_ctx;
@@ -666,7 +667,8 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN])
                                res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
                                res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
                {
-                       memcpy(certfp, cert->sha1_hash, RB_SSL_CERTFP_LEN);
+                       unsigned int certfp_length = RB_SSL_CERTFP_LEN;
+                       X509_digest(cert, EVP_sha1(), certfp, &certfp_length);
                        X509_free(cert);
                        return 1;
                }